Thank you. What is you mean about "ipset" ? Can you show me an example?
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello, How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by firewalld. Adding the ipset as a "source" to the blocked zone is sufficient.
# firewall-cmd --permanent --new-ipset blocked_countries # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file /path/to/file/country.txt # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries # firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The iptables extension is called "osf", i.e. operating system fingerprinting.