Hello, How can I find the IP range of countries and how can I block countries by IP address? Is it possible to block visitors by browser, operating systems or etc?
Thank you.
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello, How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by firewalld. Adding the ipset as a "source" to the blocked zone is sufficient.
# firewall-cmd --permanent --new-ipset blocked_countries # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file /path/to/file/country.txt # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries # firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The iptables extension is called "osf", i.e. operating system fingerprinting.
Thank you. What is you mean about "ipset" ? Can you show me an example?
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello, How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by firewalld. Adding the ipset as a "source" to the blocked zone is sufficient.
# firewall-cmd --permanent --new-ipset blocked_countries # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file /path/to/file/country.txt # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries # firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The iptables extension is called "osf", i.e. operating system fingerprinting.
On Wed, Sep 23, 2020 at 08:36:12PM +0000, Jason Long wrote:
Thank you. What is you mean about "ipset" ?
ipset is a firewall related ulitity.
Can you show me an example?Â
The example I gave is sufficient. The country.txt should be a file of IP addresses and masks in CIDR notation - one per line. This is a common format for "country block" lists. You can find them on various websites.
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello, How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by firewalld. Adding the ipset as a "source" to the blocked zone is sufficient.
 # firewall-cmd --permanent --new-ipset blocked_countries  # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file /path/to/file/country.txt  # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries  # firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The iptables extension is called "osf", i.e. operating system fingerprinting. _______________________________________________ firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos...
Thank you. I must install "ipset" extension or it is installed by default? I mean was about a country.txt file.
On Thursday, September 24, 2020, 05:13:32 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 08:36:12PM +0000, Jason Long wrote:
Thank you. What is you mean about "ipset" ?
ipset is a firewall related ulitity.
Can you show me an example?Â
The example I gave is sufficient. The country.txt should be a file of IP addresses and masks in CIDR notation - one per line. This is a common format for "country block" lists. You can find them on various websites.
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello, How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by firewalld. Adding the ipset as a "source" to the blocked zone is sufficient.
 # firewall-cmd --permanent --new-ipset blocked_countries  # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file /path/to/file/country.txt  # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries  # firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The iptables extension is called "osf", i.e. operating system fingerprinting.
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos...
On Thu, Sep 24, 2020 at 02:07:25PM +0000, Jason Long wrote:
Thank you. I must install "ipset" extension or it is installed by default? I mean was about a country.txt file.
If firewalld was packaged properly by your distribution then ipset should already be installed. firewalld depends upon upset.
On Thursday, September 24, 2020, 05:13:32 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 08:36:12PM +0000, Jason Long wrote:
Thank you. What is you mean about "ipset" ?
ipset is a firewall related ulitity.
Can you show me an example?ÃÂ
The example I gave is sufficient. The country.txt should be a file of IP addresses and masks in CIDR notation - one per line. This is a common format for "country block" lists. You can find them on various websites.
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver egarver@redhat.com wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello, How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by firewalld. Adding the ipset as a "source" to the blocked zone is sufficient.
ÃÂ # firewall-cmd --permanent --new-ipset blocked_countries ÃÂ # firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file /path/to/file/country.txt ÃÂ # firewall-cmd --permanent --zone block --add-source ipset:blocked_countries ÃÂ # firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or etc?
Not natively is firewalld. You'll have to use a direct rule. The iptables extension is called "osf", i.e. operating system fingerprinting.
firewalld-users mailing list -- firewalld-users@lists.fedorahosted.org To unsubscribe send an email to firewalld-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahos...
firewalld-users@lists.fedorahosted.org