After blocking China and Korea recently I have still been getting quite a bit of scans and unfriendly traffic. Especially people who have been trying to log into my SSH servers with some simple user accounts like guest or by trying root logins. It’s purely automated and hit all my IP addresses. This comes from Japan mostly so I decided it is time to rid my world of the Japanese as well.
Problem was getting a good source for IP ranges. Turns out Maxmind publish their GeoIP Free Country database in CSV format as well, so then it was just a matter of writing up a tool to take their ranges of IP’s and create cidr notation entries and produce ipfw commands from those.
I got a bit of code from Gary Colman to do the translation from ranges to cidr notation and built that into my existing firewall builder script.
NOTE: This is a static archive of an old blog, no interactions like search or categories are current.
