DaveBOn Friday I made a change to prod on my home server. It is now only accessible from Aussie IP addresses. Previously only a couple of countries were blocked. I'm using a combination of #geoipset, #ipset & #iiptables. If you are considering doing this yourself be aware of three things:
- don't forget to allow the local network access
- you will need to keep this updated as apparently addresses can change countries.
- expect a couple of things to break. Making the change on Friday gave me the weekend to discover what I borked. So far it appears only updates - for some odd reason that was using an off-shore source. This was easy enough to fix.
@ivantodorov
Have a play with #geoipset and take a look at the country file sizes it creates. For example I was previously blocking China (cn) for causing too much traffic. I was surprised that the cn file was a lot smaller than Australia (au).