IPTables it is then!

I'm being plagued by scripting bots hammering the living shoite out of my mail server at the moment so it's time to nail the firewall a bit. This will work on a server or workstation but it's all command-line iptables stuff - not TOO scary!

As this is a kernel function you may have to dig around a bit to get it working, especially if you have an older distro than the one I'm using (Ubuntu 12.04.1) with all updates done.

First check that iptables, xtables-addons-common and module-assistant are installed.

If anything is already installed it won't do any harm, just report that it is already latest version. The xtables-addons allow linking iptables to GEOIP which is a geographical location database.

If you don't see references to the kernel source headers being installed then follow up with this.

Now, create a directory for geolocation database, change to the xtables-addons directory and download the free Maxmind GeoIP files. This database is around 98% accurate and updated monthly.

The database needs to be extracted into a usable format so install the following module:

Run the extraction process to create all the dependent files in /usr/share/xt_geoip, these cover both IPv4 and IPv6 so you should see two new directories created (BE and LE) with files like the sample below:

Finally, add the following rules to iptables:

In Rule 1 you should substitute the country codes for those countries you want to accept connections from. The codes can be obtained from here - ISO 3166 Country Codes « Maxmind Developer Site

In Rule 2 you should substitute your own network number in CIDR format.

Now you sit back and let the packets drop like flies :)