Re: Block visitor by countries.
Thank you.
What is you mean about "ipset" ?
Can you show me an example?
On Wednesday, September 23, 2020, 03:13:02 PM GMT+3:30, Eric Garver
<egarver(a)redhat.com> wrote:
On Wed, Sep 23, 2020 at 10:40:52AM -0000, Jason Long wrote:
Hello,
How can I find the IP range of countries and how can I block countries by IP address?
IP ranges are available online in "ipset" format. This can be used by
firewalld. Adding the ipset as a "source" to the blocked zone is
sufficient.
# firewall-cmd --permanent --new-ipset blocked_countries
# firewall-cmd --permanent --ipset blocked_countries --add-entries-from-file
/path/to/file/country.txt
# firewall-cmd --permanent --zone block --add-source ipset:blocked_countries
# firewall-cmd --reload
Is it possible to block visitors by browser, operating systems or
etc?
Not natively is firewalld. You'll have to use a direct rule. The
iptables extension is called "osf", i.e. operating system
fingerprinting.