Ubuntu 18.04 block countries access to my server (ssh & nginx)

Question

Is there a way I can block entire countries by country code (such as RU and CN)?

Currently I have a UFW firewall rule enabled for every IP that tried to do shady stuff (logging in on SSH, searching for .php scripts on my nginx).

Is there a way I could block entire countries from accessing my SSH / Nginx?

I'm trying to get a solution that blocks on country code, and not IP.

Possible duplicate of I need rules to drop some malicious Apache connection - this about Apache, but if you like it the way of implementation should be similar. — pa4080, Sep 04 '18 at 20:18

score 2 · Answer 1 · answered Sep 04 '18 at 13:53

This can be done if you have modsecurity-crs installed.

Big picture, you set up nation blocking in modsecurity by activating the Block Countries feature. You will need the GeoIP database.

Once that is working, you can also ban IP addresses from those countries by adding a modsecurity rule to fail2ban (if you have that installed).

If this approach sounds like it would work for you, ping me in comments and I can expand with details.

score 1 · Answer 2 · answered Oct 06 '19 at 23:23

1

You can use iptables to block the visitors by IP address.

For specific country IP address list, you can download it free from https://www.ip2location.com/free/visitor-blocker

answered Oct 06 '19 at 23:23

Michael C.

2 Answers2