If you’ve run your own server then you may have wished you could just block entire countries from it. You know, like China. Also Russia and most of Eastern Europe probably. In addition to accessing your website you don’t want those countries constantly hacking you and trying to use your server as a spam relay or whatever, this script right here is your friend. You modify it however you want, execute it or lay it in as a cron job to grab fresh IP ranges regularly, it grabs the IP ranges of interest from some site that might be legit and somewhat up to date and then pumps the CIDR ranges through iptables for you. You can use iptables on Android by the way, so I imagine this script as well, if you want to try to dodge the Chinese in both directions. Or if this PRISM stuff spooks you, you can let everyone in except the US. That will surely stop the feds (not really).

If you’ve just got a website and want to keep certain countries off your site, and you don’t administer the actual server, but you just don’t like the Portuguese and want nothing to do with them, here’s a site that spits out a list of the CIDR ranges you want to paste into your .htaccess file in the web root of your site and you’re good to go. It also can give you a flat list, allow directives and iptables-friendly rules. These lists are probably not very complete and the Chinese often use proxy servers and VPNs, so, not that foolproof.

I’m by no means a security expert, so if this sort of thing, messing with your firewall, is something you don’t want to risk screwing up, you might want to ignore this and get such help from a pro. And only run scripts, especially as root, that you have read through and understand fully, whether on a server, your computer, glasses or phone. That script for example relies on some other site’s database of IP ranges, so theoretically someone could compromise that other site and end up getting your server to block everything including you, then you’re screwed. But I’d wager your more likely to get screwed by the Chinese directly. What’s up with those people, you know?

Previous articleImagine
Next articleIs Windows Phone being discriminated against?
Biographical info.. hmm. I have a history of not being able to strike the balance between what is "safe" to put into these forms and what is, in my mind at least, funny. Can't do it.