Hi,
I'd like to add Russia to ban list in Keyhelp firewall.
Is there any tutorial/guide on how to ban a country in keyhelp?
Thanks in advance.
Banning a Country in KeyHelp
Re: Banning a Country in KeyHelp
Hello,
out of the box, there is no efficient way to do this, beside manual configurations. Using "ipset" and so on...
For the sake of completeness, you could do the following - Warning that may be highly inefficient and will not automatically update, if the Russian IP space changes:
1) Get a list of Russian IP address masks
2) Within the KeyHelp-Firewall, put a new rule to at first position
2.1) Direction: "Incoming traffic"
2.2) Action: "Deny / Reject"
2.3) Sources: Put your list of IP address masks here.
(the list may be to long for the input field, after saving, check if it was truncated, and may add a second (third, ...) rule to be able to put all address masks there)
3) Apply the rules and check the server load
Like I sad, this may be inefficient, however as i blocked china for testing purpose some year ago, i did not notice any issues.
It depends on how much computing power your server has and how busy he is in general.
out of the box, there is no efficient way to do this, beside manual configurations. Using "ipset" and so on...
For the sake of completeness, you could do the following - Warning that may be highly inefficient and will not automatically update, if the Russian IP space changes:
1) Get a list of Russian IP address masks
2) Within the KeyHelp-Firewall, put a new rule to at first position
2.1) Direction: "Incoming traffic"
2.2) Action: "Deny / Reject"
2.3) Sources: Put your list of IP address masks here.
(the list may be to long for the input field, after saving, check if it was truncated, and may add a second (third, ...) rule to be able to put all address masks there)
3) Apply the rules and check the server load
Like I sad, this may be inefficient, however as i blocked china for testing purpose some year ago, i did not notice any issues.
It depends on how much computing power your server has and how busy he is in general.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Banning a Country in KeyHelp
Hi,
Thank you for answering, if I want to block /24 will this work as well?
https://imgur.com/a/o7u45DL
Thank you for answering, if I want to block /24 will this work as well?
https://imgur.com/a/o7u45DL
Re: Banning a Country in KeyHelp
Yes, this is a network mask notation, and it will work (like it is indicated in the text above the input field).
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Banning a Country in KeyHelp
Do I need to put something in ports as well?
Or leave it as it is (blank)
https://imgur.com/a/bGuPqEt
Or leave it as it is (blank)
https://imgur.com/a/bGuPqEt
Re: Banning a Country in KeyHelp
It depends what you want to achieve:
1) You can leave it blank and everything (access to SSH, Websites, FTP, Mail, ...) on your server will be blocked for those IP addresses.
2) If you put in a port - for example 22 (= SSH) - than only the services listening on the specified port(s) will be blocked for the IP addresses.
In this example (Port 22), the specified IP addresses will not be able to connect via SSH, but they still can see your websites etc.
To help you out and if you are unsure: You may want to post a screenshot of all firewall rules after you have applied them. So that the community can check whether you have set up your rules correctly, because the order of the rules also matters.
1) You can leave it blank and everything (access to SSH, Websites, FTP, Mail, ...) on your server will be blocked for those IP addresses.
2) If you put in a port - for example 22 (= SSH) - than only the services listening on the specified port(s) will be blocked for the IP addresses.
In this example (Port 22), the specified IP addresses will not be able to connect via SSH, but they still can see your websites etc.
To help you out and if you are unsure: You may want to post a screenshot of all firewall rules after you have applied them. So that the community can check whether you have set up your rules correctly, because the order of the rules also matters.
Mit freundlichen Grüßen / Best regards
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Alexander Mahr
**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Re: Banning a Country in KeyHelp
Apologies for bumping my old topic, just want to confirm if I have these settings set correctly.
Here is the custom rules I added:
https://imgur.com/a/wOnFdrr
https://imgur.com/a/t5h8hU8
And Firewall:
https://imgur.com/a/3FfHzWx
Hopefully, I have it setup properly.
Here is the custom rules I added:
https://imgur.com/a/wOnFdrr
https://imgur.com/a/t5h8hU8
And Firewall:
https://imgur.com/a/3FfHzWx
Hopefully, I have it setup properly.
Re: Banning a Country in KeyHelp
You can (and should) add image as attachments.
a) They will exist as long as this board exists (so, for sure longer than any images at free hosters).
b) People are annoyed by watching the adds for no reason besides you are not using the options of this board.
a) They will exist as long as this board exists (so, for sure longer than any images at free hosters).
b) People are annoyed by watching the adds for no reason besides you are not using the options of this board.
Cheers Micha
--
A Windows user reinstalls software every few weeks.
A Linux user reinstalls software every few weeks.
The difference is with Linux the version numbers change.
--
A Windows user reinstalls software every few weeks.
A Linux user reinstalls software every few weeks.
The difference is with Linux the version numbers change.
Re: Banning a Country in KeyHelp
I have added the images here now.
- Attachments
-
- Firewall Status
-
- Country Ban
-
- Single IPs
Re: Banning a Country in KeyHelp
Thank you, Chalipa, that looks much nicer an we don't have to click each link.
In my opinion, that IP-filter setting look good.
In my opinion, that IP-filter setting look good.
Cheers Micha
--
A Windows user reinstalls software every few weeks.
A Linux user reinstalls software every few weeks.
The difference is with Linux the version numbers change.
--
A Windows user reinstalls software every few weeks.
A Linux user reinstalls software every few weeks.
The difference is with Linux the version numbers change.
Re: Banning a Country in KeyHelp
This could become handy here:
https://www.ip2location.com/free/visitor-blocker
Select e.g. "Russia" and "CIDR" as Output Format and you can simply Copy/Paste the subnets to be blocked.
https://www.ip2location.com/free/visitor-blocker
Select e.g. "Russia" and "CIDR" as Output Format and you can simply Copy/Paste the subnets to be blocked.
Re: Banning a Country in KeyHelp
https://www.ipdeny.com/ipblocks/
RUSSIAN FEDERATION (RU) [download ru.zone] Size: 166.83 KB (10930 IP blocks)
This should be used with different (separate) ipset blacklists (too much stuff for IP blocking via KH Firewall)
However, this will not have a major impact as attackers are increasingly using compromised or rented western servers to attack other internal networks from within ...
RUSSIAN FEDERATION (RU) [download ru.zone] Size: 166.83 KB (10930 IP blocks)
This should be used with different (separate) ipset blacklists (too much stuff for IP blocking via KH Firewall)
However, this will not have a major impact as attackers are increasingly using compromised or rented western servers to attack other internal networks from within ...
Re: Banning a Country in KeyHelp
How many different sets do you think they should be devided to?Ralph wrote: ↑Fri 17. Jan 2025, 12:34 https://www.ipdeny.com/ipblocks/
RUSSIAN FEDERATION (RU) [download ru.zone] Size: 166.83 KB (10930 IP blocks)
This should be used with different (separate) ipset blacklists (too much stuff for IP blocking via KH Firewall)
However, this will not have a major impact as attackers are increasingly using compromised or rented western servers to attack other internal networks from within ...
Re: Banning a Country in KeyHelp
I am blocking about > 200,000 IP addresses ... so ipset chains w/ optimized hashsize & maxelem
use a separate chain for each country (e.g. max. 50000-60000 per chain).
there are a few scripts available on github (untested)
https://github.com/mkorthof/ipset-country
Re: Banning a Country in KeyHelp
Maybe Alexander or someone from keyhelp can explain a little how many IP's (MAX) can be put in ONE rule?