Block whole country to access your server
First we make an extra chain to add and flush it easily,
#iptables -N COUNTRY-FILTER
Then write a script to get the list of ips for those countries, thank to ipdbinfo.com,
#!/bin/bashCOUNTRIE="CN" #Seperate by comma, here it is only chinaWORKDIR="/root/"
#######################################
cd \$WORKDIR
wget -q --output-document=iptables-blacklist.txt
'http://ipinfodb.com/country_query.php?country='\$COUNTRIE'&output=simple&filename=blocklist.txt'
if [ -f iptables-blacklist.txt ]; then
iptables -F COUNTRY-FILTER
BLOCKDB="iptables-blacklist.txt"
IPS=\$(grep -Ev "\^#" \$BLOCKDB)
for i in \$IPS
do
iptables -A COUNTRY-FILTER -s \$i -j DROP
done
fi
rm \$WORKDIR/iptables-blacklist.txt
at last if everything was ok, add these commands:
#iptables -A INPUT -j COUNTRY-FILTER#service iptables save