Blocking entire IP blocks

Hi forum members,
I'm learning linux on a server I've leased for that purpose. Can anyone tell me how to block IP addresses from entire regions or countries, such as Indonesia, Korea, China, etc?

I just get too many suspicious probes from those areas.

Thanks... toodles,
Diana

You´ll get "suspicious probes" from all over the world soon. If you want to block the whole world, just don´t get on-line.

Better keep your software up-to-date and read some security mailing lists so you know which software needs to be upgraded / disabled until a upgrade is available.

Many people all over the world use dynamic IPs. If you block them, they´ll come back with another IP address within 24 hrs. If you block a whole country, they´ll come back using proxys in another country.

Most "suspicious probes" as you call them are virii (or worms). They´ll spread all over the world and there is no way to prevent them trying to take over your box too. As said earlier, keep your software up-to-date and you don´t need to worry about them.

To answer your question and satisfy your curiosity:
When you add rules to your ip chains, you can supply a network mask. This is used to mark a whole range of IPs. e.g.

192.168.1.1/24 is 192.168.1.0 - 192.168.1.255
192.168.1.1/16 is 192.168.0.0 - 192.168.255.255

the number after the slash is the bits that will be taken for checking if a IP falls into the range or not.
i.e. 24 bits = only the first three bytes are checked, the fourth byte can be any value = 192.168.1.0 - 192.168.1.255

This is called a "netmask". They (netmasks) can also be expressed in a more IP-like manner: 255.255.255.0 (three bytes "1", one byte "0" - same as above. do you get the idea?)

M.

I get your point. And I agree with you under present world circumstances.

I'll keep my attention focused on updated software, and read some of the security mailing lists.
Explained in terms even my dyslexic, chemically imbalanced brain can decipher. I am most appreciative for your consideration.

Diana