News Category

Hot Article

Centos7 closes and restarts the system firewall and opens firewall ports
How IID server uses Xshell to connect to Linux (centos) server
BT panel forgets the background login URL, and the solution to the security entrance verification failure
What to do if a cp: omitting directory error occurs in Linux (detailed solution)
The php domain name points to ip, how to use the specified ip address to access a server in the url request domain name in curl mode
Error connecting to MySQL: Cant connect to MySQL server (10060)

Popular Tags

How to block foreign IP access on Linux server?

Author：Benson
Category：Server Maintain
Release Time：2022-11-03

Log in to the Linux cloud server remotely through SSH, and run the following command statement to obtain the domestic IP network segment, which will be saved as /root/china_ip.txt

wget -q --timeout=60 -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /root/china_ip.txt

Save the script below as /root/allcn.sh.

mmode=$1
CNIP="/root/china_ip.txt"
gen_iplist() {
        cat <<-EOF
                $(cat ${CNIP:=/dev/null} 2>/dev/null)
EOF
}

flush_r() {
iptables  -F ALLCNRULE 2>/dev/null
iptables -D INPUT -p tcp -j ALLCNRULE 2>/dev/null
iptables  -X ALLCNRULE 2>/dev/null
ipset -X allcn 2>/dev/null
}

mstart() {
ipset create allcn hash:net 2>/dev/null
ipset -! -R <<-EOF 
$(gen_iplist | sed -e "s/^/add allcn /")
EOF

iptables -N ALLCNRULE 
iptables -I INPUT -p tcp -j ALLCNRULE 
iptables -A ALLCNRULE -s 127.0.0.0/8 -j RETURN
iptables -A ALLCNRULE -s 169.254.0.0/16 -j RETURN
iptables -A ALLCNRULE -s 224.0.0.0/4 -j RETURN
iptables -A ALLCNRULE -s 255.255.255.255 -j RETURN
iptables -A ALLCNRULE -m set --match-set allcn  src -j RETURN 
iptables -A ALLCNRULE -p tcp -j DROP 
}

if [ "$mmode" == "stop" ] ;then
flush_r
exit 0
fi

flush_r
sleep 1
mstart

Make the script executable.

chmod +x  allcn.sh

Execute the following command to start blocking foreign IP access.

/root/allcn.sh

Execute the following command to stop blocking foreign IP access.

/root/allcn.sh stop

Featured Dedicated HOT

Featured Products

Hong Kong

America

Japan

Singapore

Philippine

South Korea

Taiwan

Thailand

Vietnam

Cambodia

More Dedicated Server

More cloud server

Domain Registration

Whois Lookup

SSL Certificate

DNS Resolution

China Hong Kong

Root Administrator Access

Virtual Private Clouds

Multiple Server Locations

SSL Categories

CDN

Domains

CDN

Reference

FAQs

Help Docs

Payment Methods

After-sale Service

Online Support

Submit a Ticket

Telegram

Purchase Suggestions

Telegram

Email: sales@iid.hk

Tel: +852 3098833

API Docs

Reseller Program

About Us

Our Company

Payment Methods

Cooperation

Contact Us

Telegram Channel

Email: sales@iid.hk

Tel: +852 3098833

Latest News

2025 Lunar New Year Holiday Service Arrangements

Emergency Core Router Replacement Notification

2024 Qingming Festival Holiday Notice

Resume self-service management and online recharge services!

Announcement on Payment with USDT Tether

Latest Events

Hong Kong Dedicated Server Physical

HK Server with Multiple IPs Type Ⅰ

HK Anti DDOS Server E5-2650 Series

Japan Dedicated Server Physical

SJ Multi-IPs Server Type Ⅰ

US Anti-DDOS Dedicated Server Type I

SG Dedicated Server Type I

Manila Dedicated Server Type I

Manila Dedicated Server Type Ⅱ

LA Multi-IPs Server Type Ⅰ

Los Angeles Dedicated Server Type KⅠ

Cloud Server

Domain

SSL Certificate

CDN

Hong Kong dedicated server

HK Dedicated Server

HK Anti DDOS Server

HK Multi IP Server

HK GPU Server

Hong Kong Alibaba Cloud Server

Hong Kong host

HK-VPS-Premium

GPU Hong Kong Server

US high bandwidth server