How do I white list U.S. IP addresses using ASNs or an easier method to block all international traffic?
Hello Linode,
I am trying to ward off all international traffic for my WordPress site. I heard the best way to accomplish this task is at the network layer.
How would I be able to use IP tables to white list U.S. IP addresses? I know the U.S. alone has more than 1 billion addresses. Due to the voluminosity can I use ASNs instead or another method without the task being too cumbersome?
Thanks in advance. Your prompt response is always appreciated!
Joe
2 Replies
First off, I want to let you know that Country IP allocations are not 100% perfect, nor are geolocation databases. This just means that no matter how the database or list is created it won't cover absolutely everything, and should not be relied upon for security.
I was able to find the following website which will automatically create the access control list based on your preferred format and country selection:
https://www.countryipblocks.net/country_selection.php
You can find lists of IP ranges by country on websites such as the following:
https://lite.ip2location.com/ip-address-ranges-by-country
https://www.nirsoft.net/countryip/
Furthermore, the following article may be helpful in importing large lists of ranges into iptables:
https://serverfault.com/questions/300691/allow-a-range-of-ips-with-iptables-from-a-file
As an aside, blocking traffic from all non-US IP addresses may be a VERY long list, which would impact performance as each connection would need to be checked against the entire list. I would suggest denying all connections by default, and allowing only US ip addresses in, just for the sake of less work to do.