Blocking countries via iptables

With all of the scanning / noise on the Internet, it’s nice to get rid of a large chunk of it simply by blocking an entire country’s worth of IP space. To do that you can simply use a kernel module for iptables called “xtables-addons”. On Debian/Ubuntu it’s pretty easy to get going, just apt-get install the needed perl library and the addons themselves:
apt-get install libtext-csv-xs-perl xtables-addons-common !Warning: This does require proper linux headers to be available to compile the kernel module.

*** This is a Security Bloggers Network syndicated blog from Room362 authored by Room362. Read the original post at: http://feedproxy.google.com/~r/Room362com/~3/NAlpzOZRj80/