On Tue, 27 Feb 2007, Matthew Stringer <qube@firstnet.co.uk> wrote:-
Is it possible to configure IPTables to only allow connections from a particular country?
In a round-about way, yes.
Is there an online list of all the subnets used in each country?
Have you looked at the RIPE FTP server? They have a complete list of all allocations of the space they allocate[0], which country it's allocated to, and the list is updated on a daily basis. You can find a copy of it here: URL:ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest
I have a webserver which I only want UK residents accessing but I've not been able to determine a complete list of IP's
I'm curious as to why you'd only want it accessible by UK residents, rather than everyone. Also, any reason why you couldn't just use .htaccess to password-protect the pages? Much easier, unless you want to make it appear that there is no server running.
If I just blocked all non-RIPE addresses that would restrict me to Europe only but there doesn't seem to be a list per country, does that mean they're all mixed up?
Yes, they're very well mixed up. You'll find allocations of varying sizes allocated to a variety of countries, and in no apparent order. The fun part of doing this would be extracting the data from the list and converting it to a suitable format for iptables. The reason for the conversion? For the ipv4 entries, the data has the start IP address and the total number of IP addresses allocated. You will need to convert from that format to CIDR format. Details of the format used is here: URL:ftp://ftp.ripe.net/pub/stats/ripencc/RIR-Statistics-Exchange-Format.txt [0] They also include the daily lists for the other NICs as well, although they may be more than 24 hours old. Regards, David Bolt -- Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/ RISCOS 3.11 | SUSE 10.0 32bit | SUSE 10.0 64bit | openSUSE 10.2 32bit RISCOS 3.6 | SUSE 10.1 32bit | SUSE 10.1 64bit | openSUSE 10.2 64bit TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3a1 32bit -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org