how I can block a whole host (internet provider), or allow only one country for ssh login?
Best Answer
1.) Lookup the IP addresses of a specific ISP:
You'll have to use Google and search WHOIS records. You can also get hold of an ip2location database which should help.
2.) The command you need is: $ iptables -A INPUT -s 192.168.100.0/24 -j DROP
Replace the IP (192.168.100.0) with your start IP of the range to block and the number afterwards with a netmask (see: http://www.computerhope.com/jargon/n/netmask.htm to work out what number you need) depending on how far you want to go, block-wise.
I tried the timestamp option of ping, and it looks like the ICMP type remains at 8 and that the timestamp request is apart of the IP options. This is probably why you are not filtering the requests since they look just like regular echo requests to iptables.
There is a match extension called ipv4options you might want to explore for blocking the timestamps.
Best Answer
1.) Lookup the IP addresses of a specific ISP:
You'll have to use Google and search WHOIS records. You can also get hold of an ip2location database which should help.
2.) The command you need is:
$ iptables -A INPUT -s 192.168.100.0/24 -j DROP
Replace the IP (192.168.100.0) with your start IP of the range to block and the number afterwards with a netmask (see: http://www.computerhope.com/jargon/n/netmask.htm to work out what number you need) depending on how far you want to go, block-wise.