I would like to block all countries except mine in iptables, that is a list with about 100.000 Entries.
How can I define this blacklist file in a script, so iptables blocks all those IP ranges?
Maybe I can use: http://www.ipdeny.com/ipblocks/data/countries/ that provides lists in the form
117.55.192.0/20
117.104.224.0/21
119.59.80.0/21
121.100.48.0/21
...
I want to be able to change the blacklistfile easily without having to change the iptables-script.
Best Answer
Take a look at
ipset
I think this is exactly what you are looking for. ipset extension