I finally got fed up with China based hack attempts on the office server so I did something about:

#!/bin/bash
for i in `lynx --dump http://blackholes.us/zones/country/china.txt | awk '{print $2}'`
do
	iptables -A INPUT -s $i -j DROP
done

Addendum

I had to make a slight change to the iptables ruleset.  This change allows you to talk to a china based ip address, but refuses to allow them to start the conversation:

for i in `lynx --dump http://blackholes.us/zones/country/china.txt | awk '{print $2}'`
do
        iptables -A INPUT -s $i -p tcp --destination-port 0:1023 -j DROP
        iptables -A INPUT -s $i -p udp -j DROP
done

This entry was posted on Thursday, July 29th, 2004 at 6:04 pm and is filed under Geek Stuff. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.