There is certain traffic that I don’t want to be able to see any of my websites. There are certain countries (which will remain nameless) where nearly all hack attempts come from. Not only do they try to hack me all the time, but a certain Communist Asian country loves to copy my website and translate into their country’s language. This certain country is also not part of my demographic, so I receive no benefit for them lurking on my servers. They are, for all intents and purposes, a complete waste of traffic and a security risk.
So, I’ve been configuring the firewall to ban each IP this country uses. I’ve been doing it one by one, which takes some time. Well, I finally figured out a way to do a bulk import, and it appears to be working. There was a time there where I was really holding my breath, because it took several minutes until the firewall interface responded again. I looked at the logs, and IPs that I had just imported are being dropped.
I’ve been keeping track of all the IPs that have tried malicious things to my servers, but didn’t really have a good way to deal them until I installed the hardware firewall. I hold a grudge, and I ban this traffic with extreme prejudice. Now their traffic is dropped like a Prom Baby in a toilet.
Also, I really don’t trust a lot of spam that have “unsubscribe” links. If I never signed up for a particular service, then I assume that these are just honeypots to confirm that I’m a real mail user, which just makes their spam campaign more effective. Now if there is some troublesome spam that I just can’t get rid of through normal means, I’ll ban that IP range. Any email that I get that is in a foreign language automatically goes on my ban list.
Now that I’ve gotten this working, I will be adding a new segment to the “How to build a custom Linux firewall” guides on how to banish troublesome traffic and do a bulk import.