(06-19-2020, 07:39 PM)Hidden Refuge Wrote: Have you already tried https://www.ip2location.com/free/visitor-blocker ?

At "Download List" select your country, IPv4 or IPv6 and then at "Output Format" select "Linux iptables".

You will get a text file with commands to black a ton of ranges from selected country. Just upload that text file to your server, rename it to sh and run it with bash. It should execute the commands. If you want them to stick permanently I would recommend to use iptables-persistent.

iptables-persistent (reference - just look it up yourself for your specific OS):
- http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html
- https://linuxconfig.org/how-to-make-iptables-rules-persistent-after-reboot-on-linux

For firewalld hm... you could use find and replace to modify the commands in the file but it would still require more editing to make the permanent.

(06-20-2020, 02:32 AM)deanhills Wrote: @sAmI  Although I know where you are coming from with country block, hope you are calculating in that it will take resources from your VPS that can create a drag on it.  Country block is not recommended when you are worried about slow down of a VPS.  

If you are worried about being hammered by a group of script kiddies, maybe it's better to do the blocks by IP ranges if you can.

I don't know what Firewall protection you are using, but just in case, here's a link to a tutorial for installing and configuring Config Server Firewall (CSF) on Ubuntu.  If you already have your own protection, maybe you will find some tips in the tutorial on commands for blocking IP ranges.
https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu

(06-20-2020, 08:34 AM)Hidden Refuge Wrote: @sAmI

What did you expect? You are about to block several million of IP addresses, or even several ten million (maybe even hundreds of million depending on country) IP addresses. This will take a while even if they are getting blocked based on subnetting.

So what should you do? Wait, maybe? Perhaps.

(06-20-2020, 12:49 PM)sAmI Wrote: I will try CSF , I'm currently using OVH and i contacted them to they sadi to enable the firewall from their panel and set the mitigation mode to permanent i hope that helps, Well most of the time free booters and paid booters does not actually work on my VPS though, The type of DDOS i'm receiving is different, Everything is working fine, I can use the VPS as well but the TeamSpeak3 goes down only. I'm not sure why is that my first thought it would be some type of TeamSpeak3 exploit (there was one in a previous version), I quickly updated the server to the latest where it was patched but still, I used TCPDUMP on 9987 port (TeamSpeak3 port), I saw unusual IPs other than Pakistan ones which i know about. I searched it was different but it was attacking my IP address as i received a notifcation from OVH as well.


@Hidden Refuge, I tried executing the smallest file which had almost totally less IPs! Well, I will try that as well. I will also wait for it.