Xenophobic firewalls
Sounds controversial, no?
I was working away on my Linux server today trying to get something random working. Making little progress I resorted to the log files to see if I could figure out where I was going wrong. Alas, I could not see the wood for the trees. The trees in the instance being failed attempts to logon to a popular daemon I've got running, by some unknown person located somewhere in China (completely unrelated to the matter in hand).
This threw me slightly as I've been running the wonderful Fail2Ban filter successfully for quite sometime. After restarting things and it still not working I realised I hadn't turned it on for this process (doh).
The vast majority of attacks against my server are from abroad - and that's massively abroad. China, Korea, Russia all feature heavily in these sort of attacks (which has changed from 2003). This got me thinking, why not just block the entire countries on my firewall? It's not a server running anything public, just dev stuff for my own use. I've never been to any of these countries, so why would I want to be wanting to allow access to anybody else there?
As it happens, fail2ban does an excellent job as it is, but if I ever get the inclination, it seems I can now do just this. All thanks to the GeoIP filter for NetFilter (this Linux kernel network filtering gizmo).