Closed charlieporth1 closed 9 months ago
I am not sure, but I think subdivisions
are not supported.
As alternative or workaround, you can use this blocklist with client-blocklist
:
https://raw.githubusercontent.com/cbuijs/ripe-geo/master/countries/china.list
The lists include subdivisions and other stuff, check the repo (updated every 12h).
echo "101.68.211.2" | grepcidr -xf china.list
101.68.211.2
I am not sure, but I think
subdivisions
are not supported.As alternative or workaround, you can use this blocklist with
client-blocklist
: https://raw.githubusercontent.com/cbuijs/ripe-geo/master/countries/china.listThe lists include subdivisions and other stuff, check the repo (updated every 12h).
echo "101.68.211.2" | grepcidr -xf china.list 101.68.211.2
I am using that as well. It should be noted that I am blocking all of china including the country and some how the IP address are not being blocked. Also, your lists which I am using are not blocking them
Interesting... Could you some example IP-Addresses? So I can research it?
Mind that lots of GEO-IP databases are only up to 70-80 percent correct. Some allocated IP-Ranges for example, that "belong" to China might be splitted of to an amazon instance in USA. So allocation wise it might be right, but on usage it will never be 100% right. I find Ripe and IPDENY pretty accurate. MaxMind is pretty good in "The West" but less everywhere else. They are all very USA centric.
The hosters are very inaccurattly represented and my experience is that most "attacks" come from there:
See also: https://support.maxmind.com/hc/en-us/articles/4407630607131-Geolocation-Accuracy https://www.maxmind.com/en/geoip2-city-accuracy-comparison https://www.ip2location.com/data-accuracy https://www.bigdatacloud.com/insights/ip-geolocation-accuracy-report
In the future I also will see what is possible to include ipinfo.io data if possible/allowed.
BTW, you might want to try the "blunt axe" method and use these lists: https://raw.githubusercontent.com/cbuijs/ripe-geo/master/continents/asia.list https://raw.githubusercontent.com/cbuijs/ripe-geo/master/regions/middle-east.list
Whole of ASIA and Middle-east, you might block more than intended and break stuff...
Config issue not route-dns, Your lists work Thanks for the help @cbuijs
I'm being DNS DDOSed by the chinese and I block all of china