|
Hi, I have a dedicated web server in the US and it is receiving a lot of bogus requests from China, Brazil, Turkey.
From the log I see they are trying to brute force dovecot.
I host a website on this server, so I need dovecot just to read the emails customers send to me. This means I'm the only user of dovecot.
I thought to use geoip with iptables to ban all accesses to dovecot from countries other than mine.
I'm no expert of iptables and googling I found that it is possible to use it with geoip to specify which countries to ban. What i want, however, is to allow only accesses from my country. This way I don't need to add new rules to iptables every time a new ip from a non banned country attacks me.
From what I understand, iptables uses the -j DROP switch to send matching packets to hell. What i want is to send non matching patterns to hell.
This way I use -m geoip --src-c my_country_code and I need to drop all packets from countries that are not my own.
|
