Ubuntu 12.04 LTS , GeoIP, IPTables & UFW
My Ubuntu webserver is getting lots of unwanted attention. I enabled UFW and started blocking individual IP addresses, this was OK for a while but soon became a chore & wasn't really working.
Looking for something better, I installed the xtables-addons / GeoIP databases. It all installed fine. To block all traffic from outside of the UK (I know this seems extreme but it's where I want to start) I ran this command:
iptables -A INPUT -m geoip ! --src-cc GB -j DROP
Running iptables -L , it definitely looks like the rules are being applied but I'm not 100% sure. Looking at my Apache logs it looks like I'm still getting traffic from Iran/China/Russia etc. Is there anyway to test this? (I thought about asking my boss to fly somewhere but I don't think he'd be agreeable) - I haven't touched UFW, could it's rules conflict with the iptables rules?
I'd be grateful for any pointers...