Block Russian + Byelorussian IP ranges

ciberboy · March 21, 2022 at 3:51 PM

Hi

Need your help to understand how can I block in Libreelec IP ranges from Russia + Byelorussia.

Tried to use IPTables but it doesn't seem to work.

ciberboy · March 21, 2022 at 4:18 PM

Specifically, I need to understand how to block these IP's from a docker container

**chewitt** · March 21, 2022 at 4:59 PM

This overviews the process https://docs.rackspace.com/support/how-to…p-and-iptables/ but achieving something similar in LE would need a custom image with a number of extra pacakges baked in since you cannot install packages like Desktop Linux OS. However, I'd question the value of doing this. If you're hosting something and want to deny service to Russian/Byelorussian users; you're hosting things from the wrong OS in the first place (we would strongly advise against exposing LE to the internet, it is not designed for it). And if the use-case is blocking threats; any half-competent threat actor knows not to conduct business from IPs in their nation state (basic OpSec to avoid atttribution).

ciberboy · March 21, 2022 at 6:40 PM

Quote from chewitt

This overviews the process https://docs.rackspace.com/support/how-to…p-and-iptables/ but achieving something similar in LE would need a custom image with a number of extra pacakges baked in since you cannot install packages like Desktop Linux OS. However, I'd question the value of doing this. If you're hosting something and want to deny service to Russian/Byelorussian users; you're hosting things from the wrong OS in the first place (we would strongly advise against exposing LE to the internet, it is not designed for it). And if the use-case is blocking threats; any half-competent threat actor knows not to conduct business from IPs in their nation state (basic OpSec to avoid atttribution).

Thank you for your input.

What I'm exposing are torrents. I am fully aware that there multiple ways to mask your IP, but at least for the best of my abilities / tools available, I would block those users to get torrent pieces from me.

I do not have any other alter purpose nor the need for a fancy system.

However if this can't be accomplished, I guess I'll have to live with it.

GDPR-7 · March 22, 2022 at 11:49 AM

Quote from ciberboy

how can I block in Libreelec IP ranges from Russia + Byelorussia

is it about the ukraine war ?

if yes:

do people in countries in general have anything to do with war ?

I would recommend reading the book (german) "Schock Strategie", Naomi Klein

**Da Flex** · March 22, 2022 at 5:00 PM

GDPR-7 It's better not to ask for reasons here. We want to avoid any political discussion, because the forum is exclusively about technical support.

GDPR-7 · March 22, 2022 at 5:25 PM

Quote from Da Flex

We want to avoid any political discussion

yup, I thought that already and therefore I avoided any deeper hints apart from the book.

I'll keep that in mind for the next time.

frakkin64 · March 23, 2022 at 10:34 PM

Quote from ciberboy

What I'm exposing are torrents. I am fully aware that there multiple ways to mask your IP, but at least for the best of my abilities / tools available, I would block those users to get torrent pieces from me.

You don't really mention the torrent client, but many of them support block lists for this sort of purpose. For example, Deluge, which I would highly recommend:

Plugins/Blocklist – Deluge

It's up to you get a list of IPs. Perhaps there is an ipfilter.dat already out there, who knows. I tend to not really use torrents.