OpenWrt and blocking addresses from china

openwrtspam-preventionssh

I'm running OpenWrt on my router and I love it. My question is how do I block all china addresses from connecting to my firewall on port 22 in the router? 99.9999% of the unauthorized ssh connections are coming from there.

/K

Best Answer

I am not sure if it is a good idea to block the IP addresses of a whole nation, especially a country with a huge number of IPs as China. It will slow down your firewall, and yet it is not that effective. If you insist, here is the list of IPs belonging to China. The best way to secure your ssh server is -

  1. Change the ssh port number to a higher port number
  2. Install tools such as fail2ban , which blocks an IP after a number of failed login attempts.
  3. Use private/public key authentication.

You might find this tutorial useful.

Related Question