Developer Oracles » IIS ban country http://devoracles.com Sun, 21 Mar 2010 11:05:37 +0000 http://wordpress.org/?v=2.9.2 en hourly 1 Blocking IPs or even countries on Windows systems using IPSec http://devoracles.com/blocking-ips-or-even-countries-on-windows-systems-using-ipsec/178 http://devoracles.com/blocking-ips-or-even-countries-on-windows-systems-using-ipsec/178#comments Sat, 13 Sep 2008 18:41:14 +0000 Gary Illyes http://devoracles.com/?p=178 First get IPSec installed. It comes with XP’s SP2 so if you didn’t do it yet, install SP2. If you’re on a server version of windows, this can be tricky as you first install IPSec on a XP then you run the command from XP’s “Program Files/Support” folder.

So, to block one single IP, write this in command prompt:

ipseccmd -f [IP.YOU.WANT.BLOCK/255.254.0.0=*]

This will block the B class IP you specify in the command.

To see if your blocking attempt was a success, type:


ipseccmd show filters

If you see the IP you typed in the previous command, you’re good.

Now let’s block a whole country. First obtain a list with the country’s IPs you want to block. The easiest way possibly is still blockacountry.com, generate the .htaccess then remove the unwanted words with a text editor using batch replace. Then create a .bat file and for every IP you got from the above website, write on separate lines

ipseccmd -f [IP.YOU.WANT.BLOCK/255.254.0.0=*]

On a side note, blockacountry.com provides the IPs in CDIR format. Since IPSec is a Microsoft application and due to this, is a bit dumb, you have to convert the IPs from CDIR format to standard plus subnet mask.
I explain with an example:


127.0.0.1/15 becomes 127.0.0.1/255.254.0.0

And that was all. As always, if you need help, shout.

]]> http://devoracles.com/blocking-ips-or-even-countries-on-windows-systems-using-ipsec/178/feed 0