http://lmgtfy.com/?q=how+to+block+china 229 Million results. Pretty sure this has been done before. As with all block-by-IP-range solutions, consider the issues around: - Keeping the blocklist current - IP allocations change - False Positives. Or you could simply do your best to keep the system 'unhackable'. Run secure (patched and current) software, with only externally reachable services listening, and other ports/protocols blocked, etc etc. Not all Internet users in China are malicious. Not all malicious Internet users are in China either. Mark. On 8/12/2013 11:22 a.m., Don Gould wrote:
Hi,
I've got a machine that's been hacked twice in the past week from IP ranges in China.
I have it behind a Mikrotik router.
There is no reason for anything outside of NZ and AU to be looking at this box so I'm keen to just block the rest of the world from it.
I'm currently thinking an address list to just block out the world or an address list to include Au and Nz.
Keen for ideas.
D