Hi. On Sun, Aug 14, 2022 at 04:07:03PM +0200, Matthias Böttcher wrote: > how do I block these ip ranges?
The usual way. iptables -I INPUT -s <offending_ip_block> -p tcp --dport 22 \ -m conntrack --ctstate NEW -j DROP or, if the source IP is an actual IPv6 (a rare thing in my experience): ip6tables -I INPUT -s <offending_ip_block> -p tcp --dport 22 \ -m conntrack --ctstate NEW -j DROP Add your favorite way to persist these between host reboots, and you're set. > Which source can I use to determine the geo location of ip addresses? whois, geoiplookup, even https://bgp.he.net . Whatever works, basically. Last one is my favorite as it shows all IP blocks assigned to AS. Really helpful with spammer nests such as outlook.com (AS8075) or DigitalOcean (AS14061). > Is there a Debian packet? For the first two - sure. You'll need whois and geoip-bin. Installing iptables is assumed. Reco