Blocking ip addresses in firewall.

[el pescador]

Hello.
Is it possible to block a range of ip addresses eg. 72.200.*.* in the firewall?

Also does anyone know a list of ip addresses which are allocated to each country?

What i want to do is block the ps4 from accepting games (fifa) from certain countries or isps as i usually have trouble.

eg.french players always seem to have faster players and better response in game...after doing a bit of reading seems like france telecom has brilliant qos code which is "secret".
Problem is when ever i play them they never seem to get the issues i get...so simply want to block em.

 

[sfx2000]

Yes you can - you'll have to specify a range - IPTables can do CIDR...

IP ranges with countries in IPv4 space are pretty well defined - normally I go after SSH scans and block them specifically - without regards to country, just easier that way...

Here's my current list of SSH scanners - they have no business hitting my ssh port

This should quiet your logs for a bit - just add them to your iptables drop list...

103.41.177.0/24
103.41.177.0/24 
104.148.0.0/17 
104.168.0.0/17
104.168.7.160/27 
104.243.16.0/20
104.255.64.0/21
111.119.207.0/24 
111.192.0.0/12
111.192.0.0/12 
113.96.0.0/12 
114.143.216.112/29 
116.16.0.0/12 
116.224.0.0/12 
117.128.0.0/10
117.128.0.0/10 
119.144.0.0/14
119.164.0.0/14 
119.176.0.0/12 
119.81.130.0/29 
121.128.0.0/11
121.16.0.0/13 
123.56.0.0/15 
124.224.0.0/16 
125.212.224.0/20 
125.88.0.0/13 
13.104.0.0/14 
13.64.0.0/11
13.96.0.0/13
14.144.0.0/12 
14.160.0.0/18
14.160.64.0/19
141.138.156.0/22
146.0.74.128/27
146.0.74.160/29
146.0.74.168/30
146.0.74.172/32
163.172.0.0/16
163.172.0.0/16 
164.132.65.192/26
169.54.244.64/27 
180.96.0.0/11
182.240.0.0/13 
185.110.132.0/24
195.154.0.0/17 
198.98.96.0/19
202.67.208.0/20
202.67.224.0/20 
208.39.0.0/17 
212.83.128.0/20
212.83.128.0/20 
213.247.0.0/19 
221.232.0.0/14
222.184.0.0/13
37.189.0.0/17 
40.112.0.0/13
40.120.0.0/14
40.124.0.0/16
40.125.0.0/17   
40.125.0.0/17 
40.74.0.0/15
40.76.0.0/14
40.80.0.0/12
40.96.0.0/12
42.114.0.0/20 
52.32.0.0/11 
54.228.0.0/15
62.210.128.0/17 
77.222.152.0/21 
85.93.5.0/24 
89.21.208.0/20
91.224.160.0/23 
92.222.35.0/24 
95.141.47.0/24 
95.163.128.0/17 
95.163.64.0/18

 

[el pescador]

Thanks.
Can i use (eg) 13.160.*.* to block a range?

 

[sfx2000]

Thanks.
Can i use (eg) 13.160.*.* to block a range?

Depends on the vendor - many times you can do a WHOIS query on the IP - whois will return what the range of that domain is.. for example;

sfx@blaster:~$ whois 111.119.207.5
% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '111.119.207.0 - 111.119.207.255'
inetnum:        111.119.207.0 - 111.119.207.255

That range in CIDR format is 111.119.207.0/24

Some firewalls need ranges, others need the range in CIDR format, and others may accept wildcard entries - check the vendor document to be certain

 

[el pescador]

Im on merlins firmware.
Looks like i can only block individuals???

 

[sfx2000]

Just remember that in your use case - online gaming - if the game server is not under your control, you can't block those fast guys from france from joining the game - that's not how it works - the server admin there would have to block them, and that probably wouldn't happen unless they were somehow cheating/violating game terms of service, etc... then the banhammer might be used..

 

[System Error Message]

I remember that there are some routers that do what you ask not by blocking but by filtering. They help you connect to game servers/game lobbies that are near or stop you from connecting to servers with bad ping. I've cautioned this about p2p based games like GTA 5 because there are many players in a session but fifa is usually just a 2 player game so this could apply even if it uses p2p.

 

[el pescador]

Ok thanks.
Very helpful even if i cant solve those advantaged players.

 

[sfx2000]

Depends on how the game is hosted/designed - as @System Error Message says - some games that are P2P based, then updating IPTables can help...

 

[System Error Message]

what i mean is that for a 2 player p2p game this sort of filtering works as it prevents you from going into a game with another player with bad latency. I find it quite annoying that laggy players get the advantage in online gaming too. Some games try to smooth things out that being the player with better hardware and internet even projectiles that miss you still hit.