Fail2ban/iptables - Allow selected countries only

December 13, 2014 2.2k views


On Ubuntu, is it possible to add location based rules to Fail2ban and/or iptables? I’d like to block all SSH, SMTP, IMAP, etc. connections attempts except these incoming from selected countries.

For example, I know the countries where the few people I need to allow SSH for are located.


1 Answer

Here is a great walkthrough of some simple SSH security:

In your case, of note is the TCP Wrapper section:

From what I have read you can just set hosts.deny to:


and then add the IP’s of the users you want to allow…

I would be keen to hear other ideas on this as well.

Have another answer? Share your knowledge.