Fail2ban/iptables - Allow selected countries only

Posted December 13, 2014 3.1k views


On Ubuntu, is it possible to add location based rules to Fail2ban and/or iptables? I’d like to block all SSH, SMTP, IMAP, etc. connections attempts except these incoming from selected countries.

For example, I know the countries where the few people I need to allow SSH for are located.


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Here is a great walkthrough of some simple SSH security:

In your case, of note is the TCP Wrapper section:

From what I have read you can just set hosts.deny to:


and then add the IP’s of the users you want to allow…

I would be keen to hear other ideas on this as well.