Member Avatar for bosola

Hi,
I need some informations about how a country like ...Italy, UK,.. can block the access to a site of its country(under .it domain) to a the foreign host.
for example: The state "Italy" have a internet game that is legal for the people that lives in Italy, but it doesn't want that foreign people the lives in others country can access to this game.

How it can do this? (I need specific technique not political consideration). I have thinked about the dual thing, the case in which a country wants to block the access to a foreign site for its citizens...The state can impose, obligue the ISP to not respond to the Dns query to the specip game site...

Can you help me? Have you got a link that can help me?

Thanks.

  • 3 Contributors
  • 4 Replies
  • 126 Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by vincent2085

Recommended Answers

All 4 Replies

Member Avatar for sknake

You should largely disregard DNS for identifying the original of an IP address. DNS names can be set up anywhere and there is significant overhead with performing a DNS resolution on inbound IPs which will eventually plug up your server.

What you should do is find a database of IP blocks located to each country and filter the entire blocks.I suppose you could contact ISPs to do the filtering for you but you will not get in touch with every ISP and over time the rules will be 'lost' or new ISPs will start up in the country. Here is what I do to filter IP addresses:

sk:~/fw# grep ^block\. ips.block
block.se:217.210.0.0/255.255.0.0
block.se:217.215.0.0/255.255.0.0
block.se:217.211.0.0/255.255.0.0
block.nz:203.114.0.0/255.255.0.0
block.pl:83.31.0.0/255.255.0.0
block.jp:210.251.0.0/255.255.0.0
block.jp:60.36.0.0/255.255.0.0
block:64.231.106.0/255.255.255.0
block.tr:81.215.0.0/255.255.0.0
block.mx:200.76.0.0/255.255.0.0
block.peri:200.106.0.0/255.255.0.0
block.ch:80.218.0.0/255.255.0.0
block.it:212.171.0.0/255.255.0.0
block.de:217.85.0.0/255.255.0.0

The ip2nation database should give you a comprehensive list of IP blocks belonging to each country.

Member Avatar for bosola

You should largely disregard DNS for identifying the original of an IP address. DNS names can be set up anywhere and there is significant overhead with performing a DNS resolution on inbound IPs which will eventually plug up your server.

What you should do is find a database of IP blocks located to each country and filter the entire blocks.I suppose you could contact ISPs to do the filtering for you but you will not get in touch with every ISP and over time the rules will be 'lost' or new ISPs will start up in the country. Here is what I do to filter IP addresses:

sk:~/fw# grep ^block\. ips.block
block.se:217.210.0.0/255.255.0.0
block.se:217.215.0.0/255.255.0.0
block.se:217.211.0.0/255.255.0.0
block.nz:203.114.0.0/255.255.0.0
block.pl:83.31.0.0/255.255.0.0
block.jp:210.251.0.0/255.255.0.0
block.jp:60.36.0.0/255.255.0.0
block:64.231.106.0/255.255.255.0
block.tr:81.215.0.0/255.255.0.0
block.mx:200.76.0.0/255.255.0.0
block.peri:200.106.0.0/255.255.0.0
block.ch:80.218.0.0/255.255.0.0
block.it:212.171.0.0/255.255.0.0
block.de:217.85.0.0/255.255.0.0

The ip2nation database should give you a comprehensive list of IP blocks belonging to each country.

1)If I have understood correctly, a governement should require/constrain the administrator of the "game site" or better the ISP that handles the servers and lodge the site:
" to set a list of IP adresses of the all countries that it doesn't want allow to access at the site and put a rule to deny the requests from the Ip in the black list" right? The ISP can do this adding a rule in to the .htacces file, right?

2) But, you have written "block.de:217.85.0.0/255.255.0.0" its means that you block all the german host, but how can you know all the IP of German host?

thanks

Member Avatar for sknake

1) The government shouldn't be in the middle of this unless its China/Iran and they're trying to censor internet access to promote their propoganda but that is another matter entirely.

2) No that does not block all german hosts, that is merely one subnet of .de IP ranges.

You should read my last post. I indicated there is a database called "ip2nation". You should get that database which lists IP ranges for each country, select the countries you want to block, and implement the firewall rules. This will depend on what type of edge device (router) you have.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.