0

Hi,
I need some informations about how a country like ...Italy, UK,.. can block the access to a site of its country(under .it domain) to a the foreign host.
for example: The state "Italy" have a internet game that is legal for the people that lives in Italy, but it doesn't want that foreign people the lives in others country can access to this game.

How it can do this? (I need specific technique not political consideration). I have thinked about the dual thing, the case in which a country wants to block the access to a foreign site for its citizens...The state can impose, obligue the ISP to not respond to the Dns query to the specip game site...

Can you help me? Have you got a link that can help me?

Thanks.

3
Contributors
4
Replies
5
Views
8 Years
Discussion Span
Last Post by vincent2085
0

You should largely disregard DNS for identifying the original of an IP address. DNS names can be set up anywhere and there is significant overhead with performing a DNS resolution on inbound IPs which will eventually plug up your server.

What you should do is find a database of IP blocks located to each country and filter the entire blocks.I suppose you could contact ISPs to do the filtering for you but you will not get in touch with every ISP and over time the rules will be 'lost' or new ISPs will start up in the country. Here is what I do to filter IP addresses:

sk:~/fw# grep ^block\. ips.block
block.se:217.210.0.0/255.255.0.0
block.se:217.215.0.0/255.255.0.0
block.se:217.211.0.0/255.255.0.0
block.nz:203.114.0.0/255.255.0.0
block.pl:83.31.0.0/255.255.0.0
block.jp:210.251.0.0/255.255.0.0
block.jp:60.36.0.0/255.255.0.0
block:64.231.106.0/255.255.255.0
block.tr:81.215.0.0/255.255.0.0
block.mx:200.76.0.0/255.255.0.0
block.peri:200.106.0.0/255.255.0.0
block.ch:80.218.0.0/255.255.0.0
block.it:212.171.0.0/255.255.0.0
block.de:217.85.0.0/255.255.0.0

The ip2nation database should give you a comprehensive list of IP blocks belonging to each country.

0

You should largely disregard DNS for identifying the original of an IP address. DNS names can be set up anywhere and there is significant overhead with performing a DNS resolution on inbound IPs which will eventually plug up your server.

What you should do is find a database of IP blocks located to each country and filter the entire blocks.I suppose you could contact ISPs to do the filtering for you but you will not get in touch with every ISP and over time the rules will be 'lost' or new ISPs will start up in the country. Here is what I do to filter IP addresses:

sk:~/fw# grep ^block\. ips.block
block.se:217.210.0.0/255.255.0.0
block.se:217.215.0.0/255.255.0.0
block.se:217.211.0.0/255.255.0.0
block.nz:203.114.0.0/255.255.0.0
block.pl:83.31.0.0/255.255.0.0
block.jp:210.251.0.0/255.255.0.0
block.jp:60.36.0.0/255.255.0.0
block:64.231.106.0/255.255.255.0
block.tr:81.215.0.0/255.255.0.0
block.mx:200.76.0.0/255.255.0.0
block.peri:200.106.0.0/255.255.0.0
block.ch:80.218.0.0/255.255.0.0
block.it:212.171.0.0/255.255.0.0
block.de:217.85.0.0/255.255.0.0

The ip2nation database should give you a comprehensive list of IP blocks belonging to each country.

1)If I have understood correctly, a governement should require/constrain the administrator of the "game site" or better the ISP that handles the servers and lodge the site:
" to set a list of IP adresses of the all countries that it doesn't want allow to access at the site and put a rule to deny the requests from the Ip in the black list" right? The ISP can do this adding a rule in to the .htacces file, right?

2) But, you have written "block.de:217.85.0.0/255.255.0.0" its means that you block all the german host, but how can you know all the IP of German host?

thanks

0

1) The government shouldn't be in the middle of this unless its China/Iran and they're trying to censor internet access to promote their propoganda but that is another matter entirely.

2) No that does not block all german hosts, that is merely one subnet of .de IP ranges.

You should read my last post. I indicated there is a database called "ip2nation". You should get that database which lists IP ranges for each country, select the countries you want to block, and implement the firewall rules. This will depend on what type of edge device (router) you have.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.