So China got caught (again) doing what every country on the planet with more than a 56K dialup connection to the Internet does and now there’s a big stink about espionage and all the hacking attempts coming from there.

Duh!

There’s an easy solution to this issue.  Snag my script and start blocking China (or any other country) in and out of any in/out point of any of your networks that might have things you don’t want shared with Beijing.

What’s that?  You do business or need to be contacted by folks over there?  Great!  Snag my script, protect your real networks, and put a completely isolated web site, mail server, whatever else you need out there in a datacenter that has no connections to your main networks so that even if it gets compromised, who cares.

If you’re not a small fry, you can still use the data provided by the nice folks over at IPDeny to build a rule set for your hardware firewall or other device.

Really people, this isn’t that hard.

I’ve been hacking around with this for a while now and have it in a workable state.  It’s a script that grabs the latest netblocks for the configured countries from IPDeny.com and loads them in to IPTables rules.  It’s perl and depends on you having the IPTables::IPv4 module installed, but it’s fast and just blocking China and Korea has cut way down on my spam and intrusion attempts.