Cybersecurity attacks are constantly increasing and simple IP/port-based policies are no longer enough. GeoIP is a popular technique used to limit access to selected resources from specific locations, and IP blocklists contain lists of IP addresses that have a low reputation and for which communications (from/to) should be forbidden on healthy networks. In addition to this, IP addresses that have shown malicious behaviour (e.g. multiple service failures or WordPress attack attempts) should also be blocked.

This talk introduces ipt_geofence, an open-source tool for Linux and FreeBSD that combines in one tool IP geofencing, service (e.g. SSH, Web and mail) analysis, and blocklists. It allows malicious hosts to be blocked and hence protect services in a simple way without having to use multiple tools and complex administration practices to implement what ipt_geofence offers out of the box.