Skip to content



I've been dealing with constant attacks on a mail server on a VPS coming from 2 specific countries, the only solution that worked was completely blocking these countries.

There are 2 popular geoblock providers, Maxmind and DP-IP, we can utilize them using a python library called geoipsets.


Install the following packages:

sudo apt install python3 python3.12 python3-pip python3-venv ipset

Create a python virtual environment:

python3 -m venv .venv

Verify that it works:

source .venv/bin/activate

Geoblock Config

Create a geoblock config according to the geoipsets documentation.

For example /home/user/geoipsets.conf:



Verify that it works:

source .venv/bin/activate
geoipsets -o /home/user -c /home/user/geoipsets.conf

Geoblock Script

Create a script to refresh the geoblock ipsets and recreate the iptables rules.

For example /home/user/



echo "Updating Blocklist $(date)" >> $log
source $venv_path
geoipsets -o $output_path -c $config_path >> $log

for i in $(find "${output_path}/geoipsets" -name "*.ipv*");
    name=$(basename $i)
    echo $name >> $log
    /usr/sbin/ipset flush $name >> $log
    /usr/sbin/ipset restore --exist --file $i >> $log
    command=$(if [[ $name == *ipv4 ]]; then echo "/usr/sbin/iptables"; else echo "/usr/sbin/ip6tables"; fi)
    $command -D FORWARD -m set --match-set $name src -j DROP &>/dev/null
    $command -D INPUT -m set --match-set $name src -j DROP &>/dev/null
    $command -D DOCKER-USER -m set --match-set $name src -j DROP &>/dev/null
    $command -I DOCKER-USER 1 -m set --match-set $name src -j DROP >> $log
    $command -I INPUT 1 -m set --match-set $name src -j DROP >> $log
    $command -I FORWARD 1 -m set --match-set $name src -j DROP >> $log

Verify that it works and the ipsets have been filled:

chmod +x /home/user/
sudo /home/user/
sudo ipset list RU.ipv4

Cron Scheduling

Warning - make sure you're not accidentally blocking your own access to the VPS before proceeding.

Run the geoblock script on reboot and weekly.

For example, add the following to sudo crontab -e:

20 0 * * 2 /home/user/
@reboot sleep 120 && /home/user/

Verify that it runs on reboot and weekly. There's a 2 minute delay before it applies after reboots, to give you enough time to fix a lockout.



Navigate to Firewall > Aliases > GeoIP settings and add a link to a geoblock database with your license key:

Navigate to Firewall > Aliases and create aliases with the countries you want to block or whitelist a specific country:

Name: Geoblock
Type: GeoIP (IPv4, IPv6)
Content: Select all the countries you want to block
Name: UK
Type: GeoIP (IPv4, IPv6)
Content: Select UK


Navigate to Firewall > Rules > WAN and create firewall rules:

Action: Block
Interface: WAN
Direction: in
TCP/IP Version: IPv4+IPv6
Protocol: any
Source: Geoblock
Destination: any
Description: Blocks specific countries
Action: Pass
Interface: WAN
Direction: in
TCP/IP Version: IPv4+IPv6
Protocol: TCP
Source: UK
Destination: WAN address
Destination port range: 443
Description: Whitelist UK on port 443


Create a cron job to automatically update the blocklists every day.

Navigate to System > Settings > Cron and add the following job:

Eabled: checked
Minutes: 0
Hours: 0
Day of the month: *
Months: *
Days of the week: *
Command: Update and reload firewall aliases

Last update: 2024-05-06
Created: 2024-02-18