Re: Country to IP range list

[Erik Norgaard <norgaard () locolomo org>]

Kevin Barzdaitis wrote:

> I have a situation here where specific services shall be offered ONLY to
> specific countries. I think of blocking all IP addresses (on the firewall)
> for specific servers and allowing only IP ranges by Country. I was wondering
> if there exists publicly available list of "Country to IP ranges". I was
> only able to find "IP to Country" mappings, but i need to check every
> address specifically.

RIPE/LACNIC/APNIC/ARIN has lists published with the assignment of ip- 
ranges. From this you can pick out any country you like and get the 
corresponding ip-ranges - they are not assigned in nice chunks though.

You should be aware that this doesn't solve your whole problem, people 
can still connect through proxies, and some ranges are not assigned to 
countries but rather to organisations/purposes, eg. 24/8 to cable 
internet providers.

If interested, I have a perl script you can hack up, specify countries 
as command line options and it concattenates the corresponding ip-ranges 
to output the minimal number of lines. Only works for ipv4 though.

Cheers, Erik

--
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2