Here is the post from a couple of months ago - Russian nodes increasing - #14 by Jacek.
When you go to that “Greg’s IT blog” website, it has a good description how to do it for Windows.
I have a dedicated folder for that PS script. In that folder, I created “zones” subfolder where I keep all country lists. As suggested on that main page, I update those countries from time to time (not that often, as just things at the edges change, but cores stay the same). I have also created a bat file to run it:
@echo off
set IMPORT_SCRIPT=.\Import-Firewall-Blocklist.ps1
echo THIS SCRIPT REQUIRES ADMIN PRIVILEDGES
echo .
set LIST=by cn hk id ir kp kr rs ru th tw ua
FOR %%? IN (%LIST%) DO (
Powershell.exe %IMPORT_SCRIPT% -inputfile zones\%%?.zone
)
You can specify whatever countries you want to block on that “set LIST=…” line, and the following for loop will block just those countries.
As that PS script is modifying system files (firewall), it needs to be run with elevated access rights.
I didn’t do too much reading to check other similar solutions, as this one seems to be clean and simple for me. As mentioned in the other thread, I went through that PS script, and when I downloaded it, it was clean. I have no reason to believe that it may be infected right now, but if you want to use it, check it out for yourself. Unfortunately, there is no checksum provided for it to compare our downloads (I may have modified mine, so would be a different one).
Unfortunately, I couldn’t find a list of offending virtual host providers, so I built my own lists based on the logs from those servers.
For Linux, I run firewallcmd on those boxes (CentOS, Rocky LInux). Although, the way I do it on those boxes are kind of messy. I guess, I need to spend more time on that task.