How to block a Countries IP range with a Cisco ASA?

access-control-list cisco-asa ip-blocking

If a gigantic network object group is more to your liking than a gigantic ACL, then I guess that'd be the other option. It's the same level of ugly in the command line and in execution, but it'd make it prettier in ASDM, I suppose.

Be very careful of blanket blocks of countries; I've seen it cause some interesting issues. ("Why can't I get to Windows Update?" "Oh, you're hitting an Indonesian server, and someone blocked all of Asia")


I've created a script where all you have to do is choose an authority and it'll give you the configuration to drop into the ASA. It's incredibly accurate.

regional-asa

You can block or allow a specific region if you want. I'll be updating it soon to do specific countries but now it does authorities like ARIN, RIPE, APNIC, etc.

Related

Two DHCP Servers, Block Clients for one of them?
Script launching 3 copies of rsync
iproute: disable "tc" command
Does Intel vPro work via add-on NICs?
Using Virtualization (vmware or virtualbox) to setup ipv6 network
Resolving IP address conflicts on a LAN
How do I conditionally handle undefined SSI variables using Apache?
How do I find out what sites are using too much RAM on my linux web hosting box
Error when creating a custom ErrorDocument 404 in apache
The DNS server machine currently has no DNS domain name
Managing SSH keys between EC2 instances
How to log in as a user in p4