Limit your SSH logins using GeoIP

Before starting, make sure you have a few open SSH sessions to your box, particularly if you dont have physical access to your server. You dont want to lock yourself out!

1. Install GeoIP

yum -y install geoip

2. Install filter script

wget -O /usr/local/bin/ipfilter.sh https://gist.github.com/jokey2k/a74f56955124880749e7/raw/4992f993c4777c5f93513a7c66754b8765271bd9/sshfilter.sh

3. Make it executable

chmod +x /usr/local/bin/ipfilter.sh

4. Edit the script

Make sure you put your country in the script by editing it

vi /usr/local/bin/ipfilter.sh

5. Update hosts.deny

We want default behaviour to block all SSH traffic

sed -i '/^sshd/d' /etc/hosts.deny
echo sshd: ALL >> /etc/hosts.deny

5. Update hosts.allow

Now call our script for allow traffic from inside hosts.allow

sed -i '/^sshd/d' /etc/hosts.allow
echo "sshd: ALL: spawn /usr/local/bin/ipfilter.sh %a" >> /etc/hosts.allow

References