Country CIDR IP ranges

In my previous post I have showed how to easily generate IP range assigned to some country. I have modified this previous script to generate IP blocks for all countries and put it online for free download and usage.

You can find them here http://www.iwik.org/ipcountry/ This list is generated daily at 12:00 CET.

This list can be used for example on mikrotik router to block/allow access from specified countries.

To import country range, for example Slovak ranges, as firewall address-list use commands

/tool fetch url=http://www.iwik.org/ipcountry/mikrotik/SK
/import file-name=SK

mikrotik-country-fw

 

24 thoughts on “Country CIDR IP ranges

  1. I compared your AF list to one from IP2Location and your’s is very short. Can you explain why?

  2. Hi, in previous post you can see script to generate rage for specific country. It is based on data provided by Regional Internet Registries (RIR, eg. RIPE, ARIN…). At lower lever (LIR) sometimes small subnets are sub-alocated to other countries and this ranges can be missing in this list. Other services (like IP2Location) are probably using aditional sources (geoip database?) to extend their lists.
    Meanwhile I have found similar service for free with extented sources of data, check https://ip.ludost.net/

  3. Hi,

    On this website, they provides aggregated route : http://ipdeny.com/ipblocks/ If you could update your script to pull the data from this website it would be very usefull. It would reduce the load on our Mikrotik router instead of having 6900 routes there is 3600 routes once aggregated.

    Thx !

  4. Hi, you can find php script which generates mikrotik rules from country lists here http://www.iwik.org/ipcountry/mikrotik.phps
    You can edit it to download IP list from url you need and then put it on some (your) php hosting. I will not do that, because I don’t want my server doing requests to ipdeny server.

  5. Hi Thank you for this site, it makes life so easy and I am glad that you are hosting this for the community, I have however noted one issue, If it sees a duplicate the script stops running it doesn’t finish the whole list. Do you have a work around for this? Thank you

    Mario

  6. Hey! Thank you very much for your work!

    I have a little problem, and I hope you could help me :)

    Scope: I need to get several coutntries IP’s and put them in one list (White_list), so I decided to download your script, litle modified it and uploaded it on my hosting.

    The problem is that my url “http://mydomain.com/mikrotik/GB” does not work, it works only with url like “http://mydomain.com/mikrotik/index.php?country=GB” but in this case in the router file list i get file with name “index.php?country=GB”

    I think there is some .htaccess solution or something else..

  7. Now, this is a nice idea of course, but you should explain about the major security risk which users will create when using your scripts directly on their mikrotik routers.

    At any point in time you might add commands to those scripts which can do totally different things than only modifying address list. I mean you could be opening up ports or adding users, etc…

    Now assuming that you are uploading these generated scripts to iwik.org:
    You might have good intentions uploading the scripts to that web, but what if someone gets access to the bucket which contains all those scripts and uploads different versions which can do harm.

    In general the idea is nice, the execution however is not so well done as seen from a security perspective.

    I don’t expect you to post a fix for this, as when I decide to use something like this, I will build this on my own. But you should at least mention the fact that using these scripts from iwik.org without some very well done sanity checking is a major security risk.

  8. Hi,
    I need a country IP Network List. While i am surfing on the internet, i saw your web address named http://www.iwik.org/ipcountry/. I have a question for this. Are they updated list for the whole network of any country ? Can you help me for that ?

    Thanks for your interest,
    Thank you…

  9. Can you add address block 5.39.220.3 to Netherlands?
    I am getting port scans from there and according to whois its located in NL.
    Thanks

  10. Hi, if run import on MikroTik device, when error: failure: already have such entry

  11. RSC:
    :foreach i in={“AM”; “AT”; “AZ”; “BE”; “BY”; “CA”; “CH”; “CZ”; “DE”; “DK”; “EE”; “ES”; “EU”; “FI”; “FR”; “GB”; “GE”; “IE”; “IL”; “IT”; “KG”; “KZ”; “LI”; “LT”; “LU”; “LV”; “MD”; “MK”; “PL”; “PT”; “RO”; “RU”; “SE”; “SZ”; “TM”; “TR”; “UA”; “UZ”; “NL”; “US”; “TH”} do={
    #/tool fetch url=”http://www.iwik.org/ipcountry/mikrotik/$i” mode=http;
    /import file-name=$i;
    }

  12. Thank you for your work – unfortunately we still have to support RDP into some workstations for our clients, and setting an allow line for our country seriously reduces the automated foreign attacks. =)

  13. Hi, thank you for your service, a very valuable thing. But there is a supplement. Lacking a separate file in Central Asia, the Former Soviet Union and other United countries

  14. Hello,
    Very Good .
    Special thanks .

    But I have a problem = How I can Update this list in my firewall Address Lists ?
    Can I do this work automatically ?

  15. I am not able to find the IP of UK and UAE.
    Can you provide same.
    Thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>