Watcher 1.3 available through the online shop for a 5 EURO donation.
Watcher 1.3.1 -currently under testing- introduced GEOIP
Under test IPSETs for China, Russia are filled-in with IP addresses from the free rendition at
The data files are separately sorted by country code and any of the XX-aggredated.zone files should be chosen as these come in CIDR notation.
One can download any of the XX-aggregated.zone files and provide them in $MASTERPATH/geo/...
Watcher will then do the rest automatically.
root@vmd28527 geo]# pwd /root/bin/Watcher/geo # ls -la total 228 drwxr-xr-x 2 root root 4096 Mar 2 2022 . drwxr-xr-x 10 root root 4096 Sep 4 14:10 .. -rw-r--r-- 1 root root 1445 Mar 2 2022 by-aggregated.zone -rw-r--r-- 1 root root 81309 Feb 25 2022 cn-aggregated.zone -rw-r--r-- 1 root root 16 Mar 2 2022 kp-aggregated.zone -rw-r--r-- 1 root root 131846 Feb 25 2022 ru-aggregated.zone root@vmd28527 geo]# ipset -n list | grep geo geo-by geo-cn geo-kp geo-ru
In order to disable a '*.zone' file modify the ending to '*.zone-disable'; e.g. by
moving (renaming) the file.
# mv by-aggregated.zone by-aggregated.zone-disable
As a result the amount of attacks drops by about 60% only for China (cn) and Russia (ru)