Personally for incoming connections I'd rather just block everything by default then create an IP allow list consisting of addresses and networks I manage or know about.

Other than that incoming access (particularly for private storage or content) is by (keypair-based) VPN only.

It's all rather tangential to the OP's question anyway but for the sake of technical correctness, the most dangerous sources are those controlled under botnets which by definition are not tied to any single geographical regions.

In reply to a post by ian72:

It isn't false comfort. By blocking by "country" you are able to exclude a large percentage of hackers from Russia and China. Some will still get in. Some people in allowed countries will not be able to access. But, as a blunt tool it can help in giving a level of protection that is probably about 80-90% accurate.

That's false comfort exemplified.

In reply to a post by prlzx:

It's all rather tangential to the OP's question anyway but for the sake of technical correctness, the most dangerous sources are those controlled under botnets which by definition are not tied to any single geographical regions.

Exactly.

I disagree. It is providing a level of protection - it is by no means perfect but it will reduce risk to some extent. Some mitigation is better than none.

Agreed. No one is stating using Country Blocks is the silver bullet but it does absolutely reduce the surface area of attack considerably.

Edited by nofappingway (Tue 16-Jul-24 17:36:26)