As an I.T. Manager and programmer one of my biggest concerns is security. One of the most common questions I receive my clients is "Can I block entire Countries and the IP Ranges from within that country?" The answer to this question is "Yes, you can." First let's deal with getting the data. You can go out and do endless searches for the data, try to mine it from one of the five Regional Registries or take advantage of a program I wrote that does it for you. I wrote a PHP program (with a MySQL backend) that does all the data mining and processing of the data into Countries, networks, subnets, etc and then outputs it into CIDR or Netmask format. It also creates on the fly .htaccess deny lists. The data is located at Country IP Blocks at a site called Country IP Blocks dot Net. The database is searchable by IP and will produce the Network, CIDR and Netmask for the network where the IP Address belongs and the country to which it is assigned. The database data can be customized to create Cisco ACLs, .htaccess files, hosts.deny/hosts.allow files, IP Tables, IP Chains, etc. The database is refreshed at least once a day so it contains the latest possible data for 239 countries. If you use the data all I ask is a link back to the site. Please do not use the IP Block data unless you have a good understanding of routing, networking, etc. What I'd like to know from you is whether you believe the IP/Network by Country data is valuable? While blocking entire countries or networks is not a good idea for everybody there are situations where you might want to use this type of data in your firewall ACL, etc. The only current limitation on the data is the amount of data it outputs for networks within the USA. As there are over 33,000 networks and approximately 2 billion IP addresses in the USA I am limiting the output to only 7,500 networks in the USA. As I am still developing this project I would appreciate any and all feedback. Incidentally, the Country IP Block data is free to use at this time.