First google result: http://www.datacentermap.com/datacenters.html
OK, the problem was solved (in PM) by the following way:
iptables -I INPUT 1 -i lo -j ACCEPTiptables -I INPUT 2 -m state --state RELATED,ESTABLISHED -j ACCEPTip6tables -I INPUT 1 -i lo -j ACCEPTip6tables -I INPUT 2 -p ipv6-icmp -j ACCEPTip6tables -I INPUT 3 -m state --state RELATED,ESTABLISHED -j ACCEPT
Actually, hetzner was blocked itself :)
Sorry, the forum eats the spaces (edited commands above)
🙄
The command:
iptables -L -n -v | grep -v "0 0"
and
ip6tables -L -n -v | grep -v "0 0"
will show blocking counters. Can you restart nginx several times and monitor what counter increases because of this?
Dram, have you tried to add the rule above for ipv6? My current version is: ipv6 stack is blocked, so ocsp.comodoca.com can't be accessed by the address 2a02:1788:2fd::b2ff:5301.
To confirm this version, run:
wget http://ipv6.google.com
if it will fail, thats it.
Dram, if you hosted by the hosting company banned by this script, you should have the following rule first:
ip6tables -I INPUT 1 -p icmpv6 -j ACCEPT
or an entire ipv6 stop working. I've mentioned it in the first post.
Try to add that rule, does it helps?
TF-Studio, https://roem.ru/11-03-2011/117088/yandeks-slil-svoy-intranet-v-google/
Almost no impact on load thanks to ipset.
Yes, just run a new version.
P.S. To uninstall the script if needed (rollback changes), run:
iptables -F ; ip6tables -F; ipset destroy
There are many russian providers in this script. For example, marosnet (ihor.ru)
update: 7 companies added; comments for small networks added
