On 12/08/2020 05:25 PM, Steve Wilson wrote: > > On 09/12/2020 00:01, Grant Taylor wrote: >> On 12/8/20 4:44 PM, Steve Wilson wrote: >>> I use this as the first step to limit ssh access to one of my >>> servers: `iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! >>> --src-cc GB -m comment --comment "Drop SSH from outside GB" -j DROP` >> >> Has the geoip match extension been updated to take into account >> MaxMind discontinuing their GeoLite database and the need to support >> GeoLite2? >> > The xt_geoip_dl script grabs a csv from > https://db-ip.com/db/download/ip-to-country-lite. I imagine there's a > method for dealing with maxmind's new version and converting to csv if > they don't already provide one for the paid service. > > Steve
Creating ACL based on those internet sources eg. https://www.countryipblocks.net/acl.php is not reliable. I pulled a list of Russian and Ukrainian IPs from the above link and checking some of them, I found these two (and possibly more) are French IPs: deny from 212.114.16.0/24 deny from 212.114.17.0/24 If "geoip" database is based on similar sources the hole project is not a reliable control method.
