Hello, regarding xt_geoip Database:
Yesterday evening I implemented an IPSET called DECHCountry made with the help of the tool xt_geoip_fetch https://sourceforge.net/p/xtables-addons/xtables-addons/ci/master/tree/geoip/xt_geoip_fetch The IPSET was built from the latest Geoip2 based databases with the help of the updated scripts of these xtables-addons repository. I now have two ways to filter regarding Country IP: DROP:info:geo net:!^[DE,CH] $FW tcp ssh DROP:info:ips net:!+DECHCountry $FW tcp ssh ACCEPT:info:geo net:^[DE,CH] $FW tcp ssh - - 3/min ACCEPT:info:ips net:+DECHCountry $FW tcp ssh - - 3/min As I can see from the logs the real geoip match never matches (which should do first !). I even went back to archived /usr/share/xt_geoip/LE Data (made before maxmind dropped support of legacy .csv) that was working before (Firewall was based on Ubuntu 14.04 then) Kernel 4.4.x. since last week) Am 15.02.2019 um 11:37 schrieb Vieri Di Paola: >> root@firewall:~# geoiplookup 122.226.181.166 >> GeoIP Country Edition: CN, China > Not sure about the iptables part because I'm not using xtables-addons > 3 yet, but I believe geoiplookup is obsolete as it looks up an > outdated database. > > You should now use mmdblookup with a command such as: > > mmdblookup --file /usr/share/GeoIP/GeoLite2-City.mmdb --ip > 122.226.181.166 country iso_code > > You'll get "CN" anyway, just like with the old geoiplookup command, > but at least its getting its data from an updated source. > > Also, is this more or less how you update the geoip database for iptables > usage? > > /lib/xtables-addons/xt_geoip_dl > /lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv > > Vieri > > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users -- *Ralf Schenk* fon +49 (0) 24 05 / 40 83 70 fax +49 (0) 24 05 / 40 83 759 mail *[email protected]* <mailto:[email protected]> *Databay AG* Jens-Otto-Krag-Straße 11 D-52146 Würselen *www.databay.de* <http://www.databay.de> Sitz/Amtsgericht Aachen • HRB:8437 • USt-IdNr.: DE 210844202 Vorstand: Ralf Schenk, Dipl.-Ing. Jens Conze, Aresch Yavari, Dipl.-Kfm. Philipp Hermanns Aufsichtsratsvorsitzender: Wilhelm Dohmen ------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
