On 3/5/2019 6:28 AM, Ryan Joiner wrote: > On 3/4/2019 8:55 PM, Ryan Joiner wrote: >> On 3/4/2019 7:41 PM, Ryan Joiner wrote: >>> Hello there, I see a bunch of documentation on getting shorewall to >>> work with GeoIP on Debian but I'm not finding much on Redhat. I'm >>> wondering if there are .rpm packages available for CentOS 7? Or if >>> there is any good how to out there that you have used and worked well?
I don't use RPM packages! https://centos.pkgs.org/7/lux/xtables-addons-2.12-1.el7.lux.x86_64.rpm.html >> >> >> I'm sorry, to be more specific I'm referring to getting xtables-addons >> installed. It seems for CentOS 7 I might need to build from source >> code but would prefer if there were trusted RPM's out there. I found >> some but they won't install due to requiring kmod and I can't find one >> that will work as it's dependency. >> >> Thank you! >> > > I'm so sorry for the dumb questions, I'm a newbie at geoip. I instead > created an ipset named "us" and then did a rule in blrules > > BLACKLIST:info net:!+us all > > and this appears to be working based off my logs. > > Is there anything dumb about this vs. using the xt_geoip and > xtables-addons method? > https://serverfault.com/questions/929850/geoip-vs-ipset-performance-in-iptables "The iptables geoip extension requires a third party kernel module which may or may not even be available on any given system. But ipset is part of the kernel. – Michael Hampton♦ Sep 7 '18 at 11:53" HTH. -Matt -- Matt Darfeuille _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
