Hi, My rules are similar to Witek's, but I have to admit that I too have seen erroneous IP addr./country matching. I used the latest geoIP2 databases from Maxmind and xtables-addons. The xt_geoip module might be faster, but I've decided to move away from it and use ipsets instead. At least debugging is a lot simpler. I haven't detected any mismatches since, or so it seems so far.
You can import/convert Maxmind's databases to ipsets (eg. one ipset per country if you wish). Vieri _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
