Good morning,
I'm running Shorewall 5.2.3.4 which is current as per Ubuntu 20.04
distribution.
I have just installed xtables-addons which I had working on an earlier
system (Ubuntu 16.04, Shorewall 5.1.6). It seems there has been a change
from the maxmind country database to db-ip.com.
After running xt_geoip_dl (the patched version that references db-ip) and
xt_geoip_build I get a series of files {country code}.iv4 and .iv6 in
/usr/share/xt_geoip/ So far so good. However, when I add to shorewall/rules:
Ping(ACCEPT) dirty:^[CA,US] $FW
and run shorewall check I get ERROR: GEOIPDIR (/usr/share/xt_geoip/LE) does
not exist /usr/share/shorewall/macro.Ping (line 9)
And indeed, there are no subdirectories LE and BE as there were before.
If I move the .iv4 and .iv6 files to a subdirectory LE and run shorewall
restart I get:
Could not open /usr/share/xt_geoip/AO.iv4: No such file or directory
iptables-restore v1.8.4 (legacy): Could not read geoip database
ERROR: iptables-restore Failed. Input is in
/var/lib/shorewall/.iptables-restore-input
Terminated
If I put duplicate copies of the files in both /usr/share/xt_geoip/ and in
the subdirectory LE, everything appears to work.
Is this a bug in shorewall? or in the Ping macro? or in xt_geoip_build?
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
