Open main menu

My Notepad β

IPtables Xtables Geoip

Using GeoIP with IP Tables

Source

Follow the steps below and you will have an updated geoip database in /usr/share/xt_geoip.

apt-get install xtables-addons-common libtext-csv-xs-perl
mkdir ~/geoip_csv
cd ~/geoip_csv
/usr/lib/xtables-addons/xt_geoip_dl
mkdir /usr/share/xt_geoip
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv

Running the command below will test if the iptables module is installed properly.

iptables -m geoip --help

Here's an example of how to use it with iptables:

#
# Jump to GeoIP chain
#
-A filter-incoming -j filter-geoip

#
# BEGIN filter-geoip
#
-A filter-geoip -m geoip --source-country KR,CN,IN,RU,SA,TR,VN,UA,BR,VE,PK,JP,DE,IT  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country A1,A2,AD,AE,AF,AG,AI,AL,AM,AO,AP,AQ,AR,AS,AT  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country AU,AW,AX,AZ,BA,BB,BD,BE,BF,BG,BH,BI,BJ,BL,BM  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country BN,BO,BQ,BR,BS,BT,BW,BY,BZ,CA,CC,CD,CF,CG,CH  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country CI,CK,CL,CM,CN,CO,CR,CU,CV,CW,CX,CY,CZ,DE,DJ  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country DK,DM,DO,DZ,EC,EE,EG,ER,ES,ET,EU,FI,FJ,FK,FM  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country FO,FR,GA,GB,GD,GE,GF,GG,GH,GI,GL,GM,GN,GP,GQ  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country GR,GS,GT,GU,GW,GY,HK,HN,HR,HT,HU,ID,IE,IL,IM  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country IN,IO,IQ,IR,IS,IT,JE,JM,JO,JP,KE,KG,KH,KI,KM  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country KN,KP,KR,KW,KY,KZ,LA,LB,LC,LI,LK,LR,LS,LT,LU  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country LV,LY,MA,MC,MD,ME,MF,MG,MH,MK,ML,MM,MN,MO,MP  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country MQ,MR,MS,MT,MU,MV,MW,MX,MY,MZ,NA,NC,NE,NF,NG  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country NI,NL,NO,NP,NR,NU,NZ,OM,PA,PE,PF,PG,PH,PK,PL  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country PM,PN,PR,PS,PT,PW,PY,QA,RE,RO,RS,RU,RW,SA,SB  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country SC,SD,SE,SG,SH,SI,SJ,SK,SL,SM,SN,SO,SR,SS,ST  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country SV,SX,SY,SZ,TC,TD,TF,TG,TH,TJ,TK,TL,TM,TN,TO  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country TR,TT,TV,TW,TZ,UA,UG,UM,UY,UZ,VA,VC,VE,VG,VI  -j filter-geoip-dropnlog
-A filter-geoip -m geoip --source-country VN,VU,WF,WS,YE,YT,ZA,ZM,ZW  -j filter-geoip-dropnlog
#
# END filter-geoip
#

#
# BEGIN filter-geoip-dropnlog
# Allows us to have one logging rule for all of the filter-geoip DROPS
#
-A filter-geoip-dropnlog -m state --state NEW -j LOG --log-prefix "GEOIP DROP" --log-level 4
-A filter-geoip-dropnlog -j DROP
#
# END filter-geoip-dropnlog
#