Preliminary howto to add GeoIP support to firewall, to block traffic by country (to/from selected countries).
Be sure the system is updated before beginning.
Download GeoIP database (a cron job is installed to automate download every month):
/usr/local/bin/geoip_update.sh
Use custom templates to add shorewall rules to block countries, following the docs: http://shorewall.net/ISO-3661.html
Be sure to run shorewall restart after expanding the template:
I ran through this and got stuck at this point:
“Be sure to run shorewall restart after expanding the template:”
“cat /etc/e-smith/templates-custom/etc/shorewall/rules/55geoip”
I don’t see that file or that directory? I end up with a directory called “/etc/e-smith/templates-custom” but nothing below that. Am I supposed to create a directory called “/etc/e-smith/templates-custom/etc/shorewall/rules/55geoip”? or a file called “55geoip” in a directory called “/etc/e-smith/templates-custom/etc/shorewall/rules/”
Very interesting, perhaps include it in NetherServer itself. I know when I replace my last Zentyal box, that’s being used as a gateway; this is sure to be one of the first things I add. As I’m tired of seeing my logs filled with relentless attempts to login from China and Russia.
I have looked in /var/log/messages as well as /var/log/dmesg and there is no errors relating to GeoIP. Are there any other log files the errors may appear in?
While I can’t test geoip right now, I can guess what’s happening.
It’s probably due to using 6.7 while the rpm is for 6.5 or 6.6 (I don’t remember).
Please confirm that
$ modinfo xt_geoip
ERROR: modinfo: could not find module xt_geoip
Then move kernel modules to the current kernel:
mv /lib/modules/2.6.32-504.30.3.el6.x86_64/extra/* /lib/modules/$(uname -r)/extra/
depmod -a
Confirm with modinfo xt_geoip command above that the module is available.
Question: The Databases for the Geoip are installed, also the geoip folders. Normaly it should be possible to use them with iptable direct, right? If i do it into iptable that way:
iptables -I INPUT 2 -m state --state NEW -m geoip ! --source-country XX,XX,XX -j DROP