Preliminary howto to add GeoIP support to firewall, to block traffic by country (to/from selected countries).
Be sure the system is updated before beginning.
Enable epel if not already installed:
yum --enablerepo=extras install epel-release eorepo centos-base centos-updates nethserver-base nethserver-updates
yum --enablerepo=epel install perl-Text-CSV_XS unzip
Download tar.gz containing my work (I’ll make an rpm package if there’s interest) and extract files:
wget http://nethservice.nethesis.it/nethserver-geoip.tar.gz tar -zxvf nethserver-geoip.tar.gz -C /
Install kernel modules:
yum localinstall /tmp/xtables-addons-1.47.1-2.el6.x86_64.rpm
Download GeoIP database (a cron job is installed to automate download every month):
Use custom templates to add shorewall rules to block countries, following the docs:
Be sure to run shorewall restart after expanding the template:
expand-template /etc/shorewall/rules shorewall restart
# cat /etc/e-smith/templates-custom/etc/shorewall/rules/55geoip # block pings to the United Kingdom DROP:info $FW net:^[GB] icmp
Feedback is important, thank you in advance.