-
-
Save BFDZ/a78878464fece8f4b5db28421fb0df27 to your computer and use it in GitHub Desktop.
iptables geoip xtables firewall by country
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This is an example of how to use xtables / xt_geoip to block requests | |
# based on their source/destination country. | |
# | |
# It can be computationally expensive to have tons of iptables rules. | |
# According to the bottom of the following page, this xt_geoip is probably | |
# about as efficient as can be for doing this kind of thing: | |
# http://xtables-addons.sourceforge.net/geoip.php | |
# Install packages | |
apt-get install xtables-addons-common libtext-csv-xs-perl unzip | |
# Create the directory where the country data should live | |
mkdir /usr/share/xt_geoip | |
# Download and install the latest country data | |
mkdir /tmp/xt_geoip_dl | |
cd /tmp/xt_geoip_dl | |
/usr/lib/xtables-addons/xt_geoip_dl | |
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv | |
# Prohibition of connection from China | |
#iptables -A OUTPUT -m geoip --destination-country CN -j REJECT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment