Skip to content

Instantly share code, notes, and snippets.

@netrunn3r

netrunn3r/iptables_geoip_debian.md

Last active January 1, 2024 20:36
Show Gist options
  • Star 8 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
  • Save netrunn3r/d5d9eddde86a7ad7cd31a7d8e5d747c4 to your computer and use it in GitHub Desktop.
Save netrunn3r/d5d9eddde86a7ad7cd31a7d8e5d747c4 to your computer and use it in GitHub Desktop.
Download ZIP
Install geoip for iptables in Debian 10
Raw
iptables_geoip_debian.md
  1. change from buster to bullseye
  2. sudo apt install libnet-cidr-lite-perl libtext-csv-xs-perl libgeoip2-perl

for day of writing, there is a problem with building by dkms this package xtables-addons-common so wehave to install this from source

  1. sudo apt install pkg-config libxtables-dev
  2. wget http://inai.de/files/xtables-addons/xtables-addons-3.13.tar.xz
  3. tar xf xtables-addons-3.13.tar.xz
  4. cd xtables-addons-3.13/
  5. ./configure
  6. make
  7. sudo make install
  8. sudo depmod -a
  9. sudo modprobe x_tables
  10. sudo modprobe xt_geoip
  11. cd geoip
  12. manual download GeoLite2-Country-CSV.zip from maxmind.com
  13. ./xt_geoip_dl_maxmind
  14. cd GeoLite2-Country-CSV_20201124/
  15. sudo mkdir -p /usr/share/xt_geoip
  16. sudo ../xt_geoip_build_maxmind -D /usr/share/xt_geoip/
  17. sudo iptables -I INPUT -m geoip ! --src-cc XX -j DROP

Refenreces:

  1. https://www.reddit.com/r/debian/comments/d6mnsa/firewall_with_geoip_capability_on_debian_10/
  2. https://tracker.debian.org/pkg/xtables-addons
@braillesiq
Copy link

In my Debian 10 I had to change this step 16:
xt_geoip_build -D /usr/share/xt_geoip/ -i /usr/share/xt_geoip/dbip-country-lite.csv

@Delitants
Copy link

checking kernel version that we will build against... make: *** /lib/modules/4.9.0-19-amd64/build: No such file or directory. Stop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment