xtbales geoip centos

For the manual installation start with updating your server or skip to next command.

yum update

In case you want to install the package without updating all the packages make sure that kernel, kernel-devel and kernel-headers are exactly the same version, example 2.6.32-431.20.5.el6. Use the command:

yum install kernel-devel-`uname -r` iptables-devel kernel-headers-`uname -r`

Disable the selinux for the moment. After the installation use selinux tools to apply the right policies to the folders otherwise iptables will not start.

setenforce 0

rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm

yum install gcc gcc-c++ make automake unzip zip perl perl-Text-CSV_XS xz 

cd /opt 

wget https://qa.debian.org/watch/sf.php/xtables-addons/xtables-addons-1.41.tar.xz 

tar -xvf xtables-addons-1.41.tar.xz

cd /opt/xtables-addons-1.41

Disable the modules which will trigger errors on the installation.

vim mconfig

#comment out the below lines 
build_RAWNAT=m
build_SYSRQ=m
build_length2=m

Proceed with the installation

./configure
make
make install

Continue with the update of the geoip database.

cd geoip/

./xt_geoip_dl

./xt_geoip_build GeoIPCountryWhois.csv

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

Restart or reload iptables to enable the new module installed and create a new test rule.

service iptables restart
iptables -I INPUT -m geoip --src-cc CN -j DROP