iptables + geoip blocking

March 31st, 2013 by Russell Leave a reply »

How to setup iptables on CentOS 6 to easily ACCEPT/DENY based on source country:

yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel perl-Text-CSV_XS

wget http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/1.47/xtables-addons-1.47.1.tar.xz

tar xvf xtables*; cd xtables*; ./configure; make; make install

cd geoip/

./xt_geoip_dl

./xt_geoip_build GeoIPCountryWhois.csv

mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

Test it like this:
iptables -I INPUT -m geoip –src-cc CN -j DROP

Posted in Uncategorized

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

2 comments

Add your comment
  1. Aas says:
    February 6, 2014 at 5:24 AM

    This is good for some DROP rules.
    But be carefull if you allow some rules only with geoip. With first kernel upgrade you have to reinstall geoip.

    Reply
  2. Russell says:
    August 13, 2014 at 10:38 AM

    That’s true! I actually got bit by that. Luckily the module still recompiled on the new kernel without any issues.

    Reply

Leave a Reply