Spacerats little techwiki

User Tools

Site Tools

Trace:
geoip_iptables_blocking

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
geoip_iptables_blocking [2016/03/08 14:28] admingeoip_iptables_blocking [2019/05/08 19:38] (current) admin
Line 1: Line 1:
 =====GeoIP for use with iptables (Debian 8 Jessie)===== =====GeoIP for use with iptables (Debian 8 Jessie)=====
 +//
 +__**OUTDATED. MAXMIND stuff has changed. needs rework.**__//
  
-install necessary software+===install necessary software===
  
 <code> <code>
Line 7: Line 9:
 </code> </code>
  
-create a weekly cronjob+===create a weekly cronjob===
  
 <code> <code>
-cat /etc/cron.weekly/maxmind +vi /etc/cron.weekly/maxmind 
  
 #!/bin/sh #!/bin/sh
Line 25: Line 27:
 </code> </code>
  
-make it executable+===make it executable===
  
 <code> <code>
Line 31: Line 33:
 </code> </code>
  
-insert geoip rules into iptables ruleset+===insert geoip rules into iptables ruleset===
  
 <code> <code>
Line 37: Line 39:
 </code> </code>
  
-Logging rule+===Log anything else===
  
 <code> <code>
--A INPUT -p tcp -m state --state NEW -m geoip ! --source-country CH  -m tcp --dport 22 -j LOG --log-prefix "iptables geoip denied: " --log-level 7+iptables -A INPUT -p tcp -m state --state NEW -m geoip ! --source-country CH  -m tcp --dport 22 -j LOG --log-prefix "iptables geoip denied: " --log-level 7 
 +</code> 
 + 
 +===Check your success=== 
 + 
 +Lets take a look at the attack statistics 
 + 
 +{{ ::attack_stats.png |}} 
 + 
 +phew, 0 attacks since i use GeoIP Tables blocking. I don't need my blocklist.de account anymore. At least not for SSH attacks. 
 + 
 + 
 +------------------------------- 
 + 
 +Samesame for raspian on raspberry  
 + 
 +Install linux kernel headers 
 + 
 +<code> 
 +apt-get update && sudo apt-get install git bc libncurses5-dev libtext-csv-xs-perl autoconf automake libtool xutils-dev iptables-dev -y 
 + 
 +wget https://raw.githubusercontent.com/notro/rpi-source/master/rpi-source -O /usr/bin/rpi-source && sudo chmod +x /usr/bin/rpi-source && /usr/bin/rpi-source -q --tag-update 
 + 
 +cd ~ 
 +rpi-source 
 +</code> 
 + 
 +Install xtables-addons 
 + 
 +<code> 
 +git clone git://git.code.sf.net/p/xtables-addons/xtables-addons 
 +cd xtables-addons 
 +./autogen.sh 
 +./configure 
 +make -j5 
 +make install 
 +depmod 
 +reboot 
 + 
 +cat /proc/net/ip_tables_matches 
 + 
 +conntrack 
 +conntrack 
 +conntrack 
 +multiport 
 +geoip 
 +udplite 
 +udp 
 +tcp 
 +icmp
 </code> </code>
geoip_iptables_blocking.1457447283.txt.gz · Last modified: by admin