=====GeoIP for use with iptables (Debian 8 Jessie)=====
//
__**OUTDATED. MAXMIND stuff has changed. needs rework.**__//

===install necessary software===

<code>
apt-get install libtext-csv-xs-perl xtables-addons-common
</code>

===create a weekly cronjob===

<code>
vi /etc/cron.weekly/maxmind 

#!/bin/sh
GEOIP_MIRROR="http://geolite.maxmind.com/download/geoip/database"
TMPDIR=$(mktemp -d /tmp/geoipupdate.XXXXXXXXXX)
wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/GeoIPv6.csv.gz" -O "${TMPDIR}/GeoIPv6.csv.gz"
wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/GeoIPCountryCSV.zip" -O "${TMPDIR}/GeoIPCountryCSV.zip"
gunzip -fdc ${TMPDIR}/GeoIPv6.csv.gz >> ${TMPDIR}/GeoIPv6.csv
unzip -o -d ${TMPDIR} ${TMPDIR}/GeoIPCountryCSV.zip 
mkdir -p /usr/share/xt_geoip
#perl /usr/share/doc/xtables-addons-2.3/geoip/xt_geoip_build -D /usr/share/xt_geoip ${TMPDIR}/GeoIP*.csv
perl /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip ${TMPDIR}/GeoIP*.csv
[ -d "${TMPDIR}" ] && rm -rf $TMPDIR
</code>

===make it executable===

<code>
chmod +x /etc/cron.weekly/maxmind
</code>

===insert geoip rules into iptables ruleset===

<code>
iptables -A INPUT -m state --state NEW -m geoip --src-cc CH -m tcp -p tcp --dport 22 -j ACCEPT
</code>

===Log anything else===

<code>
iptables -A INPUT -p tcp -m state --state NEW -m geoip ! --source-country CH  -m tcp --dport 22 -j LOG --log-prefix "iptables geoip denied: " --log-level 7
</code>

===Check your success===

Lets take a look at the attack statistics

{{ ::attack_stats.png |}}

phew, 0 attacks since i use GeoIP Tables blocking. I don't need my blocklist.de account anymore. At least not for SSH attacks.


-------------------------------

Samesame for raspian on raspberry 

Install linux kernel headers

<code>
apt-get update && sudo apt-get install git bc libncurses5-dev libtext-csv-xs-perl autoconf automake libtool xutils-dev iptables-dev -y

wget https://raw.githubusercontent.com/notro/rpi-source/master/rpi-source -O /usr/bin/rpi-source && sudo chmod +x /usr/bin/rpi-source && /usr/bin/rpi-source -q --tag-update

cd ~
rpi-source
</code>

Install xtables-addons

<code>
git clone git://git.code.sf.net/p/xtables-addons/xtables-addons
cd xtables-addons
./autogen.sh
./configure
make -j5
make install
depmod
reboot

cat /proc/net/ip_tables_matches

conntrack
conntrack
conntrack
multiport
geoip
udplite
udp
tcp
icmp
</code>