Differences

This shows you the differences between two versions of the page.

--- geoip_iptables_blocking [2016/03/08 14:29] – admin
+++ geoip_iptables_blocking [2019/05/08 19:37] – admin
@@ Line 1: / Line 1: @@
 =====GeoIP for use with iptables (Debian 8 Jessie)=====
-install necessary software
+OUTDATED. MAXMIND stuff has changed. needs rework.
+===install necessary software===
 <code>
@@ Line 7: / Line 9: @@
 </code>
-create a weekly cronjob
+===create a weekly cronjob===
 <code>
-cat /etc/cron.weekly/maxmind
+vi /etc/cron.weekly/maxmind
 #!/bin/sh
@@ Line 25: / Line 27: @@
 </code>
-make it executable
+===make it executable===
 <code>
@@ Line 31: / Line 33: @@
 </code>
-insert geoip rules into iptables ruleset
+===insert geoip rules into iptables ruleset===
 <code>
@@ Line 37: / Line 39: @@
 </code>
-Log anything else
+===Log anything else===
 <code>
 iptables -A INPUT -p tcp -m state --state NEW -m geoip ! --source-country CH  -m tcp --dport 22 -j LOG --log-prefix "iptables geoip denied: " --log-level 7
+</code>
+===Check your success===
+Lets take a look at the attack statistics
+{{ ::attack_stats.png |}}
+phew, 0 attacks since i use GeoIP Tables blocking. I don't need my blocklist.de account anymore. At least not for SSH attacks.
+-------------------------------
+Samesame for raspian on raspberry
+Install linux kernel headers
+<code>
+apt-get update && sudo apt-get install git bc libncurses5-dev libtext-csv-xs-perl autoconf automake libtool xutils-dev iptables-dev -y
+wget https://raw.githubusercontent.com/notro/rpi-source/master/rpi-source -O /usr/bin/rpi-source && sudo chmod +x /usr/bin/rpi-source && /usr/bin/rpi-source -q --tag-update
+cd ~
+rpi-source
+</code>
+Install xtables-addons
+<code>
+git clone git://git.code.sf.net/p/xtables-addons/xtables-addons
+cd xtables-addons
+./autogen.sh
+./configure
+make -j5
+make install
+depmod
+reboot
+cat /proc/net/ip_tables_matches
+conntrack
+conntrack
+conntrack
+multiport
+geoip
+udplite
+udp
+tcp
+icmp
 </code>