geoip_iptables_blocking
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| geoip_iptables_blocking [2016/03/08 14:27] – admin | geoip_iptables_blocking [2019/05/08 19:38] (current) – admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| =====GeoIP for use with iptables (Debian 8 Jessie)===== | =====GeoIP for use with iptables (Debian 8 Jessie)===== | ||
| + | // | ||
| + | __**OUTDATED. MAXMIND stuff has changed. needs rework.**__// | ||
| - | install necessary software | + | ===install necessary software=== |
| < | < | ||
| Line 7: | Line 9: | ||
| </ | </ | ||
| - | create a weekly cronjob | + | ===create a weekly cronjob=== |
| < | < | ||
| - | cat / | + | vi / |
| #!/bin/sh | #!/bin/sh | ||
| Line 25: | Line 27: | ||
| </ | </ | ||
| - | make it executable | + | ===make it executable=== |
| < | < | ||
| Line 31: | Line 33: | ||
| </ | </ | ||
| - | insert geoip rules into iptables ruleset | + | ===insert geoip rules into iptables ruleset=== |
| < | < | ||
| Line 37: | Line 39: | ||
| </ | </ | ||
| - | Logging rule | + | ===Log anything else=== |
| - | -A INPUT -p tcp -m state --state NEW -m geoip ! --source-country CH -m tcp --dport 22 -j LOG --log-prefix " | + | |
| < | < | ||
| + | iptables -A INPUT -p tcp -m state --state NEW -m geoip ! --source-country CH -m tcp --dport 22 -j LOG --log-prefix " | ||
| + | </ | ||
| + | |||
| + | ===Check your success=== | ||
| + | |||
| + | Lets take a look at the attack statistics | ||
| + | |||
| + | {{ :: | ||
| + | |||
| + | phew, 0 attacks since i use GeoIP Tables blocking. I don't need my blocklist.de account anymore. At least not for SSH attacks. | ||
| + | |||
| + | |||
| + | ------------------------------- | ||
| + | |||
| + | Samesame for raspian on raspberry | ||
| + | |||
| + | Install linux kernel headers | ||
| + | |||
| + | < | ||
| + | apt-get update && sudo apt-get install git bc libncurses5-dev libtext-csv-xs-perl autoconf automake libtool xutils-dev iptables-dev -y | ||
| + | |||
| + | wget https:// | ||
| + | |||
| + | cd ~ | ||
| + | rpi-source | ||
| + | </ | ||
| + | |||
| + | Install xtables-addons | ||
| + | |||
| + | < | ||
| + | git clone git:// | ||
| + | cd xtables-addons | ||
| + | ./ | ||
| + | ./configure | ||
| + | make -j5 | ||
| + | make install | ||
| + | depmod | ||
| + | reboot | ||
| + | |||
| + | cat / | ||
| + | conntrack | ||
| + | conntrack | ||
| + | conntrack | ||
| + | multiport | ||
| + | geoip | ||
| + | udplite | ||
| + | udp | ||
| + | tcp | ||
| + | icmp | ||
| </ | </ | ||
geoip_iptables_blocking.1457447262.txt.gz · Last modified: 2016/03/08 14:27 by admin