Re: CentOS 6.X, iptables 1.47 and GeoLite2 Country Database

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Jan 15, 2019 at 07:43:02AM +0000, Phil Perry (pperry@xxxxxxxxxx) wrote:
> On 15/01/2019 01:29, Jobst Schmalenbach wrote:
> > On Mon, Jan 14, 2019 at 07:29:45AM +0000, Phil Perry (pperry@xxxxxxxxxx) wrote:
> > > On 14/01/2019 07:09, Jobst Schmalenbach wrote:
> Below is my script for creating/updating an ipset to block my top 10
> Hope that helps

Thanks, it did, cleared up conflicting info I found on the Internet.


I also wanted to go the "other way": disallow everything but 2 countries (AU,NZ).
There are even more conflicting ideas about how to do this, but I figured it out.


Also I cannot see a difference in speed between using (maxmind)

  -A filter_countries -m geoip --src-cc AU,NZ -j ACCEPT

and (ipdeny)

  -A filter_countries -m set --set au.geoblock src -j ACCEPT

which is really good!


Jobst



-- 
The future isn't what it used to be (it never was).

  | |0| |   Jobst Schmalenbach, General Manager
  | | |0|   Barrett & Sales Essentials
  |0|0|0|   +61 3 9533 0000, POBox 277, Caulfield South, 3162, Australia
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux