Re: iptables + geoip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Robert,

1- UK isn't an ISO3166 valid code.

    UNITED KINGDOM -> GB
    UKRAINE -> UA
see:
http://www.iso.org/iso/country_codes/iso_3166_code_lists/english_country_names_and_code_elements.htm#u..

2- Personally I get no segfault.

wyn:/home/acidfu# iptables -A INPUT -p tcp --dport 22 -m geoip !
--src-cc UK -j DROP
iptables v1.4.0: geoip match: sorry, 'UK' isn't in the database

3- what files you have into /var/geoip ?

4- You just tried to patch your kernel and iptables or what ? or its
an old patched kernel and you tried to update iptables ?

cheers,

Nicolas Bouliane

On Feb 11, 2008 4:00 AM, Robert Bruce <rob@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> I wanted to block everything but the UK from ssh access, so
>
> iptables -A INPUT -p tcp --dport 22 -m geoip ! --src-cc UK -j DROP
>
> I have the 2.6.18-5 kernel
>
>
> On Mon, February 11, 2008 8:54 am, NICOLAS BOULIANE wrote:
> > Hello Robert,
> >
> > Can you tell me the exact rule syntax you used ?
> >
> > p.s. I'm actually updating geoip so it use the xtables framework,
> >
> > cheers,
> >
> > Nicolas Bouliane
> >
> > On Feb 11, 2008 3:30 AM, Robert Bruce <rob@xxxxxxxxxxxxxxxxxxxxxxxxxx>
> > wrote:
> >> Hello
> >>
> >> I tried to send this to the developers of geoip, but the email got
> >> returned to me. I can't put this on bugzilla as it is down at the
> >> moment...
> >>
> >> Original Email:
> >>
> >> Hi Guys
> >>
> >> I've just tried to install geoip with iptables 1.4.0, everything is fine
> >> until I try to add a rule which uses the geoip module and I get a
> >> Segmentation fault. So I did some digging, compiled with -g for gdb and
> >> found that the problem is on line 229 as match is passed in with an
> >> address to 0x0.
> >>
> >> I dunno how to fix that though..
> >>
> >>
> >> -
> >> To unsubscribe from this list: send the line "unsubscribe
> >> netfilter-devel" in
> >> the body of a message to majordomo@xxxxxxxxxxxxxxx
> >> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> >>
> >
>
>
>
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux