xtables-addons passes through an IP from RU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello netfilter developers,

	I would like to report a possible problem. I have discovered access
attempts from IP address: 83.97.73.89 in my nginx access.log. I have
configured nginx with maxmind mmdb databases, so nginx identifies it as
coming from RU, Russion Federation.
	
	I have applied the following iptables rule: -A INPUT -i eth0 -m
geoip ! --source-country DE,GB,HU,RO  -j DROP
	
	I am running debian bullseye. Output of uname -a:
	
	Linux myhostname 5.10.0-10-686-pae #1 SMP Debian 5.10.84-1
(2021-12-08) i686 GNU/Linux
	
	I have installed the following stock debian packages:
	
	xtables-addons-common:i386/stable 3.13-1+deb11u1 uptodate
	xtables-addons-dkms:all/stable 3.13-1+deb11u1 uptodate
      	
	I am downloading weekly the maxmind geolite2 databases in both mmdb
and csv formats. The csv file contains related IP range of  RU. I am
generating the .iv4 and iv6 files with xt_geoip_build_maxmind script
installed by the above mentioned xtables-addons packages.
      
	Could someone support me to investigate this problem? Thank's in
advance!
      	
	Ambrus Oláh
	Budapest, Hungary






[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux