Hello netfilter developers,
I would like to report a possible problem. I have discovered access
attempts from IP address: 83.97.73.89 in my nginx access.log. I have
configured nginx with maxmind mmdb databases, so nginx identifies it as
coming from RU, Russion Federation.
I have applied the following iptables rule: -A INPUT -i eth0 -m
geoip ! --source-country DE,GB,HU,RO -j DROP
I am running debian bullseye. Output of uname -a:
Linux myhostname 5.10.0-10-686-pae #1 SMP Debian 5.10.84-1
(2021-12-08) i686 GNU/Linux
I have installed the following stock debian packages:
xtables-addons-common:i386/stable 3.13-1+deb11u1 uptodate
xtables-addons-dkms:all/stable 3.13-1+deb11u1 uptodate
I am downloading weekly the maxmind geolite2 databases in both mmdb
and csv formats. The csv file contains related IP range of RU. I am
generating the .iv4 and iv6 files with xt_geoip_build_maxmind script
installed by the above mentioned xtables-addons packages.
Could someone support me to investigate this problem? Thank's in
advance!
Ambrus Oláh
Budapest, Hungary
