Hi, I would like to DROP all connections from IPs originating in a specified country. Of course, the geoip extension is a perfect fit for that. My question is what happens if I do this: iptables -P INPUT DROP iptables -A INPUT -m geoip ! --src-cc [country] -j ACCEPT What happens if an IP is not found in the geoip-database, so it has no country-code at all? Is it accepted or not? I would suppose it is accepted and, since I wanna be sure, would be thankful for a workaround simpler than adding every country in the world but the forbidden one. Best Regards, Sebastian -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
