Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: Drifting on June 19, 2018, 10:45:37 AM
-
Was having a quick read of Geo IP and thought what a brilliant idea. And then proceeded to look for one for IP tables. Nothing that I can see?
I am totally brassed off with China trying to get into my little SME box, Fail2Ban works a treat, and I see hundreds per day being blocked (Increased the block time to 24hr) However, think I would be happy to block entire countries. China being one! I can always phone my order through for dinner :-)
Best wishes
Paul.
-
Might answer your question:
https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/
or maybe not having read all the way through it :-(
-
Mmmm, never too sure about adding anything that was not standard or a contrib to SME, as my knowledge is not that good, and everyone on here is fantastic at giving help.
Best Wishes
Paul.
-
search for this in the forum, one was able to build a rpm for it.
However, I did not found the time to try and import it recently.
search for xtables-addons
-
check this one: https://forums.contribs.org/index.php/topic,53302.msg276423.html#msg276423
-
I wasmore refering to this one : https://forums.contribs.org/index.php/topic,53129.msg276659.html#msg276659
-
Hi,
I wasmore refering to this one : https://forums.contribs.org/index.php/topic,53129.msg276659.html#msg276659
You can make a try to the last version of
- xtables-addons
- xtables-addons-kmod
- smeserver-xt_geoip
in http://repos.misouk.com/Sme_Server/6/repoview/ (http://repos.misouk.com/Sme_Server/6/repoview/)
I use that on two servers of mine for several months. There are regularly "GeoIP BAN" in their iptables log.
smeserver-xt_geoip is a panel in server-manager
-
Hi,
You can make a try to the last version of
- xtables-addons
- xtables-addons-kmod
- smeserver-xt_geoip
in http://repos.misouk.com/Sme_Server/6/repoview/ (http://repos.misouk.com/Sme_Server/6/repoview/)
I use that on two servers of mine for several months. There are regularly "GeoIP BAN" in their iptables log.
smeserver-xt_geoip is a panel in server-manager
mab974,
1 would you mind if we import your work in smecontribs ?
2 would you like to help maintaining it directly there and get accesses to do so ?
-
Note that anything using perl-GeoIP and Maxmind v1 databases is effectively EOL due to Maxmind pulling suport on the v1 databases.
Look for something that supports perl-GeoIP2.
See my work on smeserver-geoip for details.
If I get 5 minutes I'll take a look myself.
Also, turning your production server into a build environment is never a great idea. Use a test VM, or roll your own build server as per the wiki.
-
1 would you mind if we import your work in smecontribs ?
2 would you like to help maintaining it directly there and get accesses to do so ?
you can import everything, there is no problem and I could try to maintain it with a little help in the beginning of course.
Note that anything using perl-GeoIP and Maxmind v1 databases is effectively EOL due to Maxmind pulling suport on the v1 databases.
Also, turning your production server into a build environment is never a great idea. Use a test VM, or roll your own build server as per the wiki.
I actually use test vm and build server and my production servers are free of dev tools.
I'll take a look at the database version problem soon.
-
you can import everything, there is no problem and I could try to maintain it with a little help in the beginning of course.
That's awesome !! We can help you there.
We can pull the src rpms direct to buildsys and show you how to patch etc. JPP will need to sort you out buildsys access.
-
Been having a quick look at this.
Can't see that xtables supports the new v2 DB format (could be wrong here)
Another approach might be using something like this, and combined with say fail2ban?
https://aur.archlinux.org/packages/geoipmarker/
Except the git repo seems to have been removed !!
Can't do much more from my phone right now.
Anyone else see anything around?
We can import the @mab974 rpms, but if xtables isn't updated soon it will become redundant. (I didn't notice a bug on this, though there may be one)
-
Fantastic news. Thanks guys for picking up on this, I await with baited breath! Seems now I need a russian bride, as they are having a go at me now.
Best wishes Paul
-
OK, it seems that Maxmind do supply CSV files here
https://dev.maxmind.com/geoip/geoip2/geolite2/
So technically the xtables addons could be updated to use these URLs and CSVs ?
I probably need to get hold of one of the old CSV files and compare the data
-
OK, just took a look. Going to be fun....
Here's the 'v1' zip
wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
Now, that has a CSv file that seems to be in this format
Start IP - End IP - Two columns I think are the Decimal Start/Finish - Country Code - Country Name
e.g.
"1.0.0.0","1.0.0.255","16777216","16777471","AU","Australia"
"1.0.1.0","1.0.3.255","16777472","16778239","CN","China"
"1.0.4.0","1.0.7.255","16778240","16779263","AU","Australia"
"1.0.8.0","1.0.15.255","16779264","16781311","CN","China"
"1.0.16.0","1.0.31.255","16781312","16785407","JP","Japan"
"223.255.224.0","223.255.231.255","3758088192","3758090239","ID","Indonesia"
"223.255.232.0","223.255.235.255","3758090240","3758091263","AU","Australia"
"223.255.236.0","223.255.239.255","3758091264","3758092287","CN","China"
"223.255.240.0","223.255.243.255","3758092288","3758093311","HK","Hong Kong"
"223.255.244.0","223.255.247.255","3758093312","3758094335","IN","India"
"223.255.248.0","223.255.251.255","3758094336","3758095359","HK","Hong Kong"
"223.255.252.0","223.255.253.255","3758095360","3758095871","CN","China"
Now, the v2 DBs are trickier as they are split in to two files, one referrring to the other
network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider
1.0.0.0/24 2077456 2077456 0 0
1.0.1.0/24 1814991 1814991 0 0
The second file has a lookup for the geonam_id
geoname_id,locale_code,continent_code,continent_name,country_iso_code,country_name,is_in_european_union
49518 en AF Africa RW Rwanda 0
51537 en AF Africa SO Somalia 0
69543 en AS Asia YE Yemen 0
It is perfectly possible to script something to meld the two together.
Just wondering of there is an easier way !
Any thoughts appreciated.
-
https://stackoverflow.com/questions/3125951/perl-merging-2-csv-files-line-by-line-with-a-primary-key
Sure that someone can figure it :-)
-
Something already exists for xtables-addons : (download and build)
https://sourceforge.net/p/xtables-addons/xtables-addons/ci/256ac1a4f6fe8db66031948c80fb066de5695a6e/ (https://sourceforge.net/p/xtables-addons/xtables-addons/ci/256ac1a4f6fe8db66031948c80fb066de5695a6e/)
not tested yet ....
-
Good spot.
I'll check... perl-GeoiIP2 for smeserver-geoip drags in loads of deps so it will probably work.
-
FYI perl-Net-CIDR-Lite is in the openfusion repo.
So the patches ahould work if added to the rpm.
I'll have a look when I get a minute
-
New versions using GeoLite2 database are available for :
xtables-addons
xtables-addons-kmod
smeserver-xt_geoip
in http://repos.misouk.com/Sme_Testing/6/repoview/
Note that smedev repo is now required for Perl-Socket package. (--enablerepo=smedev)
Of course your feedbacks are welcome.
-
Fantastic !!
Sorry. I'm away on business and had a boat load on at work.
Back in a week and will see if we can get this into the contribs repo.
-
Reminder to myself reallt.
I've not forgotten about this. Just waylaid with real life crap !!
I'm also stuck on importing new rpms (I can do an update to an existing one but buildsys is not playing with new). I'm liaising with JPP on this as I have some other stuff to add.
Keep you posted.
-
FYI Jean Phillipe has started importing these rpms to the smecontribs repo.
I'll post a link when it is finished
-
As if by magic:
https://forums.contribs.org/index.php/topic,53917.0.html
Original build and kudos to mab974 and Jean Philippe for pulling it into contribs.
That'll keep a lot of the pesky buggers out.
-
Well, may be your IP is rather suspected? By anybody else.