[contribteam] [Bug 10749] too many countries specified iptables error

Mon, 04 Mar 2019 11:01:23 -0800 

https://bugs.contribs.org/show_bug.cgi?id=10749

--- Comment #3 from Catton <[email protected]> ---
I can see merit to the idea of option 3 - - allow a reverse match drop all but.
I think there would be fewer Country Codes.

Another question.
I noticed that Fail2Ban is at the top of the Chain INPUT and my
40DenyRiffRaff-INPUT is further down and Xt geoip is near the bottom.
With this configuration, it would seem I could add exceptions in 40DenyRiffRaff
- either ACCEPT or DROP. 
yes?

iptables -nL|less   -----------with IPs added in
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/40DenyRiffRaff-INPUT

Chain INPUT (policy DROP)
target     prot opt source               destination
Fail2Ban   all  --  0.0.0.0/0            0.0.0.0/0
state_chk  all  --  0.0.0.0/0            0.0.0.0/0
local_chk  all  --  0.0.0.0/0            0.0.0.0/0
PPPconn    all  --  0.0.0.0/0            0.0.0.0/0
denylog    all  --  224.0.0.0/4          0.0.0.0/0
denylog    all  --  0.0.0.0/0            224.0.0.0/4
ACCEPT     all  --  5.44.100.0/23        0.0.0.0/0
ACCEPT     all  --  8.0.0.0/9            0.0.0.0/0
ACCEPT     all  --  8.16.0.0/15          0.0.0.0/0
ACCEPT     all  --  11.0.0.0/13          0.0.0.0/0
ACCEPT     all  --  11.8.0.0/14          0.0.0.0/0
ACCEPT     all  --  12.0.0.0/8           0.0.0.0/0

.
.
.
.
DROP       all  --  220.0.0.0/6          0.0.0.0/0
ULOG       all  --  0.0.0.0/0            0.0.0.0/0            Source countries:
MX,RU,CN,CO,AR,EC,CL,VE,DO,CR,ZA,GT,IN,BO,HN ULOG copy_range 0 nlgroup 1 prefix
`GeoIP BAN: ALL' queue_threshold 1
DROP       all  --  0.0.0.0/0            0.0.0.0/0            Source countries:
MX,RU,CN,CO,AR,EC,CL,VE,DO,CR,ZA,GT,IN,BO,HN
InboundICMP  icmp --  0.0.0.0/0            0.0.0.0/0
.
.
.
.

Chain Fail2Ban_31992 (1 references)
target     prot opt source               destination
denylog    all  --  73.151.220.232       0.0.0.0/0
denylog    tcp  --  73.151.220.232       0.0.0.0/0           multiport dports
143,993
denylog    tcp  --  184.22.5.157         0.0.0.0/0           multiport dports
143,993
denylog    tcp  --  66.97.142.160        0.0.0.0/0           multiport dports
80,443
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/

Reply via email to