W dniu 2020.03.10 o 19:59, Tom Eastep pisze:
Obviously the CN database is being found, since the rule is being
installed. If you can't find anything, please send me a full dump and
I'll take a look...
-Tom
Hi Everyone,
I admit that I was a bit surprised that the xt_geoip functionality works
incorrectly. At home on Slackware Linux I use a different approach to
using xt_geoip. Namely, in the policy file I have set all incoming
connections to DROP
/etc/shorewall/policy
# Internet policies
net all DROP NFLOG # log through ulogd
and, for example, I only allow traffic from a given country to SSH.
Example of /etc/shorewall/rules
# Allow incoming ECHO (only from PL) and rate it to one per second
Ping(ACCEPT) net:^[PL] $FW - - - - 1/sec
# Allow incoming SSH connections for administration
SSH(ACCEPT) net:^[PL] $FW
Although this should probably not make a difference, whether I refuse
calls from a given country or just a country I allow, I have never had
problems using xt_geoip from the xtables-addons package.
Greetings,
Witek
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
