Metainformationen zur Seite

iptables

#Quelle: https://www.eigener-server.ch/web-server/ubuntu/ubuntu-geoip-iptables/

Verwaltung

alles löschen

iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

Geoblock

install

#install apt
#sudo apt-get update && sudo apt-get install xtables-addons-common 
sudo apt-get install dkms raspberrypi-kernel-headers libtext-csv-xs-perl 
 
#error xtables-addon-dkms
# install from sid
user@raspberrypi:~ $ ls *.deb
xtables-addons-common_3.13-1_armhf.deb  xtables-addons-dkms_3.13-1_all.deb
 
#https://packages.debian.org/de/sid/all/xtables-addons-dkms/download
#https://packages.debian.org/de/sid/xtables-addons-common
 
#download geo
sudo mkdir /usr/share/xt_geoip
#cd /usr/lib/xtables-addons/
cd /usr/libexec/xtables-addons
sudo ./xt_geoip_dl
sudo ./xt_geoip_build -D /usr/share/xt_geoip *.csv
 
user@raspberrypi:/usr/libexec/xtables-addons $ sudo ./xt_geoip_build -D /usr/share/xt_geoip *.csv
 
Cant locate Net/CIDR/Lite.pm in @INC (you may need to install the Net::CIDR::Lite module) (@INC contains: /etc/perl /usr/local/lib/arm-linux-gnueabihf/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/arm-linux-gnueabihf/perl5/5.28 /usr/share/perl5 /usr/lib/arm-linux-gnueabihf/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/arm-linux-gnueabihf/perl-base) at ./xt_geoip_build line 9.
BEGIN failed--compilation aborted at ./xt_geoip_build line 9
 
apt install libnet-cidr-lite-perl
 
user@raspberrypi:/usr/libexec/xtables-addons $ sudo ./xt_geoip_build -D /usr/share/xt_geoip *.csv
Cant locate Text/CSV_XS.pm in @INC (you may need to install the Text::CSV_XS module) (@INC contains: /etc/perl /usr/local/lib/arm-linux-gnueabihf/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/arm-linux-gnueabihf/perl5/5.28 /usr/share/perl5 /usr/lib/arm-linux-gnueabihf/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/arm-linux-gnueabihf/perl-base) at ./xt_geoip_build line 12.
BEGIN failed--compilation aborted at ./xt_geoip_build line 12.
user@raspberrypi:/usr/libexec/xtables-addons $ 
 
apt install libtext-csv-xs-per

geoip iptables blocken

#https://hilfe-server.de/ips-ueber-geoip-blocken/
 
sudo iptables -A INPUT -j LOG
sudo iptables -A INPUT -j LOG
sudo iptables -A INPUT -s 192.168.0.0/16 -i eth0 -j ACCEPT  
sudo iptables -A INPUT -m geoip ! --source-country DE -j LOG
sudo iptables -A INPUT -m geoip ! --source-country DE -j DROP
 
#log_and_drop
sudo iptables -N LOG_AND_DROP
sudo iptables -A LOG_AND_DROP -j LOG --log-prefix "Source host denied "
sudo iptables -A LOG_AND_DROP -j DROP
 
#Now that you have this chain, you want to direct traffic to log and drop to it:
 
iptables -A INPUT -s z.z.z.z/32 -j LOG_AND_DROP
iptables -A INPUT -s y.y.y.y/32 -j LOG_AND_DROP
iptables -A INPUT -s a.a.a.a/32 -j LOG_AND_DROP
sudo iptables -A INPUT -m geoip ! --source-country DE -j LOG_AND_DROP

NAT

iptables -t nat -A PREROUTING -i ens3 -p tcp --dport 8884 -j DNAT --to 10.10.10.11:8884