install geoip iptables module centos 7

1 – Install packages

yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` wget unzip iptables-devel perl-Text-CSV_XS

2 – Download and decompress xtables-addons

wget http://ufpr.dl.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.14.tar.xz
tar -xvf xtables-addons-2.14.tar.xz
cd xtables-addons-2.14

3 – Compile xtables-addons

./configure
sed -i '/xt_TARPIT.o$/s/^/#/' extensions/Kbuild
make && make install

4 – Download and install geoip database

cd geoip
./xt_geoip_dl
./xt_geoip_build GeoIPCountryWhois.csv
mkdir -p /usr/share/xt_geoip
cp -r {BE,LE} /usr/share/xt_geoip
modprobe xt_geoip

5 – Insert a firewall rule to test

iptables -A FORWARD -m geoip --src-cc BR,JP,FR -j DROP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s