Though Ubuntu Linux offers packages for GeoIP filtering, some manual steps are still required for realization.

  1. Install the Kernel module + userspace programs

    sudo aptitude install xtables-addons-common

  2. Create the directory for the GeoIP list

    sudo mkdir /usr/share/xt_geoip

  3. Install the Perl module (optional)

    sudo aptitude install libtext-csv-xs-perl

  4. Download GeoIP list

    sudo /usr/lib/xtables-addons/xt_geoip_dl
    This will download the list to the current directory, if you want to change this, do that before execution of this command!

  5. Convert the GeoIP list

    sudo /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv
    This will build the output files in /usr/share/xt_geoip and assumes the GeoIP list is located in the current directory. Please also note, that you have to specify "*.csv", otherwise nothing will happen.

  6. Test everything

    sudo iptables -F && iptables -A OUTPUT -m geoip --dst-cc US -j DROP
    This will block all outgoing traffic to IP addresses located in the USA, next you can try to visit Google, this should not work anymore.

    If you want your firewall changes to be undone, just enter sudo iptables -F.

References:

  1. Robert Haddon's Blog, Words from High, (last visited on 2012-10-27)
  2. xtables on sourceforge.net, (last visited on 2012-10-27)
  • Last modified: 2020/09/16 20:57