Though Ubuntu Linux offers packages for GeoIP filtering, some manual steps are still required for realization.
sudo aptitude install xtables-addons-common
sudo mkdir /usr/share/xt_geoip
sudo aptitude install libtext-csv-xs-perl
sudo /usr/lib/xtables-addons/xt_geoip_dlThis will download the list to the current directory, if you want to change this, do that before execution of this command!
sudo /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csvThis will build the output files in /usr/share/xt_geoip and assumes the GeoIP list is located in the current directory. Please also note, that you have to specify "*.csv", otherwise nothing will happen.
sudo iptables -F && iptables -A OUTPUT -m geoip --dst-cc US -j DROPThis will block all outgoing traffic to IP addresses located in the USA, next you can try to visit Google, this should not work anymore. If you want your firewall changes to be undone, just enter
sudo iptables -F
.References: