GeoIP filtering on Ubuntu 12.10
Though Ubuntu Linux offers packages for GeoIP filtering, with version 12.10 GeoIP filtering doesn't work anymore. Ubuntu decided to stay at version 1.42 of xtables which is incompatible with kernel 3.5. Kernel 3.5 is the standard in Ubuntu 12.10. The only fast way to overcome this issue was to upgrade to the latest version of xtables - 1.47.1 as of 3rd of November 2012.
The following will describe the necessary steps to do, please remember that any upgrade of the kernel will require to install the module again!
- Download the source from xtables.
- Unpack the source
sudo tar -xvJf xtables-addons-1.47.1.tar.xz
- Change into the source direcotry and run the configuration script
sudo ./configure
- Compilation
sudo make
- Install the Kernel module + userspace programs
sudo make install
Optional steps, if you didn't install GeoIP before:
- Create the directory for the GeoIP list
sudo mkdir /usr/share/xt_geoip
- Install the Perl module (optional)
sudo aptitude install libtext-csv-xs-perl
- Download GeoIP list
sudo /usr/lib/xtables-addons/xt_geoip_dl
This will download the list to the current directory, if you want to change this, do that before execution of this command! - Convert the GeoIP list
sudo /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv
This will build the output files in /usr/share/xt_geoip and assumes the GeoIP list is located in the current directory. Please also note, that you have to specify "*.csv", otherwise nothing will happen. - Test everything
sudo iptables -F && iptables -A OUTPUT -m geoip --dst-cc US -j DROP
This will block all outgoing traffic to IP addresses located in the USA, next you can try to visit Google, this should not work anymore. If you want your firewall changes to be undone, just entersudo iptables -F
.
References:
- xtables on sourceforge.net, (last visited on 2012-11-03)