Koozali.org formerly Contribs.org

Block a country?

Block a country?
« on: June 19, 2018, 10:45:37 AM »
Was having a quick read of Geo IP and thought what a brilliant idea. And then proceeded to look for one for IP tables. Nothing that I can see?

I am totally brassed off with China trying to get into my little SME box, Fail2Ban works a treat, and I see hundreds per day being blocked (Increased the block time to 24hr) However, think I would be happy to block entire countries. China being one! I can always phone my order through for dinner :-)

Best wishes
Paul.
Infamy, Infamy, they all have it in for me!

Offline TerryF

  • *
  • 1,040
Re: Block a country?
« Reply #1 on: June 19, 2018, 11:31:20 AM »
Might answer your question:

https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/

or maybe not having read all the way through it :-(
« Last Edit: June 19, 2018, 11:33:05 AM by TerryF »
--
qui scribit bis legit

Re: Block a country?
« Reply #2 on: June 19, 2018, 11:56:26 AM »
Mmmm, never too sure about adding anything that was not standard or a contrib to SME, as my knowledge is not that good, and everyone on here is fantastic at giving help.

Best Wishes
 Paul.
Infamy, Infamy, they all have it in for me!

Offline Jean-Philippe Pialasse

  • *
  • 1,201
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Block a country?
« Reply #3 on: June 19, 2018, 04:02:15 PM »
search for this in the forum, one was able to build a rpm for it.
However, I did not found the time to try and import it recently.

search for xtables-addons

Offline Stefano

  • *
  • 10,779
  • Skype account: maghissimo
    • Smeserver italian community
Re: Block a country?
« Reply #4 on: June 19, 2018, 04:37:20 PM »
Consulente di Smeserver.it -  Soluzioni e supporto su Sme server in Italia

Offline Jean-Philippe Pialasse

  • *
  • 1,201
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Block a country?
« Reply #5 on: June 19, 2018, 04:53:01 PM »

Re: Block a country?
« Reply #6 on: June 19, 2018, 07:43:42 PM »
Hi,

I wasmore refering to this one : https://forums.contribs.org/index.php/topic,53129.msg276659.html#msg276659

You can make a try  to the last version of   
  • xtables-addons
  • xtables-addons-kmod
  • smeserver-xt_geoip
in http://repos.misouk.com/Sme_Server/6/repoview/

I use that on two servers of mine for several months. There are regularly "GeoIP BAN" in their iptables log.
smeserver-xt_geoip  is a panel in server-manager


Offline Jean-Philippe Pialasse

  • *
  • 1,201
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Block a country?
« Reply #7 on: June 19, 2018, 09:27:31 PM »
Hi,

You can make a try  to the last version of   
  • xtables-addons
  • xtables-addons-kmod
  • smeserver-xt_geoip
in http://repos.misouk.com/Sme_Server/6/repoview/

I use that on two servers of mine for several months. There are regularly "GeoIP BAN" in their iptables log.
smeserver-xt_geoip  is a panel in server-manager
   mab974,

1 would you mind if we import your work in smecontribs ?

2 would you like to help maintaining it directly there and get accesses to do so ?

Offline ReetP

  • *
  • 1,772
Re: Block a country?
« Reply #8 on: June 19, 2018, 10:36:38 PM »
Note that anything using perl-GeoIP and Maxmind v1 databases is effectively EOL due to Maxmind pulling suport on the v1 databases.

Look for something that supports perl-GeoIP2.

See my work on smeserver-geoip for details.

If I get 5 minutes I'll take a look myself.

Also, turning your production server into a build environment is never a great idea. Use a test VM, or roll your own build server as per the wiki.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: Block a country?
« Reply #9 on: June 20, 2018, 07:24:35 AM »
   
1 would you mind if we import your work in smecontribs ?

2 would you like to help maintaining it directly there and get accesses to do so ?

you can import everything, there is no problem and I could try to maintain it with a little help in the beginning of course.

Note that anything using perl-GeoIP and Maxmind v1 databases is effectively EOL due to Maxmind pulling suport on the v1 databases.

Also, turning your production server into a build environment is never a great idea. Use a test VM, or roll your own build server as per the wiki.

I actually use test vm and build server and my production servers are free of dev tools.
I'll take a look at the database version problem soon.

Offline ReetP

  • *
  • 1,772
Re: Block a country?
« Reply #10 on: June 20, 2018, 08:13:27 AM »
you can import everything, there is no problem and I could try to maintain it with a little help in the beginning of course.

That's awesome !! We can help you there.

We can pull the src rpms direct to buildsys and show you how to patch etc. JPP will need to sort you out buildsys access.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 1,772
Re: Block a country?
« Reply #11 on: June 20, 2018, 09:03:13 PM »
Been having a quick look at this.

Can't see that xtables supports the new v2 DB format (could be wrong here)

Another approach might be using something like this, and combined with say fail2ban?

https://aur.archlinux.org/packages/geoipmarker/

Except the git repo seems to have been removed !!

Can't do much more from my phone right now.

Anyone else see anything around?

We can import the @mab974 rpms, but if xtables isn't updated soon it will become redundant. (I didn't notice a bug on this, though there may be one)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: Block a country?
« Reply #12 on: June 21, 2018, 02:06:47 PM »
Fantastic news. Thanks guys for picking up on this, I await with baited breath! Seems now I need a russian bride, as they are having a go at me now.

Best wishes Paul
Infamy, Infamy, they all have it in for me!

Offline ReetP

  • *
  • 1,772
Re: Block a country?
« Reply #13 on: June 21, 2018, 03:55:16 PM »
OK, it seems that Maxmind do supply CSV files here

https://dev.maxmind.com/geoip/geoip2/geolite2/

So technically the xtables addons could be updated to use these URLs and CSVs ?

I probably need to get hold of one of the old CSV files and compare the data
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 1,772
Re: Block a country?
« Reply #14 on: June 21, 2018, 04:07:59 PM »
OK, just took a look. Going to be fun....

Here's the 'v1' zip

wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip

Now, that has a CSv file that seems to be in this format

Start IP - End IP - Two columns I think are the Decimal Start/Finish - Country Code - Country Name

e.g.

"1.0.0.0","1.0.0.255","16777216","16777471","AU","Australia"
"1.0.1.0","1.0.3.255","16777472","16778239","CN","China"
"1.0.4.0","1.0.7.255","16778240","16779263","AU","Australia"
"1.0.8.0","1.0.15.255","16779264","16781311","CN","China"
"1.0.16.0","1.0.31.255","16781312","16785407","JP","Japan"

"223.255.224.0","223.255.231.255","3758088192","3758090239","ID","Indonesia"
"223.255.232.0","223.255.235.255","3758090240","3758091263","AU","Australia"
"223.255.236.0","223.255.239.255","3758091264","3758092287","CN","China"
"223.255.240.0","223.255.243.255","3758092288","3758093311","HK","Hong Kong"
"223.255.244.0","223.255.247.255","3758093312","3758094335","IN","India"
"223.255.248.0","223.255.251.255","3758094336","3758095359","HK","Hong Kong"
"223.255.252.0","223.255.253.255","3758095360","3758095871","CN","China"


Now, the v2 DBs are trickier as they are split in to two files, one referrring to the other

network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider

1.0.0.0/24   2077456   2077456      0   0
1.0.1.0/24   1814991   1814991      0   0

The second file has a lookup for the geonam_id

geoname_id,locale_code,continent_code,continent_name,country_iso_code,country_name,is_in_european_union
49518   en   AF   Africa   RW   Rwanda   0
51537   en   AF   Africa   SO   Somalia   0
69543   en   AS   Asia   YE   Yemen   0

It is perfectly possible to script something to meld the two together.

Just wondering of there is an easier way !

Any thoughts appreciated.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation