Koozali.org: home of the SME Server

Block a country?

Offline Drifting

  • ****
  • 431
  • +0/-0
Block a country?
« on: June 19, 2018, 10:45:37 AM »
Was having a quick read of Geo IP and thought what a brilliant idea. And then proceeded to look for one for IP tables. Nothing that I can see?

I am totally brassed off with China trying to get into my little SME box, Fail2Ban works a treat, and I see hundreds per day being blocked (Increased the block time to 24hr) However, think I would be happy to block entire countries. China being one! I can always phone my order through for dinner :-)

Best wishes
Paul.
Infamy, Infamy, they all have it in for me!

Online TerryF

  • grumpy old man
  • *
  • 1,821
  • +6/-0
Re: Block a country?
« Reply #1 on: June 19, 2018, 11:31:20 AM »
Might answer your question:

https://linoxide.com/linux-how-to/block-ips-countries-geoip-addons/

or maybe not having read all the way through it :-(
« Last Edit: June 19, 2018, 11:33:05 AM by TerryF »
--
qui scribit bis legit

Offline Drifting

  • ****
  • 431
  • +0/-0
Re: Block a country?
« Reply #2 on: June 19, 2018, 11:56:26 AM »
Mmmm, never too sure about adding anything that was not standard or a contrib to SME, as my knowledge is not that good, and everyone on here is fantastic at giving help.

Best Wishes
 Paul.
Infamy, Infamy, they all have it in for me!

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Block a country?
« Reply #3 on: June 19, 2018, 04:02:15 PM »
search for this in the forum, one was able to build a rpm for it.
However, I did not found the time to try and import it recently.

search for xtables-addons

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: Block a country?
« Reply #4 on: June 19, 2018, 04:37:20 PM »

Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Block a country?
« Reply #5 on: June 19, 2018, 04:53:01 PM »

Offline mab974

  • *
  • 84
  • +1/-0
Re: Block a country?
« Reply #6 on: June 19, 2018, 07:43:42 PM »
Hi,

I wasmore refering to this one : https://forums.contribs.org/index.php/topic,53129.msg276659.html#msg276659

You can make a try  to the last version of   
  • xtables-addons
  • xtables-addons-kmod
  • smeserver-xt_geoip
in http://repos.misouk.com/Sme_Server/6/repoview/

I use that on two servers of mine for several months. There are regularly "GeoIP BAN" in their iptables log.
smeserver-xt_geoip  is a panel in server-manager


Offline Jean-Philippe Pialasse

  • *
  • 2,747
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: Block a country?
« Reply #7 on: June 19, 2018, 09:27:31 PM »
Hi,

You can make a try  to the last version of   
  • xtables-addons
  • xtables-addons-kmod
  • smeserver-xt_geoip
in http://repos.misouk.com/Sme_Server/6/repoview/

I use that on two servers of mine for several months. There are regularly "GeoIP BAN" in their iptables log.
smeserver-xt_geoip  is a panel in server-manager
   mab974,

1 would you mind if we import your work in smecontribs ?

2 would you like to help maintaining it directly there and get accesses to do so ?

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #8 on: June 19, 2018, 10:36:38 PM »
Note that anything using perl-GeoIP and Maxmind v1 databases is effectively EOL due to Maxmind pulling suport on the v1 databases.

Look for something that supports perl-GeoIP2.

See my work on smeserver-geoip for details.

If I get 5 minutes I'll take a look myself.

Also, turning your production server into a build environment is never a great idea. Use a test VM, or roll your own build server as per the wiki.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mab974

  • *
  • 84
  • +1/-0
Re: Block a country?
« Reply #9 on: June 20, 2018, 07:24:35 AM »
   
1 would you mind if we import your work in smecontribs ?

2 would you like to help maintaining it directly there and get accesses to do so ?

you can import everything, there is no problem and I could try to maintain it with a little help in the beginning of course.

Note that anything using perl-GeoIP and Maxmind v1 databases is effectively EOL due to Maxmind pulling suport on the v1 databases.

Also, turning your production server into a build environment is never a great idea. Use a test VM, or roll your own build server as per the wiki.

I actually use test vm and build server and my production servers are free of dev tools.
I'll take a look at the database version problem soon.

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #10 on: June 20, 2018, 08:13:27 AM »
you can import everything, there is no problem and I could try to maintain it with a little help in the beginning of course.

That's awesome !! We can help you there.

We can pull the src rpms direct to buildsys and show you how to patch etc. JPP will need to sort you out buildsys access.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #11 on: June 20, 2018, 09:03:13 PM »
Been having a quick look at this.

Can't see that xtables supports the new v2 DB format (could be wrong here)

Another approach might be using something like this, and combined with say fail2ban?

https://aur.archlinux.org/packages/geoipmarker/

Except the git repo seems to have been removed !!

Can't do much more from my phone right now.

Anyone else see anything around?

We can import the @mab974 rpms, but if xtables isn't updated soon it will become redundant. (I didn't notice a bug on this, though there may be one)
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline Drifting

  • ****
  • 431
  • +0/-0
Re: Block a country?
« Reply #12 on: June 21, 2018, 02:06:47 PM »
Fantastic news. Thanks guys for picking up on this, I await with baited breath! Seems now I need a russian bride, as they are having a go at me now.

Best wishes Paul
Infamy, Infamy, they all have it in for me!

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #13 on: June 21, 2018, 03:55:16 PM »
OK, it seems that Maxmind do supply CSV files here

https://dev.maxmind.com/geoip/geoip2/geolite2/

So technically the xtables addons could be updated to use these URLs and CSVs ?

I probably need to get hold of one of the old CSV files and compare the data
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #14 on: June 21, 2018, 04:07:59 PM »
OK, just took a look. Going to be fun....

Here's the 'v1' zip

wget http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip

Now, that has a CSv file that seems to be in this format

Start IP - End IP - Two columns I think are the Decimal Start/Finish - Country Code - Country Name

e.g.

"1.0.0.0","1.0.0.255","16777216","16777471","AU","Australia"
"1.0.1.0","1.0.3.255","16777472","16778239","CN","China"
"1.0.4.0","1.0.7.255","16778240","16779263","AU","Australia"
"1.0.8.0","1.0.15.255","16779264","16781311","CN","China"
"1.0.16.0","1.0.31.255","16781312","16785407","JP","Japan"

"223.255.224.0","223.255.231.255","3758088192","3758090239","ID","Indonesia"
"223.255.232.0","223.255.235.255","3758090240","3758091263","AU","Australia"
"223.255.236.0","223.255.239.255","3758091264","3758092287","CN","China"
"223.255.240.0","223.255.243.255","3758092288","3758093311","HK","Hong Kong"
"223.255.244.0","223.255.247.255","3758093312","3758094335","IN","India"
"223.255.248.0","223.255.251.255","3758094336","3758095359","HK","Hong Kong"
"223.255.252.0","223.255.253.255","3758095360","3758095871","CN","China"


Now, the v2 DBs are trickier as they are split in to two files, one referrring to the other

network,geoname_id,registered_country_geoname_id,represented_country_geoname_id,is_anonymous_proxy,is_satellite_provider

1.0.0.0/24   2077456   2077456      0   0
1.0.1.0/24   1814991   1814991      0   0

The second file has a lookup for the geonam_id

geoname_id,locale_code,continent_code,continent_name,country_iso_code,country_name,is_in_european_union
49518   en   AF   Africa   RW   Rwanda   0
51537   en   AF   Africa   SO   Somalia   0
69543   en   AS   Asia   YE   Yemen   0

It is perfectly possible to script something to meld the two together.

Just wondering of there is an easier way !

Any thoughts appreciated.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #15 on: June 21, 2018, 04:43:29 PM »
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mab974

  • *
  • 84
  • +1/-0
Re: Block a country?
« Reply #16 on: June 21, 2018, 07:30:38 PM »
Something already exists for xtables-addons : (download and build)

https://sourceforge.net/p/xtables-addons/xtables-addons/ci/256ac1a4f6fe8db66031948c80fb066de5695a6e/

not tested yet ....

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #17 on: June 21, 2018, 07:53:30 PM »
Good spot.

I'll check... perl-GeoiIP2 for smeserver-geoip drags in loads of deps so it will probably work.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #18 on: June 23, 2018, 11:39:05 PM »
FYI perl-Net-CIDR-Lite is in the openfusion repo.

So the patches ahould work if added to the rpm.

I'll have a look when I get a minute
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline mab974

  • *
  • 84
  • +1/-0
Re: Block a country?
« Reply #19 on: June 30, 2018, 08:20:37 PM »
New versions using GeoLite2 database are available for : 

    xtables-addons
    xtables-addons-kmod
    smeserver-xt_geoip

in http://repos.misouk.com/Sme_Testing/6/repoview/

Note that smedev repo is now required for Perl-Socket  package. (--enablerepo=smedev)
Of course your feedbacks are welcome.



Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #20 on: July 01, 2018, 12:05:47 AM »
Fantastic !!

Sorry. I'm away on business and had a boat load on at work.

Back in a week and will see if we can get this into the contribs repo.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #21 on: August 17, 2018, 08:54:27 PM »
Reminder to myself reallt.

I've not forgotten about this. Just waylaid with real life crap !!

I'm also stuck on importing new rpms (I can do an update to an existing one but buildsys is not playing with new). I'm liaising with JPP on this as I have some other stuff to add.

Keep you posted.
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #22 on: February 07, 2019, 01:03:41 PM »
FYI Jean Phillipe has started importing these rpms to the smecontribs repo.

I'll post a link when it is finished
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: Block a country?
« Reply #23 on: February 21, 2019, 09:55:10 PM »
As if by magic:

https://forums.contribs.org/index.php/topic,53917.0.html

Original build and kudos to mab974 and Jean Philippe for pulling it into contribs.

That'll keep a lot of the pesky buggers out.

...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline JeanFowler

  • 2
  • +0/-0
Re: Block a country?
« Reply #24 on: September 23, 2019, 09:26:56 PM »
Well, may be your IP is rather suspected? By anybody else.