Hi list! I'm new to geoip rules with shorewall..
It's an "old" and several-time-upgraded vm: I'm on debian 9 i386 (may this be a problem? should I move to a new and fresh amd64 install?) I installed kernel addons with: apt-get install xtables-addons-common xtables-addons-dkms Now using modprobe xt_geoip module is correctly loaded (returns no output) modprobe xt_geoip I can see it loaded with # lsmod |grep xt_geoip xt_geoip 16384 0 x_tables 20480 21 xt_comment,xt_LOG,xt_multiport,ipt_REJECT,xt_geoip,xt_nat,iptable_mangle,ip_tables,iptable_filter,xt_set,xt_mark,xt_tcpudp,iptable_raw,xt_connmark,xt_limit,xt_recent,xt_addrtype,xt_CT,xt_conntrack,xt_TCPMSS,xt_NFLOG I added a new rule in shorewall/rueles (just as an example): REJECT net:^[RU] dmz:10.0.0.10 But "shorewall check" returns me Checking /etc/shorewall/rules... ERROR: A country-code require GeoIP Match in your kernel and iptables /etc/shorewall/rules (line ) What else am I missing? Thanks for your help! Nick -- +---------------------+ | Linux User #554252 | +---------------------+ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
