On 9/22/2018 11:29 AM, Nicola Ferrari (#554252) wrote: > Hi list! > > I'm new to geoip rules with shorewall.. > > It's an "old" and several-time-upgraded vm: I'm on debian 9 i386 (may > this be a problem? should I move to a new and fresh amd64 install?) > > I installed kernel addons with: > apt-get install xtables-addons-common xtables-addons-dkms > > Now using modprobe xt_geoip module is correctly loaded (returns no output) > modprobe xt_geoip > > I can see it loaded with > # lsmod |grep xt_geoip > xt_geoip 16384 0 > x_tables 20480 21 > xt_comment,xt_LOG,xt_multiport,ipt_REJECT,xt_geoip,xt_nat,iptable_mangle,ip_tables,iptable_filter,xt_set,xt_mark,xt_tcpudp,iptable_raw,xt_connmark,xt_limit,xt_recent,xt_addrtype,xt_CT,xt_conntrack,xt_TCPMSS,xt_NFLOG > > I added a new rule in shorewall/rueles (just as an example): > REJECT net:^[RU] dmz:10.0.0.10 > > > But "shorewall check" returns me > Checking /etc/shorewall/rules... > ERROR: A country-code require GeoIP Match in your kernel and iptables > /etc/shorewall/rules (line ) > > What else am I missing? >
Have a look here: http://shorewall.org/configuration_file_basics.htm#capabilities -Matt -- Matt Darfeuille _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
