On 3/4/2019 11:55 PM, Matt Darfeuille wrote:
On 3/5/2019 6:28 AM, Ryan Joiner wrote:
On 3/4/2019 8:55 PM, Ryan Joiner wrote:
On 3/4/2019 7:41 PM, Ryan Joiner wrote:
Hello there, I see a bunch of documentation on getting shorewall to
work with GeoIP on Debian but I'm not finding much on Redhat. I'm
wondering if there are .rpm packages available for CentOS 7? Or if
there is any good how to out there that you have used and worked well?
I don't use RPM packages!
https://centos.pkgs.org/7/lux/xtables-addons-2.12-1.el7.lux.x86_64.rpm.html
I'm sorry, to be more specific I'm referring to getting xtables-addons
installed. It seems for CentOS 7 I might need to build from source
code but would prefer if there were trusted RPM's out there. I found
some but they won't install due to requiring kmod and I can't find one
that will work as it's dependency.
Thank you!
I'm so sorry for the dumb questions, I'm a newbie at geoip. I instead
created an ipset named "us" and then did a rule in blrules
BLACKLIST:info net:!+us all
and this appears to be working based off my logs.
Is there anything dumb about this vs. using the xt_geoip and
xtables-addons method?
https://serverfault.com/questions/929850/geoip-vs-ipset-performance-in-iptables
"The iptables geoip extension requires a third party kernel module which
may or may not even be available on any given system. But ipset is part
of the kernel. – Michael Hampton♦ Sep 7 '18 at 11:53"
HTH.
-Matt
Thanks for the response. Yep, I tried installing from source and it
would not work. Installed the RPM and was able to get it to install from
the "cheese" repo but the xt_geoip module would not install. I will use
ipset as that seems to be more part of the future.
Thanks
-RyRy
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
