Am 11.03.2020 um 22:33 schrieb Vieri Di Paola: > Hi, > > My rules are similar to Witek's, but I have to admit that I too have > seen erroneous IP addr./country matching. I used the latest geoIP2 > databases from Maxmind and xtables-addons. The xt_geoip module might > be faster, but I've decided to move away from it and use ipsets > instead. At least debugging is a lot simpler. I haven't detected any > mismatches since, or so it seems so far. > > You can import/convert Maxmind's databases to ipsets (eg. one ipset > per country if you wish). >
How did you select the ipset contents? Did you use one set per country? Do you have code to share? regards Erich
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
