howto:network:iptables
Toto je starší verze dokumentu!
iptables
Revert to iptables legacy on Debian
- Rucne zvolit variantu
update-alternatives --config iptables - Revertnout na legacy rezim
update-alternatives --set iptables /usr/sbin/iptables-legacy - Zrusit revert a pouzit Debian default
update-alternatives --auto iptables
GeoIP modul
Nainstalujeme modul xt_geoip
apt-get install iptables-dev xtables-addons-common libtext-csv-xs-perl pkg-config
V adresari /usr/lib/xtables-addons spustime prikaz xt_geoip_dl
./xt_geoip_dl
A potom vytvorime GeoIP databazi
./xt_geoip_build -D /usr/share/xt_geoip/ *.csv
138540 entries total
0 IPv6 ranges for A1 Anonymous Proxy
91 IPv4 ranges for A1 Anonymous Proxy
0 IPv6 ranges for A2 Satellite Provider
337 IPv4 ranges for A2 Satellite Provider
3 IPv6 ranges for AD Andorra
13 IPv4 ranges for AD Andorra
46 IPv6 ranges for AE United Arab Emirates
182 IPv4 ranges for AE United Arab Emirates
14 IPv6 ranges for AF Afghanistan
88 IPv4 ranges for AF Afghanistan
...
Nyni muzeme v iptables pracovat s databazi IP adres:
-A FORWARD -m geoip --src-cc CN -d a.b.c.d/32 -j DROP
Seznam kodu jednotlivych statu nalezneme napr. zde ve wiki
howto/network/iptables.1576847328.txt.gz · Poslední úprava: 2019/12/20 14:08 autor: harvie