| ISO-3661.xml (shorewall-docs-xml-5.2.7.tar.bz2) | : | ISO-3661.xml (shorewall-docs-xml-5.2.8.tar.bz2) |
|---|
| | |
| skipping to change at line 60 | | skipping to change at line 60 |
|---|
| <para><filename>/etc/shorewall/rules</filename>:</para> | | <para><filename>/etc/shorewall/rules</filename>:</para> |
| | |
| <programlisting> #ACTION SOURCE DEST PROTO
DPORT | | <programlisting> #ACTION SOURCE DEST PROTO
DPORT |
| | |
| ?SECTION NEW | | ?SECTION NEW |
| | |
| DROP:info net:^[A1,A2] dmz tcp 25 | | DROP:info net:^[A1,A2] dmz tcp 25 |
| </programlisting> | | </programlisting> |
| | |
| <para>Using this feature requires the <firstterm>GeoIP Match</firstterm> | | <para>Using this feature requires the <firstterm>GeoIP Match</firstterm> |
|
| capability in your iptables and kernel. As of this writing, that | | capability in your iptables and kernel. That capability requires <ulink |
| capability requires installing <ulink | | url="https://dev.maxmind.com/geoip/geoip2/geolite2/">creating a |
| url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> 1.33 | | |
| or later and <ulink | | |
| url="http://xtables-addons.sourceforge.net/geoip.php">creating a | | |
| country-code database</ulink>.</para> | | country-code database</ulink>.</para> |
| | |
| <para>The Shorewall compiler uses the geoip country-code database to | | <para>The Shorewall compiler uses the geoip country-code database to |
| determine the valid set of two-character alphanumeric country codes. The | | determine the valid set of two-character alphanumeric country codes. The |
| location of that database is currently hard-coded in xtables-addons as | | location of that database is currently hard-coded in xtables-addons as |
| <filename>/usr/share/xt_geoip/</filename>. Within that directory are two | | <filename>/usr/share/xt_geoip/</filename>. Within that directory are two |
| sub-directories:</para> | | sub-directories:</para> |
| | |
| <itemizedlist> | | <itemizedlist> |
| <listitem> | | <listitem> |
| | |
| skipping to change at line 86 | | skipping to change at line 83 |
|---|
| </listitem> | | </listitem> |
| | |
| <listitem> | | <listitem> |
| <para>BE -- contains the big-endian database</para> | | <para>BE -- contains the big-endian database</para> |
| </listitem> | | </listitem> |
| </itemizedlist> | | </itemizedlist> |
| | |
| <para>To accomodate both big-endian and little-endian machines as well as | | <para>To accomodate both big-endian and little-endian machines as well as |
| any future ability to install the database at another location, Shorewall | | any future ability to install the database at another location, Shorewall |
| supports a GEOIPDIR option in <ulink | | supports a GEOIPDIR option in <ulink |
|
| url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink | | url="manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and <ulink |
| url="manpages/shorewall.conf.html">shorewall6.conf</ulink> (5). The | | url="manpages/shorewall.conf.html">shorewall6.conf</ulink>(5). The default |
| default value of that option is | | value of that option is |
| <filename>/usr/share/xt_geoip/LE</filename>.</para> | | <filename>/usr/share/xt_geoip/LE</filename>.</para> |
| | |
|
| | <important> |
| | <para>Recent versions of the country-code database are installed in |
| | <filename>/usr/share/xt_geoip/, regardless of endian convention. This |
| | requires modifying the setting of GEOIPDIR in <ulink |
| | url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink |
| | url="manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</filename>< |
| | /para> |
| | </important> |
| | |
| <para>The country codes at the time of this writing are shown in the | | <para>The country codes at the time of this writing are shown in the |
| following two sections.</para> | | following two sections.</para> |
| </section> | | </section> |
| | |
| <section> | | <section> |
| <title>IPv4</title> | | <title>IPv4</title> |
| | |
| <programlisting> A1 => "Anonymous Proxy" , | | <programlisting> A1 => "Anonymous Proxy" , |
| A2 => "Satellite Provider" , | | A2 => "Satellite Provider" , |
| AD => "Andorra" , | | AD => "Andorra" , |
| | | |
| End of changes. 3 change blocks. |
|---|
| 8 lines changed or deleted | | 14 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 