smecontribs/smeserver-xt_geoip
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Thu Feb 13 2025 John Crisp <jcrisp@safeandsoundit.co.uk> 1.3.1-24.sme

Browse Source 
- move scriptoig back to /usr/share/geoip
- Lose the LE/BE (Little/Big Endian) parts as iptables can't seme to read the file in subdirs
- Update ULOG to NFLOG in rules but restricts the number of countries
This commit is contained in:
John Crisp
2025-02-13 19:14:51 +01:00
parent a9ebb21641
commit 42ce2cced8
6 changed files with 285 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustXt_Geoip
View File

@@ -73,7 +73,7 @@ EOF
if ($port ne '' and $servStatus eq 'enabled' and $servAccess eq 'public' and $locBC ne '') {
push @locPorts, $port;
my $multi = ( $port =~ /[,:]/ )? "-m multiport --dports" : "--dport";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j ULOG --ulog-prefix \"GeoIP BAN: $servName\"\n";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j NFLOG --nflog-prefix \"GeoIP BAN: $servName\"\n";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -m geoip $reverse --src-cc $locBC -p tcp $multi $port -j DROP\n";
}
}
@@ -85,10 +85,10 @@ EOF
@locPorts = () unless $others;
if (@locPorts != 0) {
my $LocPorts = join ',', @locPorts;
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: OTHER\"\n";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j NFLOG --nflog-prefix \"GeoIP BAN: OTHER\"\n";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip -m multiport ! --dports $LocPorts $reverse --src-cc $BC -j DROP\n";
} else {
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j ULOG --ulog-prefix \"GeoIP BAN: ALL\"\n";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j NFLOG --nflog-prefix \"GeoIP BAN: ALL\"\n";
$OUT .= " /sbin/iptables -A \$NEW_XTGeoIP -p tcp -m geoip $reverse --src-cc $BC -j DROP\n";
}
}