Create GeoIP firewall rules for iptables

Create GeoIP firewall rules for iptables

This script creates automatically firewall rules for iptables based on GeoIP informations. This script can be useful if you cannot use or build from source the Xtables addons for iptables.

The script allows you to authorize network trafic on a specific tcp port for a/multiple countr(y/ies). It is exclusive : if a tcp port/country has been defined with this script, only this country subnet address will be able to reach the tcp port.

The script performs these steps :

  • Download the file http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
  • Unzip the file above
  • Check if the country code is valid or not
  • Create an iptables custom chain for each Country Code-TCP port to allow
  • Create a DROP rule in the INPUT chain to drop all traffic that is not defined in the rule above

Country code reference

Script syntax :
Authorize on port TCP 999 only network subnet from XX Country code

 

Authorize on port TCP 999 only network subnet from XX, YY and ZZ Country code

 

Script :

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: