Menu
What's new
By:
Filters Better Search

geoip for iptables ?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

Sylphia

Regular Contributor
I'm running Merlin's 376.49_5 firmware on an ac-68u.

Is there geoip support for iptables?
If not, any tutorials for me to build firmware from source code to enable it?

I'm a programmer, but lacks knowledge of linux programming...

Thanks.
 
Anyone familiar with building kernel modules?
I tried, but no luck.( spent me 3 hours to get 378.50 final compiled successfully )

Still,

'iptables -m geoip -h'

gives right help message but when execute something like

'iptables -A INPUT -m geoip --dst-cc US -j RETURN'

fails with no match found with that name. And no geoip module found in
cat /proc/net/ip_tables_matches

I have to add about 5k rules to iptables without geoip, and it takes ~2 minutes to finish that iptables adding script...
 
Sylphia said:
Anyone familiar with building kernel modules?
I tried, but no luck.( spent me 3 hours to get 378.50 final compiled successfully )

Still,

'iptables -m geoip -h'

gives right help message but when execute something like

'iptables -A INPUT -m geoip --dst-cc US -j RETURN'

fails with no match found with that name. And no geoip module found in
cat /proc/net/ip_tables_matches
Click to expand...

In my version of asuswrt-merlin (376.49_5++) the xt_geoip.ko module is included in the flash image, however, the shared library (libipt_geoip.so) that iptables uses to access it is missing, as well as the database. I looked into it a bit, and geoip was commented out in the iptables makefile, so I uncommented it and built a new version and the library was created. I copied the library and the database to the router's /tmp and with a little LD_LIBRARY_PATH hocus-pocus I was able to add geoip rules and they appear to work correctly.

I am going to think a bit about about how to go about making this work out of the box, in a manner of speaking, for my customized version of asuswrt-merlin, as I am currently running geoip rules on all my linux based endpoints, but it would be nice to protect everything behind the firewall.
 
Does this still work, even if a guy were to route his traffic through 7 proxies to visit yor website?
 
You must log in or register to reply here.

Similar threads

brocellous
RT-AC68U 802.11 DSCP QoS issue?
Replies
3
Views
573
brocellous
brocellous
G
Can I use the factory firmware and add custom autorun commands like iptables?
Replies
2
Views
476
gecongjie
G
PaulA
Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP
Replies
2
Views
1K
dacotmeister
D
J
Help/advice needed for accessing GT-AX11000 SMB shares from WSL
Replies
6
Views
454
DJones
D
R
ASUS RT-AX86 Open VPN No LAN Access
Replies
18
Views
1K
Celo
C
Similar threads
Thread starter Title Forum Replies Date
r000t Hardcoded Google DNS IPTABLES rule Asuswrt-Merlin 6
F Understanding IPTABLES - asus ROG ax6000 Asuswrt-Merlin 17
SkierInAvon Asus Merlin - iptables command (not working?) Asuswrt-Merlin 8
v.y.k iptables pkts & bytes numbers are too low on Merlin 3004.388 Asuswrt-Merlin 13
M iptables module rateest - loadbalancing split over Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 616 (members: 19, guests: 597)
Top