Gentoo Archives: gentoo-security

From: Brian Micek <bmicek@×××××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] If your interested
Date: Mon, 10 Oct 2005 06:52:40
Message-Id: 1128926851.25181.75.camel@localhost.localdomain
In Reply to: Re: [gentoo-security] If your interested by Dave Strydom
Does anyone have a grasp on what the geolocarion data is for the
iptables country code option?
Thanks,
Brian 

On Mon, 2005-10-10 at 08:06 +0200, Dave Strydom wrote:

> It's part of the iptables patch-o-matic > > http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/ > > It's a little mission to install it, but it's worth it and makes > blocking stuff a hell of a lot eaiser. > > > download the latest patch-o-matic-ng-XXXXXX.tar.gz > add extensions to your /etc/make.conf USE flags > > ---------------------- > cd /usr/src > tar -xvjpf iptables-1.3.2.tar.bz2 > mv iptables-1.3.2 iptables > tar xfz patch-o-matic-ng-XXXXXX.tar.gz > cd patch-o-matic-ng > IPTABLES_DIR=/usr/src/iptables KERNEL_DIR=/usr/src/linux ./runme geoip > ------------------------ > > Then recompile your kernel with the geoip support (it will be in your > iptables section of the kernel at the bottom) > Reboot to use the new kernel > > ------------------------ > cd /usr/src > mv iptables iptables-1.3.2 > tar -cvjpf iptables-1.3.2.tar.bz2 iptables-1.3.2 > mv iptables-1.3.2.tar.bz2 /usr/portage/distfiles/ > cd /usr/portage/net-firewall/iptables > ebuild iptables-1.3.2.ebuild digest > emerge iptables > ------------------------ > > and thats it, some examples on how to use it can be found here: > > http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO-3.html > > > I found this patch very VERY useful for our mail server, in South > Africa, bandwidth is expensive.. very expensive, by happy if you have > a 10MB connection, since 64K international bandwidth costs about R6000 > ($950) per/month (thats per 64K chuck of bandwidth) Local bandwidth is > around R700 ($110) per 64K chunk. > So the problem we had was that all incoming mail from overseas was > clogging up our international bandwidth, so by using this geoip patch > i have this in my firewall: > > $IPTABLES -A INPUT -p tcp -m geoip ! --src-cc ZA --dport 25 -j REJECT > > In effect, this would stop any and all international mail servers > outside of south africa from connecting to mine. > > So what happens to all international mail? well simple, you add two MX > records (mail records) for each domain. > > so like: > > whatever.com IN MX 10 smtp.whatever.com. > IN MX 20 smtp2.whatever.com. > > Because all mail fails to connect to the MX 10, it will fallback onto > the MX 20. > > This way i am about to virus and spam scan all international mail > overseas, and then I forward on only the clean messages (you can > either open a hole in your firewall to allow this server to connect, > or setup a vpn between them) > > ---------------------------------------------------------------------------------------- > > > > On 10/10/05, Elisamuel Resto <user00265@×××××.com> wrote: > > I just wonder where this patch resides? and for which version > what version it applies and such... I saw it in a earlier post > but it got lost somewhere in my inbox. Anybody care to post > it? > > Thanks. > > > On 10/10/05, Dave Strydom <strydom.dave@×××××.com> wrote: > > I think there is an easier way of doing this... > > Why not use the GEOIP IPTABLES patch and then just use > this in your firewall: > > ----------------------------------------------------------------------------------------- > $IPTABLES -A INPUT -p tcp -m geoip --src-cc CN -j DROP > $IPTABLES -A INPUT -p tcp -m geoip --src-cc KR -j DROP > $IPTABLES -A INPUT -p tcp -m geoip --src-cc TW -j DROP > $IPTABLES -A INPUT -p tcp -m geoip --src-cc HK -j DROP > ----------------------------------------------------------------------------------------- > > This way you have 4 simple rules which do the work of > that entire script. > > > On 10/10/05, Taka John Brunkhorst <antiwmac@×××××.com> > wrote: > > nice but why do we need to block them? > ssh worms? or just lamers? > > -- > antiwmac@×××××.com > Taka John Brunkhorst > > > > > > >

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] If your interested Tobias Sager <moixa@×××.ch>