Stefan Schantl

Testing version for GeoIP based firewall rules available
by Stefan Schantl, March 12, 2015

Hello folks,

some time has passed since my last post regarding the GeoIP support for IPFire. In the meantime the funding on the IPFire wishlist hit its goal. Big thanks to all contributors!

For all of you who are desperately waiting for this feature being implemented, there is exciting news:

A test version is available!

Development has finished and first tests have been done. Some minor bugs where found and have been fixed. To get this new feature upstream and shipped with one of the next Core Updates there is still a lot more testing required. Therefore I need the help of the IPFire community.

Getting started

Joining the testing team is a pretty simple task. At first I suggest to everyone to subscribe to the development mailing list to get informed about updated test versions, share experience or simple to get noticed about future developments.

Please follow the next instructions to install the test version:

As an alternative to prevent a reboot, the firewall can be restarted with /etc/init.d/firewall restart and the databases can be manually downloaded by executing xt_geoip_update.

Usage

After reboot just get back into the web user interface. You will find a new menu entry in the “Firewall” section called “GeoIP-block” which can be used for a fast and easy blocking of incoming traffic from certain countries.



The “Firewall Groups” section has been enhanced to allow creating groups of countries. These groups or even single countries can be used while creating any kind of individual firewall rules on your system.



As usual please send your feedback to our development mailinglist and file any kind of bugs on our bugtracker.


Posted: March 12, 2015 • 2194 views