Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[MaxMind] error when -f iptables arg used #15

Closed
rdica opened this issue Dec 22, 2021 · 1 comment · Fixed by #17
Closed

[MaxMind] error when -f iptables arg used #15

rdica opened this issue Dec 22, 2021 · 1 comment · Fixed by #17
Labels
bug Something isn't working

Comments

@rdica
Copy link

rdica commented Dec 22, 2021

Hi, I get the following error when attempting to generate ipsets only:

geoipsets -o /tmp -f iptables -p maxmind
Building geoipsets...
Traceback (most recent call last):
  File "/usr/local/bin/geoipsets", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.9/site-packages/geoipsets/__main__.py", line 170, in main
    mmp.generate()
  File "/usr/local/lib/python3.9/site-packages/geoipsets/maxmind.py", line 41, in generate
    self.build_sets(cc_map, zip_ref, zip_dir_prefix, utils.AddressFamily.IPV4)
  File "/usr/local/lib/python3.9/site-packages/geoipsets/maxmind.py", line 181, in build_sets
    for nf_set_file in nftset_dir.iterdir():
  File "/usr/lib64/python3.9/pathlib.py", line 1160, in iterdir
    for name in self._accessor.listdir(self):
FileNotFoundError: [Errno 2] No such file or directory: '/tmp/geoipsets/maxmind/nftset/ipv4'

Here is my /etc/geoipsets.conf:

[general]
# list of providers from which to acquire IP ranges
# options are:
# 'maxmind': www.maxmind.com
# 'dbip': https://db-ip.com/ (default)
provider=maxmind

# list of firewalls to build sets for
# valid values are: 'iptables', 'nftables'
# iptables: builds 'ipset' compatible sets
# nftables: builds nftables compatible sets
# if the property doesn't exist, or exists but is empty, nftables sets are generated (default)
firewall=nftables

# list of IP protocols to build sets for
# valid values are: 'ipv4', 'ipv6'
# if the property doesn't exist or exists, but is empty, ipv4 sets will be generated (default)
address-family=ipv4,ipv6

# specify which countries to build sets for
# countries are specified using the 2-character country codes, one per line
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2
# if section doesn't exist, or exists but is empty, sets for all countries will be generated (default)
[countries]
RU
CN

[maxmind]
# specify MaxMind license key needed to download data
# required for provider type 'maxmind', ignored by other provider types
license-key=OBSCURED

I've tried all combinations of firewall= including commenting it out as well.
geoipsets -o /tmp -f nftables -p maxmind works.
geoipsets -o /tmp -f {nftables,iptables} -p maxmind works.

python -V
Python 3.9.9

pip -V
pip 21.0.1 from /usr/lib/python3.9/site-packages/pip (python 3.9)

geoipsets -v
geoipsets 2.2.5

ls -Rl /tmp/geoipsets
/tmp/geoipsets:
total 0
drwxr-xr-x 3 root root 60 Dec 22 10:14 maxmind

/tmp/geoipsets/maxmind:
total 0
drwxr-xr-x 3 root root 60 Dec 22 10:14 ipset

/tmp/geoipsets/maxmind/ipset:
total 0
drwxr-xr-x 2 root root 100 Dec 22 10:14 ipv4

/tmp/geoipsets/maxmind/ipset/ipv4:
total 1252
-rw-r--r-- 1 root root 276596 Dec 22 10:14 CN.ipv4
-rw-r--r-- 1 root root 445514 Dec 22 10:14 RU.ipv4

Running this on Fedora server 34. If you need additional information please let me know, thanks.
@chr0mag
Copy link
Owner

chr0mag commented Dec 23, 2021

Hi @rdica - thanks for logging this bug. I am able to reproduce it on my system. I'll be cutting a new release this week to enable Python 3.10 support and will include a fix for this in that release.

@chr0mag chr0mag changed the title error when -f iptables arg used [MaxMind] error when -f iptables arg used Dec 23, 2021
chr0mag pushed a commit that referenced this issue Dec 23, 2021
Check prior to adding closing paren to nft sets
8ceda5b 
The MaxMind provider blindly attempts to loop through all nftables
set files and add a closing parenthesis even when no nftables sets
were requested by the configration.

Fixes #15
@chr0mag chr0mag mentioned this issue Dec 23, 2021
Merged
@chr0mag chr0mag added the bug Something isn't working label Dec 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Python 3.10 support chr0mag/geoipsets
2 participants
@rdica @chr0mag