Skip to content

v0.6.0
Compare
Choose a tag to compare
@friendly-bits friendly-bits released this 07 Nov 23:33
· 47 commits to main since this release
v0.6.0
4da555f

This release is a pretty big one. The most important change is complete implementation of outbound geoblocking. This required so many changes that almost all main scripts have been at least partially rewritten, same for the large library scripts.

Lots of other changes to the code have been made in order to make the logic more straightforward where possible and improve performance, in particular in the code handling loading of ip lists into the firewall.

Because the logic which handles arguments processing in the -manage script got too complex, I decided to remove certain features which in my opinion are not very important. Specifically, the add and remove commands have been removed. Changing the country codes can still be done via the command geoip-shell configure -c <country_codes>. This command will trigger all ip lists to be re-fetched, so it is not as fast as the add and remove commands, but then I believe that in the vast majority of cases users do not need to change the country codes often. If you feel that this is a major loss, please let me know and I will consider re-implementing these commands.

That said, changing certain configuration options will work much faster with this version. For example, changing the ports would trigger ip lists re-fetch with the older versions. With v0.6.0, as long as ip lists backup is enabled, ipsets are loaded from backup and firewall rules are recreated taking into consideration the options change.

In addition, the -install script no longer accepts any geoblocking configuration options. Now its purpose is purely to install geoip-shell. After installation, it still calls the -manage script which by default starts the interactive setup. All previous configuration options (and then some) are still available via the command geoip-shell configure after installation.

The -manage script now accepts geoblocking direction option (-D <inbound|outbound>) which serves as a modifier for 3 other options: -m <geoblocking_mode>, -c <country_codes> and -p <ports_expression>. The docs have been updated with examples and detailed explanation of how this works. In order to preserve the usage experience of the older versions, I made the direction modifier optional. When it is omitted, the above 3 options work as before, setting configuration for inbound geoblocking. When the -D outbound option is specified, following direction-specific options (-m, -c and -p) set configuration for outbound geoblocking.

Geoblocking mode for each direction can now be set to disable. This will remove all firewall rules and loaded ip sets for that direction. Technically, you can set geoblocking mode to disable for both geoblocking directions - this will disable geoblocking completely. This was already possible with the geoip-shell off command previously. The difference is that geoip-shell off will leave all loaded ip sets and firewall rules intact, except the geoblocking enable rule which gets removed.

When running the interactive setup without the option -D outbound, geoip-shell will not suggest to enable and configure outbound geoblocking. This in order to both preserve the previous usage experience and to prevent users from accidentally blocking the machine from accessing the Internet.

I have tested this version extensively in multiple operating systems and fixed all bugs I could find. However because of the sheer number of changes, there may be more bugs. If you find one, please let me know by opening an issue.

Full Changelog: v0.5.11...v0.6.0

Assets 4
Loading