Geographical host protection for Linux
This tool allows you to protect your host/network by preventing communications with unwanted countries (aka geofencing). Furthermore it allows you to specify a list of blacklists that enable you to drop well-known attackers.
You need to install GeoIP libraries, Netfilter Queue, curl and JSONCPP packages in addition to the compiler. For Ubuntu/Debian based systems do:
sudo apt-get install build-essential autoconf automake autogen libmaxminddb-dev libcurl4-openssl-dev libnetfilter-queue-dev libjsoncpp-dev
The tool also needs a GeoIP database that you can obtain from sites such as db-ip or maxmind.
This tool uses NFQUEUE to receive packets from kernel and analyze them in user-space. This means that you need to confiugure the Linux firewall prior to run the application. We provide you a simple configuration file that shows you how to send selected packets to the application for inspection.
You also need to configure a configuration file for your rules. We provide sample_config.json as a configuration example.
Under packages/debian you can build a binary package for easy install on Debian/Ubuntu-based systems.
Supposing the you have configure the firewall as described above, you need to start (as root) the tool as follows
ipt_geofence -c config.json -m dbip-country-lite.mmdb
As only one packet per connection is sent to user-space, you will basically not observe any noticeable performance degradation.