suse@a-domani.nl wrote:
On 2017-04-12 18:34, Per Jessen wrote:
suse@a-domani.nl wrote:
Dear all,
I have a question about
security:/netfilter/openSUSE_Leap_42.2/noarch/xtables-geoip-2016.09-71.2.noarch.rpm
In my firewall I examine all unexpected traffic, there for I end added lines for all existing countries, like: iptables -A CC -m geoip --src-cc AD -j LOG --log-prefix " CC=Andorra " iptables -A CC -m geoip --src-cc AD -j DROP
I have likewise 250 lines, but still I've got some uncaught lines. Does that mean there are "other countries", or that there are subnets not defined within the package xtables-geoip-2016.09-71.2.noarch.rpm
In twelve hours, I got 232 different IPv4 adresses, that xtables-geoip does not recognize.
Yes, that is due to incorrect or missing whois information for the subnets involved. Or that wherever xtables gets the information is flawed or outdated.
Hi Per,
As no-one else responded, it seems that this knowledge is not wide spread (one way of looking at it :-)
Hi Hans xtables-geoip is a collection of tables mapping IP addresses to country codes. They will always be incomplete, there are for instance some legacy IP ranges that simply don't have countrycodes. Others have missing information, and others change. Free IP-ranges are distributed back to the RIRs who can allocate them again. In Leap422, xtables-geoip is dated 30 Sep 2016, it's just too old. It needs a monthly update at least.
But is this something that (end-)users could/should take care of?
I would expect xtables-geoip to have some sort of regular update mechanism and maybe a way for the end user to add local modifications.
Or, as it resides under "security", is this restricted to a few people upstream?
Looking at OBS: https://build.opensuse.org/package/show/security:netfilter/xtables-geoip everything is quite old. According to the spec file, the geo data is from Maxmind: http://dev.maxmind.com/geoip/legacy/geolite/ and it's updated every month. There is even an update script: http://dev.maxmind.com/geoip/geoipupdate/ To fix your problem locally, grab the latest database and rebuild your local files or update the package with a newer database and get it published as an update. -- Per Jessen, Zürich (8.9°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org