|
3 | 3 | Python script that generates .nft files with mappings between IP addresses |
4 | 4 | and its geolocation, so you can include them inside your rules. |
5 | 5 |
|
| 6 | + |
6 | 7 | # Requirements |
7 | 8 |
|
| 9 | +Minimum python version: **3.9** |
| 10 | + |
8 | 11 | Package used that are not present in the Python Standard Library |
9 | 12 |
|
10 | 13 | - `requests` |
11 | 14 |
|
| 15 | + |
12 | 16 | # Usage example |
13 | 17 |
|
14 | 18 | To generate ipv4 and ipv6 mappings, download geoip data from db-ip.com |
@@ -40,6 +44,28 @@ drwxr-xr-x 5 foobar foobar 4,0K ene 4 19:38 .. |
40 | 44 | * geoip-ipv4.nft defines geoip4 map (@geoip4) |
41 | 45 | * geoip-ipv6.nft defines geoip6 map (@geoip6) |
42 | 46 |
|
| 47 | +## Creating a country filtered subset for `geoip-*.nft` files |
| 48 | + |
| 49 | +If you don't want the whole geoip map (including all countries) you can filter |
| 50 | +by country using the `-c/--country-filter` parameter. This parameter enables |
| 51 | +the creation of the additional files: |
| 52 | + |
| 53 | +- geoip-ipv4-interesting.nft |
| 54 | +- geoip-ipv6-interesting.nft |
| 55 | + |
| 56 | +These files will contain nft maps with addresses related to the specified |
| 57 | +countries only. |
| 58 | + |
| 59 | +For example, to generate a Spanish, French and Portuguese only subset: |
| 60 | + |
| 61 | +``` |
| 62 | +./nft_geoip.py --download -c es,fr,pt |
| 63 | +... |
| 64 | +Found countries: {'france': 'fr', 'spain': 'es'} |
| 65 | +Writing interesting countries file... |
| 66 | +Done! |
| 67 | +``` |
| 68 | + |
43 | 69 | ## Marking packets to its corresponding country |
44 | 70 |
|
45 | 71 | Most importantly, using the maps you mark ipv4 and ipv6 packets with |
@@ -121,6 +147,48 @@ nft delete table geoip |
121 | 147 | nft -f /etc/geoip.nft |
122 | 148 | ``` |
123 | 149 |
|
| 150 | +## Example: Counting incoming Spanish traffic (using smaller geoip map files) |
| 151 | + |
| 152 | +Use the `-c/--country-filter` parameter to generate the additional files: |
| 153 | + |
| 154 | +- `geoip-ipv4-interesting.nft` |
| 155 | +- `geoip-ipv6-interesting.nft` |
| 156 | + |
| 157 | +For this example the command might look like this (assuming dbip.csv is not |
| 158 | +present): |
| 159 | + |
| 160 | +``` |
| 161 | +$ ./nft_geoip --download -c es |
| 162 | +``` |
| 163 | + |
| 164 | +Create a file, `geoip.nft` (it will be at `/etc/geoip.nft` for this example) |
| 165 | +and use the "interesting" files not the whole geoip maps. |
| 166 | +``` |
| 167 | +#!/usr/sbin/nft -f |
| 168 | +
|
| 169 | +table inet geoip { |
| 170 | + include "geoip-def-all.nft" |
| 171 | + include "geoip-ipv4-interesting.nft" |
| 172 | + include "geoip-ipv6-interesting.nft" |
| 173 | +
|
| 174 | + chain geoip-mark-input { |
| 175 | + type filter hook input priority -1; policy accept; |
| 176 | +
|
| 177 | + meta mark set ip saddr map @geoip4 |
| 178 | + meta mark set ip6 saddr map @geoip6 |
| 179 | + } |
| 180 | +
|
| 181 | + chain input { |
| 182 | + type filter hook input priority 0; policy accept; |
| 183 | +
|
| 184 | + meta mark $ES counter |
| 185 | + } |
| 186 | +} |
| 187 | +``` |
| 188 | +__NOTE:__ You can replace `geoip-def-all.nft` by `geoip-def-europe.nft`, or |
| 189 | +just copy the "define ES = ..." line into your nft file. |
| 190 | + |
| 191 | + |
124 | 192 | # Caveats |
125 | 193 |
|
126 | 194 | __It is not possible to use the country definitions inside an interactive |
|
0 commit comments