Xtables-addons issues with MaxMind GeoLite2
If you are using xtables-addons to block countries with iptables probably you notice that commands like xt_geoip_dl and xt_geoip_build are no longer working these days. This is because MaxMind dropped the support for GeoIP Free in January 2019 (.dat and .csv). Everyone should switch to GeoLite2. As they are these commands won't work with GeoLite2. I managed to find a temporary solution if anyone is interested here it is:
1) Go to https://packages.debian.org/buster/xtables-addons-common. This is xtables-addons-common v3.2-1 package for Debian Buster. Download from the right the file named xtables-addons_3.2.orig.tar.xz.
2) Go to /usr/lib/xtables-addons then rename files xt_geoip_dl and xt_geoip_build (e.g. xt_geoip_dl.original).
3) Go to downloaded archive and take from it the files xt_geoip and xt_geoip_build then copy to /usr/lib/xtables-addons. Make them both executable chmod u+x *.
4) Install the following packages libtext-csv-xs-perl and libnet-cidr-lite-perl.
5) Create the following script named xt_geoip.sh in the same directory and make it executable:
#!/bin/bash
# remove previous GeoLite2 Country Databases
rm /usr/share/xt_geoip/{BE,LE} -rf
# create folders GeoLite2 Country Databases
mkdir /usr/share/xt_geoip/{BE,LE}
# download GeoLite2 Country Databases
/usr/lib/xtables-addons/xt_geoip_dl
# build copy GeoLite2 Country Databases
cd /usr/lib/xtables-addons/GeoLite2-Country-CSV_*
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/BE *.csv
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/LE *.csv
# remove download GeoLite2 Country Database
rm /usr/lib/xtables-addons/GeoLite2-Country-CSV_* -rf
6) Run the script ./xt_geoip.sh. It will do the hard job. You will get two folders named BE and LE in /usr/share/xt_geoip with the latest GeoLite2 Country Database converted in the old format.
Bonus: You can create a cron job once a month for the script mentioned in step 6 to get a fresh MaxMind country database.
I tested the solution before posting blocking my country. WARNING: Don't do this by yourselves if you do not have VNC access to your server! You can test a country by using a proxy server in your browser.
All my appreciation to the XTables developers for creating a new xt_geoip_build version. I hope they will offer the version to the stable repository and anyone could update the package to version 3.
If they read this post please solve the issues with xt_geoip_build command. For example using xt_geoip_dl you will get a sub-directory with all csv's inside. This is a completely different behavior than original script. Then xt_geoip_build is not creating BE and LE folders in /usr/share/xt_geoip even you use options like "-D /usr/share/xt_geoip" or "-D /usr/share/xt_geoip/{BE,LE}". Also xt_geoip_build doesn't know the csv files are in a sub-directory, you have to run the command in this sub-directory. My script is solving all these issues.
P.S. Sorry for the tags I picked up. I didn't have the reputation to add my own xtables-addons geolite2.
iptables
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
add a comment |
If you are using xtables-addons to block countries with iptables probably you notice that commands like xt_geoip_dl and xt_geoip_build are no longer working these days. This is because MaxMind dropped the support for GeoIP Free in January 2019 (.dat and .csv). Everyone should switch to GeoLite2. As they are these commands won't work with GeoLite2. I managed to find a temporary solution if anyone is interested here it is:
1) Go to https://packages.debian.org/buster/xtables-addons-common. This is xtables-addons-common v3.2-1 package for Debian Buster. Download from the right the file named xtables-addons_3.2.orig.tar.xz.
2) Go to /usr/lib/xtables-addons then rename files xt_geoip_dl and xt_geoip_build (e.g. xt_geoip_dl.original).
3) Go to downloaded archive and take from it the files xt_geoip and xt_geoip_build then copy to /usr/lib/xtables-addons. Make them both executable chmod u+x *.
4) Install the following packages libtext-csv-xs-perl and libnet-cidr-lite-perl.
5) Create the following script named xt_geoip.sh in the same directory and make it executable:
#!/bin/bash
# remove previous GeoLite2 Country Databases
rm /usr/share/xt_geoip/{BE,LE} -rf
# create folders GeoLite2 Country Databases
mkdir /usr/share/xt_geoip/{BE,LE}
# download GeoLite2 Country Databases
/usr/lib/xtables-addons/xt_geoip_dl
# build copy GeoLite2 Country Databases
cd /usr/lib/xtables-addons/GeoLite2-Country-CSV_*
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/BE *.csv
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/LE *.csv
# remove download GeoLite2 Country Database
rm /usr/lib/xtables-addons/GeoLite2-Country-CSV_* -rf
6) Run the script ./xt_geoip.sh. It will do the hard job. You will get two folders named BE and LE in /usr/share/xt_geoip with the latest GeoLite2 Country Database converted in the old format.
Bonus: You can create a cron job once a month for the script mentioned in step 6 to get a fresh MaxMind country database.
I tested the solution before posting blocking my country. WARNING: Don't do this by yourselves if you do not have VNC access to your server! You can test a country by using a proxy server in your browser.
All my appreciation to the XTables developers for creating a new xt_geoip_build version. I hope they will offer the version to the stable repository and anyone could update the package to version 3.
If they read this post please solve the issues with xt_geoip_build command. For example using xt_geoip_dl you will get a sub-directory with all csv's inside. This is a completely different behavior than original script. Then xt_geoip_build is not creating BE and LE folders in /usr/share/xt_geoip even you use options like "-D /usr/share/xt_geoip" or "-D /usr/share/xt_geoip/{BE,LE}". Also xt_geoip_build doesn't know the csv files are in a sub-directory, you have to run the command in this sub-directory. My script is solving all these issues.
P.S. Sorry for the tags I picked up. I didn't have the reputation to add my own xtables-addons geolite2.
iptables
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
add a comment |
If you are using xtables-addons to block countries with iptables probably you notice that commands like xt_geoip_dl and xt_geoip_build are no longer working these days. This is because MaxMind dropped the support for GeoIP Free in January 2019 (.dat and .csv). Everyone should switch to GeoLite2. As they are these commands won't work with GeoLite2. I managed to find a temporary solution if anyone is interested here it is:
1) Go to https://packages.debian.org/buster/xtables-addons-common. This is xtables-addons-common v3.2-1 package for Debian Buster. Download from the right the file named xtables-addons_3.2.orig.tar.xz.
2) Go to /usr/lib/xtables-addons then rename files xt_geoip_dl and xt_geoip_build (e.g. xt_geoip_dl.original).
3) Go to downloaded archive and take from it the files xt_geoip and xt_geoip_build then copy to /usr/lib/xtables-addons. Make them both executable chmod u+x *.
4) Install the following packages libtext-csv-xs-perl and libnet-cidr-lite-perl.
5) Create the following script named xt_geoip.sh in the same directory and make it executable:
#!/bin/bash
# remove previous GeoLite2 Country Databases
rm /usr/share/xt_geoip/{BE,LE} -rf
# create folders GeoLite2 Country Databases
mkdir /usr/share/xt_geoip/{BE,LE}
# download GeoLite2 Country Databases
/usr/lib/xtables-addons/xt_geoip_dl
# build copy GeoLite2 Country Databases
cd /usr/lib/xtables-addons/GeoLite2-Country-CSV_*
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/BE *.csv
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/LE *.csv
# remove download GeoLite2 Country Database
rm /usr/lib/xtables-addons/GeoLite2-Country-CSV_* -rf
6) Run the script ./xt_geoip.sh. It will do the hard job. You will get two folders named BE and LE in /usr/share/xt_geoip with the latest GeoLite2 Country Database converted in the old format.
Bonus: You can create a cron job once a month for the script mentioned in step 6 to get a fresh MaxMind country database.
I tested the solution before posting blocking my country. WARNING: Don't do this by yourselves if you do not have VNC access to your server! You can test a country by using a proxy server in your browser.
All my appreciation to the XTables developers for creating a new xt_geoip_build version. I hope they will offer the version to the stable repository and anyone could update the package to version 3.
If they read this post please solve the issues with xt_geoip_build command. For example using xt_geoip_dl you will get a sub-directory with all csv's inside. This is a completely different behavior than original script. Then xt_geoip_build is not creating BE and LE folders in /usr/share/xt_geoip even you use options like "-D /usr/share/xt_geoip" or "-D /usr/share/xt_geoip/{BE,LE}". Also xt_geoip_build doesn't know the csv files are in a sub-directory, you have to run the command in this sub-directory. My script is solving all these issues.
P.S. Sorry for the tags I picked up. I didn't have the reputation to add my own xtables-addons geolite2.
iptables
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
If you are using xtables-addons to block countries with iptables probably you notice that commands like xt_geoip_dl and xt_geoip_build are no longer working these days. This is because MaxMind dropped the support for GeoIP Free in January 2019 (.dat and .csv). Everyone should switch to GeoLite2. As they are these commands won't work with GeoLite2. I managed to find a temporary solution if anyone is interested here it is:
1) Go to https://packages.debian.org/buster/xtables-addons-common. This is xtables-addons-common v3.2-1 package for Debian Buster. Download from the right the file named xtables-addons_3.2.orig.tar.xz.
2) Go to /usr/lib/xtables-addons then rename files xt_geoip_dl and xt_geoip_build (e.g. xt_geoip_dl.original).
3) Go to downloaded archive and take from it the files xt_geoip and xt_geoip_build then copy to /usr/lib/xtables-addons. Make them both executable chmod u+x *.
4) Install the following packages libtext-csv-xs-perl and libnet-cidr-lite-perl.
5) Create the following script named xt_geoip.sh in the same directory and make it executable:
#!/bin/bash
# remove previous GeoLite2 Country Databases
rm /usr/share/xt_geoip/{BE,LE} -rf
# create folders GeoLite2 Country Databases
mkdir /usr/share/xt_geoip/{BE,LE}
# download GeoLite2 Country Databases
/usr/lib/xtables-addons/xt_geoip_dl
# build copy GeoLite2 Country Databases
cd /usr/lib/xtables-addons/GeoLite2-Country-CSV_*
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/BE *.csv
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/LE *.csv
# remove download GeoLite2 Country Database
rm /usr/lib/xtables-addons/GeoLite2-Country-CSV_* -rf
6) Run the script ./xt_geoip.sh. It will do the hard job. You will get two folders named BE and LE in /usr/share/xt_geoip with the latest GeoLite2 Country Database converted in the old format.
Bonus: You can create a cron job once a month for the script mentioned in step 6 to get a fresh MaxMind country database.
I tested the solution before posting blocking my country. WARNING: Don't do this by yourselves if you do not have VNC access to your server! You can test a country by using a proxy server in your browser.
All my appreciation to the XTables developers for creating a new xt_geoip_build version. I hope they will offer the version to the stable repository and anyone could update the package to version 3.
If they read this post please solve the issues with xt_geoip_build command. For example using xt_geoip_dl you will get a sub-directory with all csv's inside. This is a completely different behavior than original script. Then xt_geoip_build is not creating BE and LE folders in /usr/share/xt_geoip even you use options like "-D /usr/share/xt_geoip" or "-D /usr/share/xt_geoip/{BE,LE}". Also xt_geoip_build doesn't know the csv files are in a sub-directory, you have to run the command in this sub-directory. My script is solving all these issues.
P.S. Sorry for the tags I picked up. I didn't have the reputation to add my own xtables-addons geolite2.
iptables
iptables
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
asked Feb 12 at 13:33
ADDISON74ADDISON74
1011
1011
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1117669%2fxtables-addons-issues-with-maxmind-geolite2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1117669%2fxtables-addons-issues-with-maxmind-geolite2%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
