Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ntop/ipt_geofence

Geographical host protection for Linux/FreeBSD
https://github.com/ntop/ipt_geofence

cybersecurity firewall linux netfilter

Last synced: 4 days ago
JSON representation

Geographical host protection for Linux/FreeBSD

Host: GitHub
URL: https://github.com/ntop/ipt_geofence
Owner: ntop
License: agpl-3.0
Created: 2022-02-28T22:56:33.000Z (almost 3 years ago)
Default Branch: main
Last Pushed: 2025-01-02T14:22:22.000Z (20 days ago)
Last Synced: 2025-01-11T21:09:51.419Z (11 days ago)
Topics: cybersecurity, firewall, linux, netfilter
Language: C++
Homepage:
Size: 513 KB
Stars: 109
Watchers: 5
Forks: 16
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# ipt_geofence
Geographical host protection for Linux and FreeBSD

This tool allows you to protect your host/network by preventing communications with unwanted countries (aka geofencing). Furthermore, it allows you to specify a list of blacklists that enable you to drop well-known attackers.

# Prerequisites
You need to install GeoIP libraries, Netfilter Queue, curl and JSONCPP packages in addition to the compiler.

For Ubuntu/Debian based systems do:
``sudo apt-get install build-essential autoconf automake autogen libmaxminddb-dev libcurl4-openssl-dev libnetfilter-queue-dev libjsoncpp-dev``

On FreeBSD
``pkg install -y autoconf automake curl libmaxminddb jsoncpp libzmq4 python3``

The tool also needs a GeoIP database that you can obtain from sites such as [db-ip](https://db-ip.com/db/download/ip-to-country-lite) or [maxmind](https://dev.maxmind.com/geoip/geolite2-free-geolocation-data?lang=en).

# Configuration
This tool uses NFQUEUE to receive packets from kernel and analyze them in user-space. This means that you need to confiugure the Linux firewall prior to run the application. We provide you a [simple configuration file](ipt_config_utils/single_iface.sh) that shows you how to send selected packets to the application for inspection.

You also need to configure a configuration file for your rules. We provide [sample_config.json](sample_config.json) as a configuration example.

# Binary Packages
Under [packages/debian](packages/debian) you can build a binary package for easy install on Debian/Ubuntu-based systems.

# Usage
Supposing the you have configure the firewall as described above, you need to start (as root) the tool as follows

``ipt_geofence -c config.json -m dbip-country-lite.mmdb``

# Performance
On Linux as only one packet per connection is sent to user-space, you will basically not observe any noticeable performance degradation. On FreeBSD instead, all packets have to pas through the application.