Anyone using Iptables GEO filtering on Openwrt/LEDE?

Hello,

Is anyone using geoip filtering using iptables on openwrt/Lede. Im looking for some help.

Thanks

Might want to ask this thread to be deleted as you already started a thread on this topic

1 Like

The other thread was asking something specific. This is more of a question for everyone.
Seriously though, i understand, but i seem to get more replies asking me not to double post or to delete a thread.. Its not like im spamming.

Thanks

For Geo Location to work, I believe one of two things will need to be in place.

  1. There will need to be a external connection to a database I.E. URL/API. Lookups will happen on the fly if not in cache, and will introduce some latency.
  2. An internal GeoLocation Database. Keep in mind this database needs to be updated at least once a week. Geo location databases are not small in size, and many routers may not have enough room for storage.

I've found Geo Location to be less than accurate because it depends on information about the IP from I.E Whois.

  1. IP transfers happen 24/7, and many times records are not updated for months or longer.
  2. Forging improper location and descriptions of given IPs.
  3. The EU just changed privacy policies that supposedly will impact geo location, and 28 countries are involved.

My 2¢

1 Like

Hi David,

Just the guy i really wanted to hear from.. We've had some discussion back in the day on the openwrt forum for wrt1900...

So i've setup the iptables geoip setup based on this: https://tokyobreeze.wordpress.com/2015/01/30/block-incoming-connection-from-all-ip-of-a-country-in-router/

The geo IP database is created on a linux computer e.g ubuntu and then the database files "LE" and "BE" folders containing the .iv4 and .iv6 are copied over to the router. These files look to be encrypted..as the county IPs dont show up in clear text. So while my iptables command is not complaining about anything, i am wondering, is it simply not able to read these files?

What are your thoughts?