iptables GeoIP Ubuntu 16.04 / 18.04

This is New Configuration for GeoIP Blocking support on Ubuntu

Step-1: Install Prerequisites…

Step-2:  Download the conversion script from Github/Google Drive

Download this file from google drive

OR, you can download the original workout from github..

Step-3: Convert the New GeoLite2 table..


Step-4: Loading the module to the kernel


Step-5: Test: the GeoIP loaded Loaded Properly…

Just type on the console.. # iptables -m geoip –help

If it outputs like below, then the geoip is loaded properly…

Usage: iptables -[ACD] chain rule-specification [options]
iptables -I chain [rulenum] rule-specification [options]
iptables -R chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
iptables -[LS] [chain [rulenum]] [options]
iptables -[FZ] [chain] [options]
iptables -[NX] chain
iptables -E old-chain-name new-chain-name
iptables -P chain target [options]
iptables -h (print this help information)

Either long or short options are allowed.
–append -A chain Append to chain
–check -C chain Check for the existence of a rule
–delete -D chain Delete matching rule from chain
–delete -D chain rulenum
Delete rule rulenum (1 = first) from chain
–insert -I chain [rulenum]
Insert in chain as rulenum (default 1=first)
–replace -R chain rulenum
Replace rule rulenum (1 = first) in chain
–list -L [chain [rulenum]]

[ Output Cut ]

Step-6: Put some Test Rules..
Blocking Russia, China, HongKong to send any mail to my server on 25 port

iptables -A INPUT -m geoip -p tcp –dport 25 –src-cc RU,CN,HK -j DROP


Leave a Reply

Your email address will not be published. Required fields are marked *