I want to simply block all ssh access from anywhere but with in the US. This is my whole iptables, and I have followed http://www.howtoforge.com/xtables-addons-on-centos-6-and-iptables-geoip-filtering
# Generated by iptables-save v1.4.7 on Wed Jul 3 02:30:42 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1749:280570]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j DROP
-A INPUT -m geoip --src-cc US --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3000:3050 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Jul 3 02:30:42 2013
I have -A INPUT -m geoip --src-cc US --dport 22 -j ACCEPT and the goal is to only accept ssh from the us where admins work from. as of right now I get an error.
iptables: Applying firewall rules: iptables-restore v1.4.7: Couldn't load match `geoip':/lib64/xtables/libipt_geoip.so:
cannot open shared object file: No such file or directory Error occurred at line: 10
update
I have searched for the file and can't find it any were. Ran through the how to and realized that the Xtables-addons was version 1.37, so I updated it 2.5 but there was no change. I look in /lib64/xtables/ and there are tons of files but not the geoip one. So I think that is where I need to start on how to correct the Xtables-addon install I guess.
/usr/share/xt_geoip/? Sounds like that's what it's missing.BE/andLE/with all the files in it,libipt_geoip.sois just not in/lib64/xtables/