Difference between revisions of "Installing xtables-addons on Raspbian"

From Tomelec
Jump to: navigation, search
Line 11: Line 11:
 
* Update to the latest kernel and firmware using the '''rpi-update''' script as described [https://github.com/Hexxeh/rpi-update here].
 
* Update to the latest kernel and firmware using the '''rpi-update''' script as described [https://github.com/Hexxeh/rpi-update here].
 
* Download and install the kernel source using '''rpi-source''', see [https://github.com/notro/rpi-source/wiki rpi-source].
 
* Download and install the kernel source using '''rpi-source''', see [https://github.com/notro/rpi-source/wiki rpi-source].
 +
 +
==Install packets from the repository==
 +
<nowiki>sudo apt-get install libtext-csv-xs-perl geoip-database libgeoip1</nowiki>
 +
Other tools might be required. Please tell me if anything is missing here.
 +
 +
Debain How To´s on that topic describe the use of ''module-assistant'' for making the kernel modules. I did not succeed using it on Raspbian!

Revision as of 23:51, 9 January 2015

Why?

Annoyed by tons of SSH brutforce attacs, I was looking for a way to lock out connections coming from other countries than the desired ones. xtables-addons got the geoip module which enables us to use rules like

iptables -A INPUT -i wan -p tcp --dport 22 -m state --state NEW -m geoip ! --src-cc AT,DE -j GEOIP_BLOCK_LOG

This example would match on connections not originating from Austria (AT) or Germany (DE). I wanted to use it on a Raspberry Pi running Raspbian.

How?

Raspbian, a Debian based operating system for the Raspberry Pi, is a bit different to other Debian distributions when it comes to add kernel modules. The Kernel sources can not be installed using the packet manager but are downloaded and set up by a separate tool.

Getting the latest kernel and sources

  • Update to the latest kernel and firmware using the rpi-update script as described here.
  • Download and install the kernel source using rpi-source, see rpi-source.

Install packets from the repository

sudo apt-get install libtext-csv-xs-perl geoip-database libgeoip1

Other tools might be required. Please tell me if anything is missing here.

Debain How To´s on that topic describe the use of module-assistant for making the kernel modules. I did not succeed using it on Raspbian!