vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-10-26 08:41:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Firewall: T4299: add geoip matching criteria

Browse Source
This commit is contained in:
Nicolas Fort 2022-06-28 11:31:07 -03:00
parent cdf8b8a71d
commit bd66e4fb6f
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/configuration/firewall/index.rst
View File

@ -323,6 +323,22 @@ There are a lot of matching criteria against which the package can be tested.
set firewall name WAN-IN-v4 rule 101 source address !203.0.113.0/24
set firewall ipv6-name WAN-IN-v6 rule 100 source address 2001:db8::202
.. cfgcmd:: set firewall name <name> rule <1-999999> source geoip country-code
<country>
.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> source geoip
country-code <country>
.. cfgcmd:: set firewall name <name> rule <1-999999> destination geoip
country-code <country>
.. cfgcmd:: set firewall ipv6-name <name> rule <1-999999> destination geoip
country-code <country>
Match IP addresses based on its geolocation. More info: `geoip matching
<https://wiki.nftables.org/wiki-nftables/index.php/GeoIP_matching>`_
Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required,
permits redistribution so we can include a database in images(~3MB
compressed). Includes cron script (manually callable by op-mode update
geoip) to keep database and rules updated.
.. cfgcmd:: set firewall name <name> rule <1-999999> source mac-address
<mac-address>
@ -806,3 +822,11 @@ Example Partial Config
}
}
}
Update geoip database
=====================
.. opcmd:: update geoip
Command used to update GeoIP database and firewall sets.