i’m not gonna wasting time, here’s how to do it
Download xtables-addons
# wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/1.20/xtables-addons-1.20.tar.bz2?use_mirror=waix
install kernel-devel kernel-headers iptables-devel gcc
# yum -y install kernel-devel kernel-headers iptables-devel gcc
extract xtables-addons-1.20.tar.bz2
# tar xjf xtables-addons-1.20.tar.bz2
cd to xtables-addons-1.20 directory
# cd xtables-addons-1.20
Compile xtabless-addons
# ./configure --with-kbuild=/lib/modules/`uname -r`/build --with-xtlibdir=/lib64/xtables # make # make install
Available modules on xtables-addons
# -*- Makefile -*- # build_ACCOUNT=m build_CHAOS=m build_DELUDE=m build_DHCPMAC=m build_ECHO= build_IPMARK=m build_LOGMARK=m build_RAWNAT=m build_STEAL=m build_SYSRQ=m build_TARPIT=m build_TEE=m build_condition=m build_fuzzy=m build_geoip=m build_iface=m build_ipp2p=m build_ipset=m build_ipv4options=m build_length2=m build_lscan=m build_pknock=m build_psd=m build_quota2=m
test one of modules installed, e.g geoip
#iptables -m geoip -h
....
....
....
geoip match options:
[!] --src-cc, --source-country country[,country...]
Match packet coming from (one of) the specified country(ies)
[!] --dst-cc, --destination-country country[,country...]
Match packet going to (one of) the specified country(ies)
NOTE: The country is inputed by its ISO3166 code.
done 🙂