nftfw can optionally use geolocation in nftfwls and nftfwadm to display the two-letter country code that is believed to be the location of that address. The code in these programs looks for the installation of the appropriate libraries and will work without them. In addition, it can be used to generate files for blacknets.d, where lists of IP addresses and address ranges can be used to block access to your system from named countries - see Getting CIDR lists.
Debian comes with an older version of the MaxMind data, using a now unused MaxMind data format. The files for this system are stored in /usr/share/GeoIP. nftfw doesn't use this legacy system and opted for the current data formats provided on a weekly basis by Maxmind.
Maxmind wants you to have free access to their files, you just need to sign up. The data files will be stored in /var/lib/GeoIP/.
$ sudo apt install python3-geoip2
$ sudo apt install geoipupdateIf geoipupdate is not found, you need to change /etc/apt/sources.list to include contributed packages.
Edit /etc/apt/sources.list and look for
deb URL/debian YOURVERSION mainand change to:
deb URL/debian YOURVERSION main contribNow try the apt install geoipupdate again, it should work now.
You have all the bits we need, we'll set them up later.
Visit the Maxmind web site.
Read down the page and click on 'Sign Up For Geolite2'. Create your account, I selected 'Internet Security' for 'Intended Use'.
Once you have the account, go to Maxmind's Account portal and login. You can also get there from the head and shoulders icon in the menu bar on their site.
The site is considerably more friendly than it used to be. Take a note of your Account/User ID, that appears at the top of the menu, you'll need it later.
Click on 'Manage license keys' and follow the prompts..
Enter a name for the key, I'm using a machine name.
This is the only time you will see the full version of the key, so copy and paste it somewhere safe. There's an icon next to the key that will copy it to your clipboard. If the next step fails, you can edit the geoipupdate config file from the information you have.
Now click on 'Download Config' - this will create a local file called GeoIP.conf.
The Debian installation will have created /etc/GeoIP.conf for you. The file pre-dates the Maxmind decision to ask you to sign up for a free license, ignore the comment above the AccountID line. You need to set the:
you can do this by copying the downloaded file into place, or by editing the file. You'll need to sudo your edit or cp. The nftfw commands use GeoLite2-Country.
Now run:
$ sudo geoipupdate -vand it should download a new set of files ending in .mmdb. These will be put in /var/lib/GeoIP and an ls will show them.
The Debian installer will have installed a cron file
/etc/cron.d/geoipupdatethat updates the files automatically once a week. I suggest that you change the time of day somewhat so that you are not clashing with other Debian systems in your timezone.