iptables geoip not working after update to jessie

To: debian-user@lists.debian.org
Subject: iptables geoip not working after update to jessie
From: mj <lists@merit.unu.edu>
Date: Wed, 9 May 2018 08:37:52 +0200
Message-id: <[🔎] e5f2f3dc-1802-9a57-d06f-486bf1ef98a1@merit.unu.edu>

Hi,

Yesterday I upgraded a server from wheezy to jessie. Went fine, with oneexception: my geoip iptables rules no longer work:

root@jessie:~# iptables -A INPUT -m geoip --src-cc RU -j DROP
iptables: No chain/target/match by that name.

This machine was originaly wheezy, and at that time, I installed the geoip, according to my notes, like this:

apt-get install xtables-addons-common libtext-csv-xs-perl

and

cd /tmp/geoip
/usr/lib/xtables-addons/xt_geoip_dl
mkdir /usr/share/xt_geoip
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv


This worked in wheezy, but alas after the upgrade it stopped. :-(

Iptables still seems to know about geoip, because "iptables -m geoip--help" still lists the geoip match options:

geoip match options:
[!] --src-cc, --source-country country[,country...]
	Match packet coming from (one of) the specified country(ies)
[!] --dst-cc, --destination-country country[,country...]
	Match packet going to (one of) the specified country(ies)

NOTE: The country is inputed by its ISO3166 code.

As I really need to block some countries, I would very much appreciateany assistance here.


This post describes exactly my issue:
https://bbs.archlinux.org/viewtopic.php?id=195565

root@jessie:~# modprobe xt_geoip
modprobe: FATAL: Module xt_geoip not found.

But the fix from the post (depmod -a) doesn't help us at all. No output,no difference.


Could someone help me out?

Best regards,
MJ

FYI:

root@jessie:~#  modprobe -c | grep x_tab
alias symbol:xt_alloc_entry_offsets x_tables
alias symbol:xt_alloc_table_info x_tables
alias symbol:xt_check_entry_offsets x_tables
alias symbol:xt_check_match x_tables
alias symbol:xt_check_target x_tables
alias symbol:xt_compat_add_offset x_tables
alias symbol:xt_compat_calc_jump x_tables
alias symbol:xt_compat_check_entry_offsets x_tables
alias symbol:xt_compat_flush_offsets x_tables
alias symbol:xt_compat_init_offsets x_tables
alias symbol:xt_compat_lock x_tables
alias symbol:xt_compat_match_from_user x_tables
alias symbol:xt_compat_match_offset x_tables
alias symbol:xt_compat_match_to_user x_tables
alias symbol:xt_compat_target_from_user x_tables
alias symbol:xt_compat_target_offset x_tables
alias symbol:xt_compat_target_to_user x_tables
alias symbol:xt_compat_unlock x_tables
alias symbol:xt_copy_counters_from_user x_tables
alias symbol:xt_find_jump_offset x_tables
alias symbol:xt_find_match x_tables
alias symbol:xt_find_revision x_tables
alias symbol:xt_find_table_lock x_tables
alias symbol:xt_find_target x_tables
alias symbol:xt_free_table_info x_tables
alias symbol:xt_hook_link x_tables
alias symbol:xt_hook_unlink x_tables
alias symbol:xt_proto_fini x_tables
alias symbol:xt_proto_init x_tables
alias symbol:xt_recseq x_tables
alias symbol:xt_register_match x_tables
alias symbol:xt_register_matches x_tables
alias symbol:xt_register_table x_tables
alias symbol:xt_register_target x_tables
alias symbol:xt_register_targets x_tables
alias symbol:xt_replace_table x_tables
alias symbol:xt_request_find_match x_tables
alias symbol:xt_request_find_target x_tables
alias symbol:xt_table_unlock x_tables
alias symbol:xt_unregister_match x_tables
alias symbol:xt_unregister_matches x_tables
alias symbol:xt_unregister_table x_tables
alias symbol:xt_unregister_target x_tables
alias symbol:xt_unregister_targets x_tables

Reply to:

Follow-Ups:
- Re: iptables geoip not working after update to jessie
  - From: Reco <recoverym4n@gmail.com>

Prev by Date: Thunderbird asking for authentication
Next by Date: Re: [linux.debian.user] question about exim.
Previous by thread: Thunderbird asking for authentication
Next by thread: Re: iptables geoip not working after update to jessie
Index(es):
- Date
- Thread