Just a note how to do.


Install Software and load rules:

apt-get install xtables-addons-common
apt-get install libtext-csv-xs-perl
mkdir /usr/share/xt_geoip
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv

How to use the rules:

iptables -m geoip --help
iptables -A INPUT -m geoip --src-cc KR,CN,IN,RU,SA,TR,VN,UA,BR,VE,PK,JP,DE,IT -j DROP

How to make it persistent:

apt-get install iptables-persistent
apt-get remove --purge ufw

How to update the Rules via Cron:

echo '#!/bin/bash

export PATH=/usr/sbin:/usr/bin:/sbin:/bin

cd /tmp
rm -f GeoIPv6.csv GeoIPv6.csv GeoIPCountryCSV.zip GeoIPCountryWhois.csv;
wget \
        http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz \
gunzip GeoIPv6.csv.gz;
unzip GeoIPCountryCSV.zip;
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv
service iptables-persistent restart
' > /usr/local/sbin/geoip-update.sh
chmod 700 /usr/local/sbin/geoip-update.sh

crontab -e
1 1 1 * * /usr/local/sbin/geoip-update.sh