Web lists-archives.com

iptables geoip not working after update to jessie




Hi,

Yesterday I upgraded a server from wheezy to jessie. Went fine, with one exception: my geoip iptables rules no longer work:

root@jessie:~# iptables -A INPUT -m geoip --src-cc RU -j DROP
iptables: No chain/target/match by that name.

This machine was originaly wheezy, and at that time, I installed the geo ip, according to my notes, like this:

apt-get install xtables-addons-common libtext-csv-xs-perl

and

cd /tmp/geoip
/usr/lib/xtables-addons/xt_geoip_dl
mkdir /usr/share/xt_geoip
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv

This worked in wheezy, but alas after the upgrade it stopped. :-(

Iptables still seems to know about geoip, because "iptables -m geoip --help" still lists the geoip match options:

geoip match options:
[!] --src-cc, --source-country country[,country...]
	Match packet coming from (one of) the specified country(ies)
[!] --dst-cc, --destination-country country[,country...]
	Match packet going to (one of) the specified country(ies)

NOTE: The country is inputed by its ISO3166 code.

As I really need to block some countries, I would very much appreciate any assistance here.

This post describes exactly my issue:
https://bbs.archlinux.org/viewtopic.php?id=195565

root@jessie:~# modprobe xt_geoip
modprobe: FATAL: Module xt_geoip not found.

But the fix from the post (depmod -a) doesn't help us at all. No output, no difference.

Could someone help me out?

Best regards,
MJ

FYI:

root@jessie:~#  modprobe -c | grep x_tab
alias symbol:xt_alloc_entry_offsets x_tables
alias symbol:xt_alloc_table_info x_tables
alias symbol:xt_check_entry_offsets x_tables
alias symbol:xt_check_match x_tables
alias symbol:xt_check_target x_tables
alias symbol:xt_compat_add_offset x_tables
alias symbol:xt_compat_calc_jump x_tables
alias symbol:xt_compat_check_entry_offsets x_tables
alias symbol:xt_compat_flush_offsets x_tables
alias symbol:xt_compat_init_offsets x_tables
alias symbol:xt_compat_lock x_tables
alias symbol:xt_compat_match_from_user x_tables
alias symbol:xt_compat_match_offset x_tables
alias symbol:xt_compat_match_to_user x_tables
alias symbol:xt_compat_target_from_user x_tables
alias symbol:xt_compat_target_offset x_tables
alias symbol:xt_compat_target_to_user x_tables
alias symbol:xt_compat_unlock x_tables
alias symbol:xt_copy_counters_from_user x_tables
alias symbol:xt_find_jump_offset x_tables
alias symbol:xt_find_match x_tables
alias symbol:xt_find_revision x_tables
alias symbol:xt_find_table_lock x_tables
alias symbol:xt_find_target x_tables
alias symbol:xt_free_table_info x_tables
alias symbol:xt_hook_link x_tables
alias symbol:xt_hook_unlink x_tables
alias symbol:xt_proto_fini x_tables
alias symbol:xt_proto_init x_tables
alias symbol:xt_recseq x_tables
alias symbol:xt_register_match x_tables
alias symbol:xt_register_matches x_tables
alias symbol:xt_register_table x_tables
alias symbol:xt_register_target x_tables
alias symbol:xt_register_targets x_tables
alias symbol:xt_replace_table x_tables
alias symbol:xt_request_find_match x_tables
alias symbol:xt_request_find_target x_tables
alias symbol:xt_table_unlock x_tables
alias symbol:xt_unregister_match x_tables
alias symbol:xt_unregister_matches x_tables
alias symbol:xt_unregister_table x_tables
alias symbol:xt_unregister_target x_tables
alias symbol:xt_unregister_targets x_tables