From bd66e4fb6f683f47935c02dfca6a899afeca69b2 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Tue, 28 Jun 2022 11:31:07 -0300 Subject: Firewall: T4299: add geoip matching criteria --- docs/configuration/firewall/index.rst | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'docs/configuration') diff --git a/docs/configuration/firewall/index.rst b/docs/configuration/firewall/index.rst index 0cbc60c8..5081ce2f 100644 --- a/docs/configuration/firewall/index.rst +++ b/docs/configuration/firewall/index.rst @@ -323,6 +323,22 @@ There are a lot of matching criteria against which the package can be tested. set firewall name WAN-IN-v4 rule 101 source address !203.0.113.0/24 set firewall ipv6-name WAN-IN-v6 rule 100 source address 2001:db8::202 +.. cfgcmd:: set firewall name rule <1-999999> source geoip country-code + +.. cfgcmd:: set firewall ipv6-name rule <1-999999> source geoip + country-code +.. cfgcmd:: set firewall name rule <1-999999> destination geoip + country-code +.. cfgcmd:: set firewall ipv6-name rule <1-999999> destination geoip + country-code + +Match IP addresses based on its geolocation. More info: `geoip matching +`_ + +Data is provided by DB-IP.com under CC-BY-4.0 license. Attribution required, +permits redistribution so we can include a database in images(~3MB +compressed). Includes cron script (manually callable by op-mode update +geoip) to keep database and rules updated. .. cfgcmd:: set firewall name rule <1-999999> source mac-address @@ -806,3 +822,11 @@ Example Partial Config } } } + + +Update geoip database +===================== + +.. opcmd:: update geoip + + Command used to update GeoIP database and firewall sets. \ No newline at end of file -- cgit v1.2.3