Changes

From SME Server
Jump to navigationJump to search
2,836 bytes added ,  08:49, 26 January 2020
Line 31: Line 31:     
=== Description ===
 
=== Description ===
 +
 +
{{Warning box|From MAXMIND site :
 +
"Due to upcoming data privacy regulations, we are making significant changes to how you access free GeoLite2 databases starting December 30, 2019. Learn more on our blog." https://blog.maxmind.com/2019/12/18/significant-changes-to-accessing-and-using-geolite2-databases/
 +
 +
Quote
 +
Starting December 30, 2019, we will be requiring users of our GeoLite2 databases to register for a MaxMind account and obtain a license key in order to download GeoLite2 databases. We will continue to offer the GeoLite2 databases without charge, and with the ability to redistribute with proper attribution and in compliance with privacy regulations. In addition, we are introducing a new end-user license agreement to govern your use of the GeoLite2 databases. Previously, GeoLite2 databases were accessible for download to the public on our developer website and were licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
 +
 +
Starting December 30, 2019, downloads will no longer be served from our public GeoLite2 page, from geolite.maxmind.com/download/geoip/database/*, or from any other public URL.
 +
End Quote
 +
 +
See the section below [[Xt geoip#installation|Installation]] for steps on how to migrate to the new download mechanism.}}
 +
 
<!-- add a description here --> This contribs installs xtables-addons  [http://xtables-addons.sourceforge.net/geoip.php (http://xtables-addons.sourceforge.net/geoip.php]) on SME Server 9.x.  
 
<!-- add a description here --> This contribs installs xtables-addons  [http://xtables-addons.sourceforge.net/geoip.php (http://xtables-addons.sourceforge.net/geoip.php]) on SME Server 9.x.  
   −
  Xtables-addons includes xt_geoip used in this contribs to filter packets depending on the country they come from.  
+
  Xtables-addons includes xt_geoip used in this contribs to filter packets depending on the country they come from.
    
=== Installation ===
 
=== Installation ===
 +
Sign up for a MaxMind account (no purchase required) https://dev.maxmind.com/geoip/geoip2/geolite2/
 +
 +
Important - Note your login details and in particular your AccountID and LicenceKey
 +
 +
Go to Services My Licence key and generate a licence key, carefully note the key details, multiple keys may be created, these details are also used in the smeserver-geoip contrib.
 +
 +
The following config property keys and values will be used to set the geoip config db for ongoing updates see below
 +
AccountID #######
 +
LicenseKey xxxxxxxxxxxxxxx
 +
 
  yum --enablerepo=smecontribs install smeserver-xt_geoip
 
  yum --enablerepo=smecontribs install smeserver-xt_geoip
    
you might need to update to last smeserver-yum >= 2.4.0-23 or you will get an error because of missing GPG key.  
 
you might need to update to last smeserver-yum >= 2.4.0-23 or you will get an error because of missing GPG key.  
 +
 +
A configuration db may already be present from another contrib, check for its existence
 +
 +
# config show geoip
 +
geoip=service
 +
status=enabled
 +
 +
If it does exists and the LicenseKey and AccountID are NOT present perform the following
 +
db configuration setprop LicenseKey "YOUR LIC KEY" AccountID "YOUR ACCT ID"
 +
 +
If the configuration db is not present it needs to be created with following keys and properties:
 +
db configuration set geoip service status enabled LicenseKey "YOUR LIC KEY" AccountID "YOUR ACCT ID"
 +
 +
# config show geoip
 +
geoip=service
 +
    AccountID=xxxxxx
 +
    LicenseKey=xxxxxxxxxxxxxxx
 +
    status=enabled
 +
 
then<syntaxhighlight lang="bash">
 
then<syntaxhighlight lang="bash">
 
modprobe xt_geoip
 
modprobe xt_geoip
Line 47: Line 88:  
you might have issues with kmod not populating the weak-updates folder, which results in geoip module being not available (modprobe xt_geoip will give an error, and panel will indicate iptable geoip not working),  if so just run :
 
you might have issues with kmod not populating the weak-updates folder, which results in geoip module being not available (modprobe xt_geoip will give an error, and panel will indicate iptable geoip not working),  if so just run :
 
  weak-modules  --add-kernel
 
  weak-modules  --add-kernel
 +
 
=== Configuration ===
 
=== Configuration ===
 
The easiest way should be to go to server manager and use the panel. There you will be able to :
 
The easiest way should be to go to server manager and use the panel. There you will be able to :
 
* configure a global filter list of country. You can either only accept the defined countries or reject the defined countries.
 
* configure a global filter list of country. You can either only accept the defined countries or reject the defined countries.
 
* configure a per service (port), exclusion list. Similarly you can  either only accept the defined countries or reject the defined countries.
 
* configure a per service (port), exclusion list. Similarly you can  either only accept the defined countries or reject the defined countries.
* configure whether you want the global filter override the per service rule, or only filter all other ports withotu a specific geoip rule.
+
* configure whether you want the global filter override the per service rule, or only filter all other ports without a specific geoip rule.
    
The server-manager offers also after the first 24 hours statistics.
 
The server-manager offers also after the first 24 hours statistics.
Line 80: Line 122:  
|imaps,pop3s,sshd,ftp,ssmtpd
 
|imaps,pop3s,sshd,ftp,ssmtpd
 
|coma separated strings
 
|coma separated strings
|list of existing services in configuration db with defined TCPPorts. You can manually override the list to add your own services, but they need to be configured in the configuration db
+
|list of existing services in configuration db with defined TCPPorts. You can manually override the list to add your own services (see below).
 
|-
 
|-
 
|XTGeoipRev
 
|XTGeoipRev
Line 91: Line 133:  
|enabled,disabled
 
|enabled,disabled
 
|if enabled the global rule will apply only to services/ports with a specific geoip defined rule. If the property is empty or missing, its value is defaulted to disabled.
 
|if enabled the global rule will apply only to services/ports with a specific geoip defined rule. If the property is empty or missing, its value is defaulted to disabled.
 +
|-
 +
|XTlogmail
 +
|disabled
 +
|enabled,disabled
 +
|if enabled the daily processing sends summary messages to the administrator. If the property is empty or missing, its value is defaulted to disabled.
 
|}
 
|}
 +
 +
'''To override the list of services''' (XtServices) : click on the button under the table of managed services. You get a panel with a list of all existing services (tcp) on the server. You can then (un)select [ctrl-click] and obtain your own services.
    
NOTE: masq is a the entry fo the SME firewall, there are plenty of other property for this key, please refer to manual. Only properties added by this contrib are referenced here.
 
NOTE: masq is a the entry fo the SME firewall, there are plenty of other property for this key, please refer to manual. Only properties added by this contrib are referenced here.
   −
NOTE2: Only XtServices is not configurable using the Server-Manager
+
NOTE2: Only Xtlogmail is not configurable using the Server-Manager.
    
==== per service properties ====
 
==== per service properties ====

Navigation menu