nftables geoip - continents ip
In the previous articles, we showed how to perform packet marking in nftables based on geoip source ip addresses
and also how to log traffic to external files
.
Today we will show how to mark packets based on which continent they come from.
The principle is that we first mark packets based on the source IP address so that we know which countries they are coming from. And then we'll find out which continent the state is on.
Example - mark and log packets from continents
#!/usr/sbin/nft -f
table inet ssh {
include "./nftables-geoip/geoip-def-all.nft"
include "./nftables-geoip/geoip-ipv4.nft"
include "./nftables-geoip/geoip-ipv6.nft"
chain ssh {
mark set ip saddr map @geoip4 # set country code based on ipv4
mark set ip6 saddr map @geoip6 # set country code based on ipv6
mark set mark map @continent_code # set continent code based on country code in previous two marks
mark { $americas } counter log prefix "ip-from-americas" group 3
mark { $europe } counter log prefix "ip-from-europe" group 3
mark { $africa } counter log prefix "ip-from-africa" group 3
mark { $asia } counter log prefix "ip-from-asia" group 3
mark { $oceania } counter log prefix "ip-from-oceania" group 3
mark { $antarctica } counter log prefix "ip-from-antarctica" group 3
counter log prefix "ssh-droped " group 3 drop
}
chain input {
type filter hook input priority 350; policy accept;
tcp dport { ssh, http, https } ct state { new } counter goto ssh
}
}