In the previous articles, we showed how to perform packet marking in nftables based on geoip source ip addresses and also how to log traffic to external files .
Today we will show how to mark packets based on which continent they come from.

The principle is that we first mark packets based on the source IP address so that we know which countries they are coming from. And then we'll find out which continent the state is on.

We'll learn how we can block traffic originated from specific country or continent IPs using GeoIP database and linux nftables . This article describes the configuration for debian linux distros. nftables is the new packet classification framework that intends to replaces the existing {ip,ip6,arp,eb}_tables infrastructure. In a nutshell:

• It is available in Linux kernels >= 3.13
• It comes with a new command line utility nft whose syntax is different to iptables.
• It also comes with a compatibility layer that allows you to run iptables commands over the new nftables kernel framework.
• It provides generic set infrastructure that allows you to construct maps and concatenation. You can use this new feature to arrange your ruleset in multidimensional tree which drastically reduces the number of rules that need to be inspected until you find the final action on the packet.

I assume you have at least basic experience with the nftables configuration.

One of the new features of the Windows 10 May 2019 Update is the Windows Sandbox . It is a simple virtualization tool that can be used, for example, to test software that we do not want to install on the operating system itself, or to open a potentially infected file without risking damage to the computer.

It is not a replacement for VirtualBox or similar complex tools. Windows Sandbox can create one isolated copy of Windows 10 itself, the state of which cannot be saved. The tool also has its advantages - very simple usage.

Setup

For debian based distro you must install python pandas and xlrd packages first: