What if you could block threats to your network in real-time from countries around the world from which the majority of cyberattacks originate? What if you could redirect connections to a single network based on their origin?
As you can imagine, being able to control these situations would reduce the number of attack vectors on your network, improving its security. You may be surprised that this is not only possible, but straightforward and easy, with GeoIP for nftables.
GeoIp for nftables is a simple and flexible Bash script released in December of 2020 designed to perform automated real-time filtering using nftables firewalls based on the IP addresses for a particular region. In a recent interview with LinuxSecurity researchers, the project’s lead developer Mike Baxter explained the mission of GeoIP for nftables.
“I hope this project is beneficial to those who may not have the IT budget or resources to implement a commercial solution. The code runs well on servers, workstations and low-power systems like Raspberry Pi. The script has the built-in ability to flush and refill GeoIP sets after a database update without restarting the firewall, allowing servers to run uninterrupted without dropping established connections.”
This article will examine the concept of GeoIP filtering and how it could add a valuable layer of security to your firewall. Then, it will explore how the GeoIP for nftables project is leveraging Open Source to provide intuitive, customizable GeoIP filtering on Linux.