Can someone please suggest an easy way how to block IPs from Russia, China, etc? Or is that something that is planned for TOS 4? Thanks, jose
It is possible to use the GeoIP module for the netfilter/iptables (iptables-mod-geoip
), see https://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO-3.html for some examples. But it may lead to unpredictible results because the current IPv4 address shortage is in some cases solved by address block leasing (one subject leases temporarily one or more IPv4 address blocks to another subject). The leased addresses may be left assigned to their âownerâ but another subject (maybe from another country!) use them.
Thank you, thatâs a good point. What would you suggest then? I read article on dynamic firewall fed by the data from Turris project at https://www.root.cz/clanky/nasadte-dynamicky-firewall-pouzivajici-data-z-projektu-turris/ but there was no information on how to make it work with TO itself.
if your time is worth anything, it is more expensive to implement this then to circumvent it.
not to mention the time to debug a deviation of the solutions definition of âthe bad guysâ and yours.
just donât.
Installation via Foris is not yet finished. When you check Data collection on the Updater page, only the dynamic firewall is installed (which receives dynamic firewall rules and applies them to the kernel firewall in Turris OS), without data collection.
The only way how to currently install data collection is the command line:
opkg update
opkg install sentinel-nikola sentinel-minipot
These commands install the current versions of the packages for Sentinel data collection. One additional package (sentinel-proxy
) is installed automatically by dependency.