extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-21 23:23:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-17 10:44:02 -07:00
parent 6148c909f2
commit d220d3d9d5
7 changed files with 1084 additions and 354 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

504
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -28,7 +28,7 @@ package Shorewall::Chains;
require Exporter;
use Scalar::Util 'reftype';
use Digest::SHA1 qw(sha1);
use Digest::SHA qw(sha1);
use Shorewall::Config qw(:DEFAULT :internal);
use Shorewall::Zones;
use Shorewall::IPAddrs;
@ -565,6 +565,7 @@ my %aliases = ( protocol => 'p',
my @unique_options = ( qw/p dport sport icmp-type icmpv6-type s d i o/ );
our %isocodes;
#
# Rather than initializing globals in an INIT block or during declaration,
# we initialize them in a function. This is done for two reasons:
@ -633,6 +634,455 @@ sub initialize( $$$ ) {
sip => UDP,
snmp => UDP,
tftp => UDP);
if ( $family == F_IPV4 ) {
%isocodes = (
A1 => "Anonymous Proxy" ,
A2 => "Satellite Provider" ,
AD => "Andorra" ,
AE => "United Arab Emirates" ,
AF => "Afghanistan" ,
AG => "Antigua and Barbuda" ,
AI => "Anguilla" ,
AL => "Albania" ,
AM => "Armenia" ,
AN => "Netherlands Antilles" ,
AO => "Angola" ,
AP => "Asia/Pacific Region" ,
AQ => "Antarctica" ,
AR => "Argentina" ,
AS => "American Samoa" ,
AT => "Austria" ,
AU => "Australia" ,
AW => "Aruba" ,
AX => "Aland Islands" ,
AZ => "Azerbaijan" ,
BA => "Bosnia and Herzegovina" ,
BB => "Barbados" ,
BD => "Bangladesh" ,
BE => "Belgium" ,
BF => "Burkina Faso" ,
BG => "Bulgaria" ,
BH => "Bahrain" ,
BI => "Burundi" ,
BJ => "Benin" ,
BM => "Bermuda" ,
BN => "Brunei Darussalam" ,
BO => "Bolivia" ,
BR => "Brazil" ,
BS => "Bahamas" ,
BT => "Bhutan" ,
BV => "Bouvet Island" ,
BW => "Botswana" ,
BY => "Belarus" ,
BZ => "Belize" ,
CA => "Canada" ,
CC => "Cocos (Keeling) Islands" ,
CD => "Congo, The Democratic Republic of the" ,
CF => "Central African Republic" ,
CG => "Congo" ,
CH => "Switzerland" ,
CI => "Cote D'Ivoire" ,
CK => "Cook Islands" ,
CL => "Chile" ,
CM => "Cameroon" ,
CN => "China" ,
CO => "Colombia" ,
CR => "Costa Rica" ,
CU => "Cuba" ,
CV => "Cape Verde" ,
CX => "Christmas Island" ,
CY => "Cyprus" ,
CZ => "Czech Republic" ,
DE => "Germany" ,
DJ => "Djibouti" ,
DK => "Denmark" ,
DM => "Dominica" ,
DO => "Dominican Republic" ,
DZ => "Algeria" ,
EC => "Ecuador" ,
EE => "Estonia" ,
EG => "Egypt" ,
EH => "Western Sahara" ,
ER => "Eritrea" ,
ES => "Spain" ,
ET => "Ethiopia" ,
EU => "Europe" ,
FI => "Finland" ,
FJ => "Fiji" ,
FK => "Falkland Islands (Malvinas)" ,
FM => "Micronesia, Federated States of" ,
FO => "Faroe Islands" ,
FR => "France" ,
GA => "Gabon" ,
GB => "United Kingdom" ,
GD => "Grenada" ,
GE => "Georgia" ,
GF => "French Guiana" ,
GG => "Guernsey" ,
GH => "Ghana" ,
GI => "Gibraltar" ,
GL => "Greenland" ,
GM => "Gambia" ,
GN => "Guinea" ,
GP => "Guadeloupe" ,
GQ => "Equatorial Guinea" ,
GR => "Greece" ,
GS => "South Georgia and the South Sandwich Islands" ,
GT => "Guatemala" ,
GU => "Guam" ,
GW => "Guinea-Bissau" ,
GY => "Guyana" ,
HK => "Hong Kong" ,
HN => "Honduras" ,
HR => "Croatia" ,
HT => "Haiti" ,
HU => "Hungary" ,
ID => "Indonesia" ,
IE => "Ireland" ,
IL => "Israel" ,
IM => "Isle of Man" ,
IN => "India" ,
IO => "British Indian Ocean Territory" ,
IQ => "Iraq" ,
IR => "Iran, Islamic Republic of" ,
IS => "Iceland" ,
IT => "Italy" ,
JE => "Jersey" ,
JM => "Jamaica" ,
JO => "Jordan" ,
JP => "Japan" ,
KE => "Kenya" ,
KG => "Kyrgyzstan" ,
KH => "Cambodia" ,
KI => "Kiribati" ,
KM => "Comoros" ,
KN => "Saint Kitts and Nevis" ,
KP => "Korea, Democratic People's Republic of" ,
KR => "Korea, Republic of" ,
KW => "Kuwait" ,
KY => "Cayman Islands" ,
KZ => "Kazakhstan" ,
LA => "Lao People's Democratic Republic" ,
LB => "Lebanon" ,
LC => "Saint Lucia" ,
LI => "Liechtenstein" ,
LK => "Sri Lanka" ,
LR => "Liberia" ,
LS => "Lesotho" ,
LT => "Lithuania" ,
LU => "Luxembourg" ,
LV => "Latvia" ,
LY => "Libyan Arab Jamahiriya" ,
MA => "Morocco" ,
MC => "Monaco" ,
MD => "Moldova, Republic of" ,
ME => "Montenegro" ,
MG => "Madagascar" ,
MH => "Marshall Islands" ,
MK => "Macedonia" ,
ML => "Mali" ,
MM => "Myanmar" ,
MN => "Mongolia" ,
MO => "Macau" ,
MP => "Northern Mariana Islands" ,
MQ => "Martinique" ,
MR => "Mauritania" ,
MS => "Montserrat" ,
MT => "Malta" ,
MU => "Mauritius" ,
MV => "Maldives" ,
MW => "Malawi" ,
MX => "Mexico" ,
MY => "Malaysia" ,
MZ => "Mozambique" ,
NA => "Namibia" ,
NC => "New Caledonia" ,
NE => "Niger" ,
NF => "Norfolk Island" ,
NG => "Nigeria" ,
NI => "Nicaragua" ,
NL => "Netherlands" ,
NO => "Norway" ,
NP => "Nepal" ,
NR => "Nauru" ,
NU => "Niue" ,
NZ => "New Zealand" ,
OM => "Oman" ,
PA => "Panama" ,
PE => "Peru" ,
PF => "French Polynesia" ,
PG => "Papua New Guinea" ,
PH => "Philippines" ,
PK => "Pakistan" ,
PL => "Poland" ,
PM => "Saint Pierre and Miquelon" ,
PR => "Puerto Rico" ,
PS => "Palestinian Territory, Occupied" ,
PT => "Portugal" ,
PW => "Palau" ,
PY => "Paraguay" ,
QA => "Qatar" ,
RE => "Reunion" ,
RO => "Romania" ,
RS => "Serbia" ,
RU => "Russian Federation" ,
RW => "Rwanda" ,
SA => "Saudi Arabia" ,
SB => "Solomon Islands" ,
SC => "Seychelles" ,
SD => "Sudan" ,
SE => "Sweden" ,
SG => "Singapore" ,
SH => "Saint Helena" ,
SI => "Slovenia" ,
SJ => "Svalbard and Jan Mayen" ,
SK => "Slovakia" ,
SL => "Sierra Leone" ,
SM => "San Marino" ,
SN => "Senegal" ,
SO => "Somalia" ,
SR => "Suriname" ,
ST => "Sao Tome and Principe" ,
SV => "El Salvador" ,
SY => "Syrian Arab Republic" ,
SZ => "Swaziland" ,
TC => "Turks and Caicos Islands" ,
TD => "Chad" ,
TF => "French Southern Territories" ,
TG => "Togo" ,
TH => "Thailand" ,
TJ => "Tajikistan" ,
TK => "Tokelau" ,
TL => "Timor-Leste" ,
TM => "Turkmenistan" ,
TN => "Tunisia" ,
TO => "Tonga" ,
TR => "Turkey" ,
TT => "Trinidad and Tobago" ,
TV => "Tuvalu" ,
TW => "Taiwan" ,
TZ => "Tanzania, United Republic of" ,
UA => "Ukraine" ,
UG => "Uganda" ,
UM => "United States Minor Outlying Islands" ,
US => "United States" ,
UY => "Uruguay" ,
UZ => "Uzbekistan" ,
VA => "Holy See (Vatican City State)" ,
VC => "Saint Vincent and the Grenadines" ,
VE => "Venezuela" ,
VG => "Virgin Islands, British" ,
VI => "Virgin Islands, U.S." ,
VN => "Vietnam" ,
VU => "Vanuatu" ,
WF => "Wallis and Futuna" ,
WS => "Samoa" ,
YE => "Yemen" ,
YT => "Mayotte" ,
ZA => "South Africa" ,
ZM => "Zambia" ,
ZW => "Zimbabwe" ,
)
} else {
%isocodes = (
AD => "Andorra" ,
AE => "United Arab Emirates" ,
AF => "Afghanistan" ,
AL => "Albania" ,
AM => "Armenia" ,
AO => "Angola" ,
AP => "Asia/Pacific Region" ,
AR => "Argentina" ,
AS => "American Samoa" ,
AT => "Austria" ,
AU => "Australia" ,
AW => "Aruba" ,
AZ => "Azerbaijan" ,
BA => "Bosnia and Herzegovina" ,
BD => "Bangladesh" ,
BE => "Belgium" ,
BF => "Burkina Faso" ,
BG => "Bulgaria" ,
BH => "Bahrain" ,
BI => "Burundi" ,
BJ => "Benin" ,
BM => "Bermuda" ,
BN => "Brunei Darussalam" ,
BO => "Bolivia" ,
BR => "Brazil" ,
BS => "Bahamas" ,
BT => "Bhutan" ,
BW => "Botswana" ,
BY => "Belarus" ,
BZ => "Belize" ,
CA => "Canada" ,
CD => "Congo, The Democratic Republic of the" ,
CH => "Switzerland" ,
CI => "Cote D'Ivoire" ,
CK => "Cook Islands" ,
CL => "Chile" ,
CM => "Cameroon" ,
CN => "China" ,
CO => "Colombia" ,
CR => "Costa Rica" ,
CU => "Cuba" ,
CW => "" ,
CY => "Cyprus" ,
CZ => "Czech Republic" ,
DE => "Germany" ,
DJ => "Djibouti" ,
DK => "Denmark" ,
DO => "Dominican Republic" ,
DZ => "Algeria" ,
EC => "Ecuador" ,
EE => "Estonia" ,
EG => "Egypt" ,
ES => "Spain" ,
EU => "Europe" ,
FI => "Finland" ,
FJ => "Fiji" ,
FM => "Micronesia, Federated States of" ,
FO => "Faroe Islands" ,
FR => "France" ,
GB => "United Kingdom" ,
GD => "Grenada" ,
GE => "Georgia" ,
GG => "Guernsey" ,
GH => "Ghana" ,
GI => "Gibraltar" ,
GL => "Greenland" ,
GM => "Gambia" ,
GP => "Guadeloupe" ,
GR => "Greece" ,
GT => "Guatemala" ,
GU => "Guam" ,
GY => "Guyana" ,
HK => "Hong Kong" ,
HN => "Honduras" ,
HR => "Croatia" ,
HT => "Haiti" ,
HU => "Hungary" ,
ID => "Indonesia" ,
IE => "Ireland" ,
IL => "Israel" ,
IM => "Isle of Man" ,
IN => "India" ,
IQ => "Iraq" ,
IR => "Iran, Islamic Republic of" ,
IS => "Iceland" ,
IT => "Italy" ,
JE => "Jersey" ,
JM => "Jamaica" ,
JO => "Jordan" ,
JP => "Japan" ,
KE => "Kenya" ,
KG => "Kyrgyzstan" ,
KH => "Cambodia" ,
KN => "Saint Kitts and Nevis" ,
KR => "Korea, Republic of" ,
KW => "Kuwait" ,
KY => "Cayman Islands" ,
KZ => "Kazakhstan" ,
LA => "Lao People's Democratic Republic" ,
LB => "Lebanon" ,
LI => "Liechtenstein" ,
LK => "Sri Lanka" ,
LS => "Lesotho" ,
LT => "Lithuania" ,
LU => "Luxembourg" ,
LV => "Latvia" ,
LY => "Libyan Arab Jamahiriya" ,
MA => "Morocco" ,
MC => "Monaco" ,
MD => "Moldova, Republic of" ,
ME => "Montenegro" ,
MG => "Madagascar" ,
MH => "Marshall Islands" ,
MK => "Macedonia" ,
ML => "Mali" ,
MM => "Myanmar" ,
MN => "Mongolia" ,
MO => "Macau" ,
MT => "Malta" ,
MU => "Mauritius" ,
MV => "Maldives" ,
MW => "Malawi" ,
MX => "Mexico" ,
MY => "Malaysia" ,
MZ => "Mozambique" ,
NA => "Namibia" ,
NC => "New Caledonia" ,
NF => "Norfolk Island" ,
NG => "Nigeria" ,
NI => "Nicaragua" ,
NL => "Netherlands" ,
NO => "Norway" ,
NP => "Nepal" ,
NR => "Nauru" ,
NU => "Niue" ,
NZ => "New Zealand" ,
OM => "Oman" ,
PA => "Panama" ,
PE => "Peru" ,
PF => "French Polynesia" ,
PG => "Papua New Guinea" ,
PH => "Philippines" ,
PK => "Pakistan" ,
PL => "Poland" ,
PR => "Puerto Rico" ,
PS => "Palestinian Territory" ,
PT => "Portugal" ,
PW => "Palau" ,
PY => "Paraguay" ,
QA => "Qatar" ,
RO => "Romania" ,
RS => "Serbia" ,
RU => "Russian Federation" ,
RW => "Rwanda" ,
SA => "Saudi Arabia" ,
SB => "Solomon Islands" ,
SC => "Seychelles" ,
SD => "Sudan" ,
SE => "Sweden" ,
SG => "Singapore" ,
SI => "Slovenia" ,
SK => "Slovakia" ,
SL => "Sierra Leone" ,
SM => "San Marino" ,
SN => "Senegal" ,
SO => "Somalia" ,
ST => "Sao Tome and Principe" ,
SV => "El Salvador" ,
SY => "Syrian Arab Republic" ,
SZ => "Swaziland" ,
TH => "Thailand" ,
TK => "Tokelau" ,
TN => "Tunisia" ,
TO => "Tonga" ,
TR => "Turkey" ,
TT => "Trinidad and Tobago" ,
TV => "Tuvalu" ,
TW => "Taiwan" ,
TZ => "Tanzania, United Republic of" ,
UA => "Ukraine" ,
UG => "Uganda" ,
US => "United States" ,
UY => "Uruguay" ,
UZ => "Uzbekistan" ,
VA => "Holy See (Vatican City State)" ,
VE => "Venezuela" ,
VI => "Virgin Islands, U.S." ,
VN => "Vietnam" ,
VU => "Vanuatu" ,
WS => "Samoa" ,
YE => "Yemen" ,
ZA => "South Africa" ,
ZM => "Zambia" ,
ZW => "Zimbabwe" ,
);
}
#
# The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
#
@ -4659,6 +5109,16 @@ sub match_source_net( $;$\$ ) {
return $result;
}
if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
}
return join( '', '-m geoip ', $1 ? '! ' : '', '--src-cc ', $2 , ' ');
}
if ( $net =~ s/^!// ) {
if ( $net =~ /^([&%])(.+)/ ) {
return '! -s ' . record_runtime_address $1, $2;
@ -4713,6 +5173,16 @@ sub imatch_source_net( $;$\$ ) {
return \@result;
}
if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
}
return ( geoip => , join( '', $1 ? '! ' : '', '--src-cc ', $2 ) );
}
if ( $net =~ s/^!// ) {
if ( $net =~ /^([&%])(.+)/ ) {
return ( s => '! ' . record_runtime_address( $1, $2, 1 ) );
@ -4762,6 +5232,16 @@ sub match_dest_net( $ ) {
return $result;
}
if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
}
return join( '', '-m geoip ', $1 ? '! ' : '', '--dst-cc ', $2, ' ' );
}
if ( $net =~ s/^!// ) {
if ( $net =~ /^([&%])(.+)/ ) {
return '! -d ' . record_runtime_address $1, $2;
@ -4809,6 +5289,16 @@ sub imatch_dest_net( $ ) {
return \@result;
}
if ( $net =~ /^(!?){([A-Z,\d]+)}$/ ) {
require_capability 'GEOIP_MATCH', 'A country-code', '';
for ( split_list $2, 'cc' ) {
fatal_error "Unknown or invalid Country Code" unless $isocodes{$_};
}
return ( geoip => , join( '', $1 ? '! ' : '', '--dst-cc ', $2 ) );
}
if ( $net =~ s/^!// ) {
if ( $net =~ /^([&%])(.+)/ ) {
return ( d => '! ' . record_runtime_address( $1, $2, 1 ) );
@ -5607,7 +6097,8 @@ sub expand_rule( $$$$$$$$$$;$ )
} elsif ( $source =~ /^(.+?):(.+)$/ ) {
$iiface = $1;
$inets = $2;
} elsif ( $source =~ /\+|&|~|\..*\./ ) {
} elsif ( $source =~ /\+|&|~|\..*\./ ||
( ! ( $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT ) ) && $source =~ /^!?{/ ) ) {
$inets = $source;
} else {
$iiface = $source;
@ -5621,7 +6112,8 @@ sub expand_rule( $$$$$$$$$$;$ )
} else {
$inets = $source;
}
} elsif ( $source =~ /(?:\+|&|%|~|\..*\.)/ ) {
} elsif ( $source =~ /(?:\+|&|%|~|\..*\.)/ ||
( ! ( $restriction & ( OUTPUT_RESTRICT | POSTROUTE_RESTRICT ) ) && $source =~ /^!?{/ ) ) {
$inets = $source;
} else {
$iiface = $source;
@ -5706,7 +6198,8 @@ sub expand_rule( $$$$$$$$$$;$ )
if ( $dest =~ /^(.+?):(.+)$/ ) {
$diface = $1;
$dnets = $2;
} elsif ( $dest =~ /\+|&|%|~|\..*\./ ) {
} elsif ( $dest =~ /\+|&|%|~|\..*\./ ||
( ! ( $restriction & ( PREROUTE_RESTRICT | INPUT_RESTRICT ) ) && $dest =~ /^!?{/ ) ) {
$dnets = $dest;
} else {
$diface = $dest;
@ -5720,7 +6213,8 @@ sub expand_rule( $$$$$$$$$$;$ )
} else {
$dnets = $dest;
}
} elsif ( $dest =~ /(?:\+|&|\..*\.)/ ) {
} elsif ( $dest =~ /(?:\+|&|\..*\.)/ ||
( ! ( $restriction & ( PREROUTE_RESTRICT | INPUT_RESTRICT ) ) && $dest =~ /^!?{/ ) ) {
$dnets = $dest;
} else {
$diface = $dest;

339
Shorewall/action.GeoIP
View File

@ -1,339 +0,0 @@
#
# Shorewall 4 - GeoIP Action
#
# /usr/share/shorewall/action.GeoIP
#
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
#
# (c) 2012- Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# GeoIP[(<countries>[,{<action>|-}][,{src|dst}][,{audit|-}])]
#
# Where <countries> is a list of one or more ISO 3166 Country Codes (see table
# below).
#
# Default action is to do nothing, so either an <action> must be specified or
# the parameter list must be followed by :<loglevel> to generate a logging rule.
# (e.g., GeoIP(US):info).
#
##########################################################################################
FORMAT 2
DEFAULTS -,-,src,-
BEGIN PERL;
use strict;
use Shorewall::Chains qw(:DEFAULT :internal);
my ( $countries, $action, $srcdst, $audit ) = get_action_params( 4 );
our %isocodes = (
A1 => "Anonymous Proxy" ,
A2 => "Satellite Provider" ,
AD => "Andorra" ,
AE => "United Arab Emirates" ,
AF => "Afghanistan" ,
AG => "Antigua and Barbuda" ,
AI => "Anguilla" ,
AL => "Albania" ,
AM => "Armenia" ,
AN => "Netherlands Antilles" ,
AO => "Angola" ,
AP => "Asia/Pacific Region" ,
AQ => "Antarctica" ,
AR => "Argentina" ,
AS => "American Samoa" ,
AT => "Austria" ,
AU => "Australia" ,
AW => "Aruba" ,
AX => "Aland Islands" ,
AZ => "Azerbaijan" ,
BA => "Bosnia and Herzegovina" ,
BB => "Barbados" ,
BD => "Bangladesh" ,
BE => "Belgium" ,
BF => "Burkina Faso" ,
BG => "Bulgaria" ,
BH => "Bahrain" ,
BI => "Burundi" ,
BJ => "Benin" ,
BM => "Bermuda" ,
BN => "Brunei Darussalam" ,
BO => "Bolivia" ,
BR => "Brazil" ,
BS => "Bahamas" ,
BT => "Bhutan" ,
BV => "Bouvet Island" ,
BW => "Botswana" ,
BY => "Belarus" ,
BZ => "Belize" ,
CA => "Canada" ,
CC => "Cocos (Keeling) Islands" ,
CD => "Congo, The Democratic Republic of the" ,
CF => "Central African Republic" ,
CG => "Congo" ,
CH => "Switzerland" ,
CI => "Cote D'Ivoire" ,
CK => "Cook Islands" ,
CL => "Chile" ,
CM => "Cameroon" ,
CN => "China" ,
CO => "Colombia" ,
CR => "Costa Rica" ,
CU => "Cuba" ,
CV => "Cape Verde" ,
CX => "Christmas Island" ,
CY => "Cyprus" ,
CZ => "Czech Republic" ,
DE => "Germany" ,
DJ => "Djibouti" ,
DK => "Denmark" ,
DM => "Dominica" ,
DO => "Dominican Republic" ,
DZ => "Algeria" ,
EC => "Ecuador" ,
EE => "Estonia" ,
EG => "Egypt" ,
EH => "Western Sahara" ,
ER => "Eritrea" ,
ES => "Spain" ,
ET => "Ethiopia" ,
EU => "Europe" ,
FI => "Finland" ,
FJ => "Fiji" ,
FK => "Falkland Islands (Malvinas)" ,
FM => "Micronesia, Federated States of" ,
FO => "Faroe Islands" ,
FR => "France" ,
GA => "Gabon" ,
GB => "United Kingdom" ,
GD => "Grenada" ,
GE => "Georgia" ,
GF => "French Guiana" ,
GG => "Guernsey" ,
GH => "Ghana" ,
GI => "Gibraltar" ,
GL => "Greenland" ,
GM => "Gambia" ,
GN => "Guinea" ,
GP => "Guadeloupe" ,
GQ => "Equatorial Guinea" ,
GR => "Greece" ,
GS => "South Georgia and the South Sandwich Islands" ,
GT => "Guatemala" ,
GU => "Guam" ,
GW => "Guinea-Bissau" ,
GY => "Guyana" ,
HK => "Hong Kong" ,
HN => "Honduras" ,
HR => "Croatia" ,
HT => "Haiti" ,
HU => "Hungary" ,
ID => "Indonesia" ,
IE => "Ireland" ,
IL => "Israel" ,
IM => "Isle of Man" ,
IN => "India" ,
IO => "British Indian Ocean Territory" ,
IQ => "Iraq" ,
IR => "Iran, Islamic Republic of" ,
IS => "Iceland" ,
IT => "Italy" ,
JE => "Jersey" ,
JM => "Jamaica" ,
JO => "Jordan" ,
JP => "Japan" ,
KE => "Kenya" ,
KG => "Kyrgyzstan" ,
KH => "Cambodia" ,
KI => "Kiribati" ,
KM => "Comoros" ,
KN => "Saint Kitts and Nevis" ,
KP => "Korea, Democratic People's Republic of" ,
KR => "Korea, Republic of" ,
KW => "Kuwait" ,
KY => "Cayman Islands" ,
KZ => "Kazakhstan" ,
LA => "Lao People's Democratic Republic" ,
LB => "Lebanon" ,
LC => "Saint Lucia" ,
LI => "Liechtenstein" ,
LK => "Sri Lanka" ,
LR => "Liberia" ,
LS => "Lesotho" ,
LT => "Lithuania" ,
LU => "Luxembourg" ,
LV => "Latvia" ,
LY => "Libyan Arab Jamahiriya" ,
MA => "Morocco" ,
MC => "Monaco" ,
MD => "Moldova, Republic of" ,
ME => "Montenegro" ,
MG => "Madagascar" ,
MH => "Marshall Islands" ,
MK => "Macedonia" ,
ML => "Mali" ,
MM => "Myanmar" ,
MN => "Mongolia" ,
MO => "Macau" ,
MP => "Northern Mariana Islands" ,
MQ => "Martinique" ,
MR => "Mauritania" ,
MS => "Montserrat" ,
MT => "Malta" ,
MU => "Mauritius" ,
MV => "Maldives" ,
MW => "Malawi" ,
MX => "Mexico" ,
MY => "Malaysia" ,
MZ => "Mozambique" ,
NA => "Namibia" ,
NC => "New Caledonia" ,
NE => "Niger" ,
NF => "Norfolk Island" ,
NG => "Nigeria" ,
NI => "Nicaragua" ,
NL => "Netherlands" ,
NO => "Norway" ,
NP => "Nepal" ,
NR => "Nauru" ,
NU => "Niue" ,
NZ => "New Zealand" ,
OM => "Oman" ,
PA => "Panama" ,
PE => "Peru" ,
PF => "French Polynesia" ,
PG => "Papua New Guinea" ,
PH => "Philippines" ,
PK => "Pakistan" ,
PL => "Poland" ,
PM => "Saint Pierre and Miquelon" ,
PR => "Puerto Rico" ,
PS => "Palestinian Territory, Occupied" ,
PT => "Portugal" ,
PW => "Palau" ,
PY => "Paraguay" ,
QA => "Qatar" ,
RE => "Reunion" ,
RO => "Romania" ,
RS => "Serbia" ,
RU => "Russian Federation" ,
RW => "Rwanda" ,
SA => "Saudi Arabia" ,
SB => "Solomon Islands" ,
SC => "Seychelles" ,
SD => "Sudan" ,
SE => "Sweden" ,
SG => "Singapore" ,
SH => "Saint Helena" ,
SI => "Slovenia" ,
SJ => "Svalbard and Jan Mayen" ,
SK => "Slovakia" ,
SL => "Sierra Leone" ,
SM => "San Marino" ,
SN => "Senegal" ,
SO => "Somalia" ,
SR => "Suriname" ,
ST => "Sao Tome and Principe" ,
SV => "El Salvador" ,
SY => "Syrian Arab Republic" ,
SZ => "Swaziland" ,
TC => "Turks and Caicos Islands" ,
TD => "Chad" ,
TF => "French Southern Territories" ,
TG => "Togo" ,
TH => "Thailand" ,
TJ => "Tajikistan" ,
TK => "Tokelau" ,
TL => "Timor-Leste" ,
TM => "Turkmenistan" ,
TN => "Tunisia" ,
TO => "Tonga" ,
TR => "Turkey" ,
TT => "Trinidad and Tobago" ,
TV => "Tuvalu" ,
TW => "Taiwan" ,
TZ => "Tanzania, United Republic of" ,
UA => "Ukraine" ,
UG => "Uganda" ,
UM => "United States Minor Outlying Islands" ,
US => "United States" ,
UY => "Uruguay" ,
UZ => "Uzbekistan" ,
VA => "Holy See (Vatican City State)" ,
VC => "Saint Vincent and the Grenadines" ,
VE => "Venezuela" ,
VG => "Virgin Islands, British" ,
VI => "Virgin Islands, U.S." ,
VN => "Vietnam" ,
VU => "Vanuatu" ,
WF => "Wallis and Futuna" ,
WS => "Samoa" ,
YE => "Yemen" ,
YT => "Mayotte" ,
ZA => "South Africa" ,
ZM => "Zambia" ,
ZW => "Zimbabwe" ,
);
require_capability 'GEOIP_MATCH', 'The GeoIP action', 's';
fatal_error "Missing Country Code(s)" unless $countries;
fatal_error "Invalid parameter ($audit) to action GeoIP" if supplied $audit && $audit ne 'audit';
fatal_error "Invalid SRC/DST ($srcdst)" if supplied $srcdst && $srcdst !~ /^(src|dst)$/;
my $chainref = get_action_chain;
my ( $level, $tag ) = get_action_logging;
my $target = require_audit ( $action , $audit );
my $origcountries = $countries;
$countries =~ s/\|/,/g;
my @countries = split_list $countries, 'cc', $origcountries;
for ( @countries ) {
fatal_error "Unknown ISO 3661 Country Code ($_)" unless $isocodes{$_};
}
$tag = $countries[0] unless $tag || @countries > 1;
if ( $target ne '' ) {
my $targettype = $targets{$target} || 0;
fatal_error "Unknown ACTION ($target)" unless $targettype;
fatal_error "The $target action may not be passed to GeoIP" unless ( $targettype & (STANDARD | CHAIN | ACTION ) ) && ! ( $targettype & ( NATRULE | NONAT ) );
if ( $level ne '' ) {
my $chain1ref = ensure_filter_chain( newlogchain('filter' ), 0 );
log_rule_limit $level, $chain1ref, $chainref->{name}, $target ? $target : 'LOG' , '', $tag, 'add', '';
add_ijump( $chain1ref, j => $target );
$target = $chain1ref->{name};
}
add_ijump $chainref , j => $target, geoip => "--${srcdst}-cc $countries";
} elsif ( $level ne '' ) {
log_rule_limit $level, $chainref, 'GeoIP' , $target ? $target : 'LOG' , '', $tag, 'add', "-m geoip --${srcdst}-cc $countries";
} else {
fatal_error "Either an action or a log level must be specified";
}
allow_optimize( $chainref );
1;
END PERL;

1
Shorewall/actions.std
View File

@ -38,7 +38,6 @@ A_Reject # Audited Default action for REJECT policy
Broadcast # Handles Broadcast/Multicast/Anycast
Drop # Default Action for DROP policy
DropSmurfs # Drop smurf packets
GeoIP # Match packets by ISO 3166 Country Code
Invalid # Handles packets in the INVALID conntrack state
NotSyn # Handles TCP packets which do not have SYN=1 and ACK=0
Reject # Default Action for REJECT policy

39
Shorewall/manpages/shorewall-rules.xml
View File

@ -563,7 +563,7 @@
role="bold">-</emphasis>]}<emphasis
role="bold">[:</emphasis><emphasis>interface</emphasis>][<emphasis
role="bold">:</emphasis>{<emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...[<emphasis>exclusion</emphasis>]|<emphasis>exclusion</emphasis>|<emphasis
role="bold">+</emphasis><emphasis>ipset</emphasis>}</term>
role="bold">+</emphasis><emphasis>ipset</emphasis>|<replaceable>countrycode-list</replaceable>}</term>
<listitem>
<para>Source hosts to which the rule applies. May be a
@ -639,6 +639,16 @@
url="shorewall-interfaces.html">shorewall-interfaces</ulink>
(5).</para>
<para>Beginning with Shorewall 4.5.4, A
<replaceable>countrycode-list</replaceable> may be specified. A
countrycode-list is a comma-separated list of two-character ISO-3661
country codes enclosed in curly braces ('{...}'). A list of country
codes supported by Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your iptables and
Kernel.</para>
<para>You may exclude certain hosts from the set already defined
through use of an <emphasis>exclusion</emphasis> (see <ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5)).</para>
@ -726,7 +736,7 @@
role="bold">+</emphasis>][<emphasis
role="bold">-</emphasis>]}<emphasis
role="bold">[:{</emphasis><emphasis>interface</emphasis>|<emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...[<emphasis>exclusion</emphasis>]|<emphasis>exclusion</emphasis>|<emphasis
role="bold">+</emphasis><emphasis>ipset</emphasis>}][<option>:</option><replaceable>port</replaceable>[:<emphasis
role="bold">+</emphasis><emphasis>ipset</emphasis>|<emphasis>countrycode-list</emphasis>}][<option>:</option><replaceable>port</replaceable>[:<emphasis
role="bold">random</emphasis>]]</term>
<listitem>
@ -744,6 +754,16 @@
"+" to indicate that the rule is to apply to intra-zone traffic as
well as inter-zone traffic.</para>
<para>Beginning with Shorewall 4.5.4, A
<replaceable>countrycode-list</replaceable> may be specified. A
countrycode-list is a comma-separated list of two-character ISO-3661
country codes enclosed in curly braces ('{...}'). A list of country
codes supported by Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your iptables and
Kernel.</para>
<para>When <emphasis role="bold">none</emphasis> is used either in
the <emphasis role="bold">SOURCE</emphasis> or <emphasis
role="bold">DEST</emphasis> column, the rule is ignored.</para>
@ -1505,7 +1525,7 @@
SSH connection to the ipset S:</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST
# PORT(S)
# PORT(S)
ADD(+S:dst,src,dst) net fw tcp 22</programlisting>
</listitem>
</varlistentry>
@ -1535,6 +1555,19 @@
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>Example 13:</term>
<listitem>
<para>Drop all email from the <emphasis>Anonymous Proxy</emphasis>
and <emphasis>Satellite Provider</emphasis> address ranges:</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST
# PORT(S)
DROP net:{A1,A2} fw tcp 22</programlisting>
</listitem>
</varlistentry>
</variablelist>
</refsect1>

37
Shorewall6/manpages/shorewall6-rules.xml
View File

@ -422,7 +422,7 @@
role="bold">-</emphasis>]}<emphasis
role="bold">[:</emphasis><emphasis>interface</emphasis>][<emphasis
role="bold">:<option>&lt;</option></emphasis>{<emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...[<emphasis>exclusion</emphasis>]<option>&gt;</option>|<emphasis>exclusion</emphasis>|<emphasis
role="bold">+</emphasis><emphasis>ipset</emphasis>}</term>
role="bold">+</emphasis><emphasis>ipset</emphasis>|<replaceable>countrycode-list</replaceable>}</term>
<listitem>
<para>Source hosts to which the rule applies. May be a zone declared
@ -490,6 +490,16 @@
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
<para>Beginning with Shorewall 4.5.4, A
<replaceable>countrycode-list</replaceable> may be specified. A
countrycode-list is a comma-separated list of two-character ISO-3661
country codes enclosed in curly braces ('{...}'). A list of country
codes supported by Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your ip6tables and
Kernel.</para>
<para>When an <replaceable>interface</replaceable> is not specified,
you may omit the angled brackets ('&lt;' and '&gt;') around the
address(es) or you may supply them to improve readability.</para>
@ -586,7 +596,7 @@
role="bold">-</emphasis>]}<emphasis
role="bold">[:</emphasis><emphasis>interface</emphasis>][<emphasis
role="bold">:<option>&lt;</option></emphasis>{<emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...[<emphasis>exclusion</emphasis>]<option>&gt;</option>|<emphasis>exclusion</emphasis>|<emphasis
role="bold">+</emphasis><emphasis>ipset</emphasis>}</emphasis></term>
role="bold">+</emphasis><emphasis>ipset</emphasis>|<emphasis>countrycode-list</emphasis>}</emphasis></term>
<listitem>
<para>Location of Server. May be a zone declared in <ulink
@ -612,6 +622,16 @@
url="shorewall-interfaces.html">shorewall6-interfaces</ulink>
(5).</para>
<para>Beginning with Shorewall 4.5.4, A
<replaceable>countrycode-list</replaceable> may be specified. A
countrycode-list is a comma-separated list of two-character ISO-3661
country codes enclosed in curly braces ('{...}'). A list of country
codes supported by Shorewall may be found at <ulink
url="http://www.shorewall.net/ISO-3661.html">http://www.shorewall.net/ISO-3661.html</ulink>.
Specifying a <replaceable>countrycode-list</replaceable> requires
<firstterm>GeoIP Match</firstterm> support in your ip6tables and
Kernel.</para>
<para>When <emphasis role="bold">none</emphasis> is used either in
the <emphasis role="bold">SOURCE</emphasis> or <emphasis
role="bold">DEST</emphasis> column, the rule is ignored.</para>
@ -1215,6 +1235,19 @@
DNAT net dmz:$BACKUP tcp 80 - - - - - - - - primary_down</programlisting>
</listitem>
</varlistentry>
<varlistentry>
<term>Example 7:</term>
<listitem>
<para>Drop all email from IP addresses in the country whose ISO-3661
country code is ZZ.</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST
# PORT(S)
DROP net:{ZZ} fw tcp 22</programlisting>
</listitem>
</varlistentry>
</variablelist>
</refsect1>

510
docs/ISO-3661.xml Normal file
View File

@ -0,0 +1,510 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>ISO 3661 Country Codes recognized by Shorewall</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2012</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, with no Front-Cover, and with no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<section>
<title>Introduction</title>
<para>Beginning with Shorewall 4.5.4, Shorewall allows matching packet
SOURCE and/or DEST IP addresses by their corresponding country. That is
dont by specifying a comma-separated list of ISO-3661 2-character Country
Codes enclosed in curly braces ('{...}').</para>
<para>Example - Drop email from the Anonymous Proxy and Satellite Provider
networks.</para>
<para><filename>/etc/shorewall/tcrules</filename>:</para>
<programlisting> #ACTION SOURCE DEST PROTO DEST
# PORT(S)
DROP:info net:{A1,A2} dmz tcp 25
</programlisting>
<para>The country codes recognized by Shorewall as of Shorewall 4.5.4 are
shown in the following two sections.</para>
</section>
<section>
<title>IPv4</title>
<programlisting> A1 =&gt; "Anonymous Proxy" ,
A2 =&gt; "Satellite Provider" ,
AD =&gt; "Andorra" ,
AE =&gt; "United Arab Emirates" ,
AF =&gt; "Afghanistan" ,
AG =&gt; "Antigua and Barbuda" ,
AI =&gt; "Anguilla" ,
AL =&gt; "Albania" ,
AM =&gt; "Armenia" ,
AN =&gt; "Netherlands Antilles" ,
AO =&gt; "Angola" ,
AP =&gt; "Asia/Pacific Region" ,
AQ =&gt; "Antarctica" ,
AR =&gt; "Argentina" ,
AS =&gt; "American Samoa" ,
AT =&gt; "Austria" ,
AU =&gt; "Australia" ,
AW =&gt; "Aruba" ,
AX =&gt; "Aland Islands" ,
AZ =&gt; "Azerbaijan" ,
BA =&gt; "Bosnia and Herzegovina" ,
BB =&gt; "Barbados" ,
BD =&gt; "Bangladesh" ,
BE =&gt; "Belgium" ,
BF =&gt; "Burkina Faso" ,
BG =&gt; "Bulgaria" ,
BH =&gt; "Bahrain" ,
BI =&gt; "Burundi" ,
BJ =&gt; "Benin" ,
BM =&gt; "Bermuda" ,
BN =&gt; "Brunei Darussalam" ,
BO =&gt; "Bolivia" ,
BR =&gt; "Brazil" ,
BS =&gt; "Bahamas" ,
BT =&gt; "Bhutan" ,
BV =&gt; "Bouvet Island" ,
BW =&gt; "Botswana" ,
BY =&gt; "Belarus" ,
BZ =&gt; "Belize" ,
CA =&gt; "Canada" ,
CC =&gt; "Cocos (Keeling) Islands" ,
CD =&gt; "Congo, The Democratic Republic of the" ,
CF =&gt; "Central African Republic" ,
CG =&gt; "Congo" ,
CH =&gt; "Switzerland" ,
CI =&gt; "Cote D'Ivoire" ,
CK =&gt; "Cook Islands" ,
CL =&gt; "Chile" ,
CM =&gt; "Cameroon" ,
CN =&gt; "China" ,
CO =&gt; "Colombia" ,
CR =&gt; "Costa Rica" ,
CU =&gt; "Cuba" ,
CV =&gt; "Cape Verde" ,
CX =&gt; "Christmas Island" ,
CY =&gt; "Cyprus" ,
CZ =&gt; "Czech Republic" ,
DE =&gt; "Germany" ,
DJ =&gt; "Djibouti" ,
DK =&gt; "Denmark" ,
DM =&gt; "Dominica" ,
DO =&gt; "Dominican Republic" ,
DZ =&gt; "Algeria" ,
EC =&gt; "Ecuador" ,
EE =&gt; "Estonia" ,
EG =&gt; "Egypt" ,
EH =&gt; "Western Sahara" ,
ER =&gt; "Eritrea" ,
ES =&gt; "Spain" ,
ET =&gt; "Ethiopia" ,
EU =&gt; "Europe" ,
FI =&gt; "Finland" ,
FJ =&gt; "Fiji" ,
FK =&gt; "Falkland Islands (Malvinas)" ,
FM =&gt; "Micronesia, Federated States of" ,
FO =&gt; "Faroe Islands" ,
FR =&gt; "France" ,
GA =&gt; "Gabon" ,
GB =&gt; "United Kingdom" ,
GD =&gt; "Grenada" ,
GE =&gt; "Georgia" ,
GF =&gt; "French Guiana" ,
GG =&gt; "Guernsey" ,
GH =&gt; "Ghana" ,
GI =&gt; "Gibraltar" ,
GL =&gt; "Greenland" ,
GM =&gt; "Gambia" ,
GN =&gt; "Guinea" ,
GP =&gt; "Guadeloupe" ,
GQ =&gt; "Equatorial Guinea" ,
GR =&gt; "Greece" ,
GS =&gt; "South Georgia and the South Sandwich Islands" ,
GT =&gt; "Guatemala" ,
GU =&gt; "Guam" ,
GW =&gt; "Guinea-Bissau" ,
GY =&gt; "Guyana" ,
HK =&gt; "Hong Kong" ,
HN =&gt; "Honduras" ,
HR =&gt; "Croatia" ,
HT =&gt; "Haiti" ,
HU =&gt; "Hungary" ,
ID =&gt; "Indonesia" ,
IE =&gt; "Ireland" ,
IL =&gt; "Israel" ,
IM =&gt; "Isle of Man" ,
IN =&gt; "India" ,
IO =&gt; "British Indian Ocean Territory" ,
IQ =&gt; "Iraq" ,
IR =&gt; "Iran, Islamic Republic of" ,
IS =&gt; "Iceland" ,
IT =&gt; "Italy" ,
JE =&gt; "Jersey" ,
JM =&gt; "Jamaica" ,
JO =&gt; "Jordan" ,
JP =&gt; "Japan" ,
KE =&gt; "Kenya" ,
KG =&gt; "Kyrgyzstan" ,
KH =&gt; "Cambodia" ,
KI =&gt; "Kiribati" ,
KM =&gt; "Comoros" ,
KN =&gt; "Saint Kitts and Nevis" ,
KP =&gt; "Korea, Democratic People's Republic of" ,
KR =&gt; "Korea, Republic of" ,
KW =&gt; "Kuwait" ,
KY =&gt; "Cayman Islands" ,
KZ =&gt; "Kazakhstan" ,
LA =&gt; "Lao People's Democratic Republic" ,
LB =&gt; "Lebanon" ,
LC =&gt; "Saint Lucia" ,
LI =&gt; "Liechtenstein" ,
LK =&gt; "Sri Lanka" ,
LR =&gt; "Liberia" ,
LS =&gt; "Lesotho" ,
LT =&gt; "Lithuania" ,
LU =&gt; "Luxembourg" ,
LV =&gt; "Latvia" ,
LY =&gt; "Libyan Arab Jamahiriya" ,
MA =&gt; "Morocco" ,
MC =&gt; "Monaco" ,
MD =&gt; "Moldova, Republic of" ,
ME =&gt; "Montenegro" ,
MG =&gt; "Madagascar" ,
MH =&gt; "Marshall Islands" ,
MK =&gt; "Macedonia" ,
ML =&gt; "Mali" ,
MM =&gt; "Myanmar" ,
MN =&gt; "Mongolia" ,
MO =&gt; "Macau" ,
MP =&gt; "Northern Mariana Islands" ,
MQ =&gt; "Martinique" ,
MR =&gt; "Mauritania" ,
MS =&gt; "Montserrat" ,
MT =&gt; "Malta" ,
MU =&gt; "Mauritius" ,
MV =&gt; "Maldives" ,
MW =&gt; "Malawi" ,
MX =&gt; "Mexico" ,
MY =&gt; "Malaysia" ,
MZ =&gt; "Mozambique" ,
NA =&gt; "Namibia" ,
NC =&gt; "New Caledonia" ,
NE =&gt; "Niger" ,
NF =&gt; "Norfolk Island" ,
NG =&gt; "Nigeria" ,
NI =&gt; "Nicaragua" ,
NL =&gt; "Netherlands" ,
NO =&gt; "Norway" ,
NP =&gt; "Nepal" ,
NR =&gt; "Nauru" ,
NU =&gt; "Niue" ,
NZ =&gt; "New Zealand" ,
OM =&gt; "Oman" ,
PA =&gt; "Panama" ,
PE =&gt; "Peru" ,
PF =&gt; "French Polynesia" ,
PG =&gt; "Papua New Guinea" ,
PH =&gt; "Philippines" ,
PK =&gt; "Pakistan" ,
PL =&gt; "Poland" ,
PM =&gt; "Saint Pierre and Miquelon" ,
PR =&gt; "Puerto Rico" ,
PS =&gt; "Palestinian Territory, Occupied" ,
PT =&gt; "Portugal" ,
PW =&gt; "Palau" ,
PY =&gt; "Paraguay" ,
QA =&gt; "Qatar" ,
RE =&gt; "Reunion" ,
RO =&gt; "Romania" ,
RS =&gt; "Serbia" ,
RU =&gt; "Russian Federation" ,
RW =&gt; "Rwanda" ,
SA =&gt; "Saudi Arabia" ,
SB =&gt; "Solomon Islands" ,
SC =&gt; "Seychelles" ,
SD =&gt; "Sudan" ,
SE =&gt; "Sweden" ,
SG =&gt; "Singapore" ,
SH =&gt; "Saint Helena" ,
SI =&gt; "Slovenia" ,
SJ =&gt; "Svalbard and Jan Mayen" ,
SK =&gt; "Slovakia" ,
SL =&gt; "Sierra Leone" ,
SM =&gt; "San Marino" ,
SN =&gt; "Senegal" ,
SO =&gt; "Somalia" ,
SR =&gt; "Suriname" ,
ST =&gt; "Sao Tome and Principe" ,
SV =&gt; "El Salvador" ,
SY =&gt; "Syrian Arab Republic" ,
SZ =&gt; "Swaziland" ,
TC =&gt; "Turks and Caicos Islands" ,
TD =&gt; "Chad" ,
TF =&gt; "French Southern Territories" ,
TG =&gt; "Togo" ,
TH =&gt; "Thailand" ,
TJ =&gt; "Tajikistan" ,
TK =&gt; "Tokelau" ,
TL =&gt; "Timor-Leste" ,
TM =&gt; "Turkmenistan" ,
TN =&gt; "Tunisia" ,
TO =&gt; "Tonga" ,
TR =&gt; "Turkey" ,
TT =&gt; "Trinidad and Tobago" ,
TV =&gt; "Tuvalu" ,
TW =&gt; "Taiwan" ,
TZ =&gt; "Tanzania, United Republic of" ,
UA =&gt; "Ukraine" ,
UG =&gt; "Uganda" ,
UM =&gt; "United States Minor Outlying Islands" ,
US =&gt; "United States" ,
UY =&gt; "Uruguay" ,
UZ =&gt; "Uzbekistan" ,
VA =&gt; "Holy See (Vatican City State)" ,
VC =&gt; "Saint Vincent and the Grenadines" ,
VE =&gt; "Venezuela" ,
VG =&gt; "Virgin Islands, British" ,
VI =&gt; "Virgin Islands, U.S." ,
VN =&gt; "Vietnam" ,
VU =&gt; "Vanuatu" ,
WF =&gt; "Wallis and Futuna" ,
WS =&gt; "Samoa" ,
YE =&gt; "Yemen" ,
YT =&gt; "Mayotte" ,
ZA =&gt; "South Africa" ,
ZM =&gt; "Zambia" ,
ZW =&gt; "Zimbabwe" ,
</programlisting>
</section>
<section>
<title>IPv6</title>
<programlisting> AD =&gt; "Andorra" ,
AE =&gt; "United Arab Emirates" ,
AF =&gt; "Afghanistan" ,
AL =&gt; "Albania" ,
AM =&gt; "Armenia" ,
AO =&gt; "Angola" ,
AP =&gt; "Asia/Pacific Region" ,
AR =&gt; "Argentina" ,
AS =&gt; "American Samoa" ,
AT =&gt; "Austria" ,
AU =&gt; "Australia" ,
AW =&gt; "Aruba" ,
AZ =&gt; "Azerbaijan" ,
BA =&gt; "Bosnia and Herzegovina" ,
BD =&gt; "Bangladesh" ,
BE =&gt; "Belgium" ,
BF =&gt; "Burkina Faso" ,
BG =&gt; "Bulgaria" ,
BH =&gt; "Bahrain" ,
BI =&gt; "Burundi" ,
BJ =&gt; "Benin" ,
BM =&gt; "Bermuda" ,
BN =&gt; "Brunei Darussalam" ,
BO =&gt; "Bolivia" ,
BR =&gt; "Brazil" ,
BS =&gt; "Bahamas" ,
BT =&gt; "Bhutan" ,
BW =&gt; "Botswana" ,
BY =&gt; "Belarus" ,
BZ =&gt; "Belize" ,
CA =&gt; "Canada" ,
CD =&gt; "Congo, The Democratic Republic of the" ,
CH =&gt; "Switzerland" ,
CI =&gt; "Cote D'Ivoire" ,
CK =&gt; "Cook Islands" ,
CL =&gt; "Chile" ,
CM =&gt; "Cameroon" ,
CN =&gt; "China" ,
CO =&gt; "Colombia" ,
CR =&gt; "Costa Rica" ,
CU =&gt; "Cuba" ,
CW =&gt; "" ,
CY =&gt; "Cyprus" ,
CZ =&gt; "Czech Republic" ,
DE =&gt; "Germany" ,
DJ =&gt; "Djibouti" ,
DK =&gt; "Denmark" ,
DO =&gt; "Dominican Republic" ,
DZ =&gt; "Algeria" ,
EC =&gt; "Ecuador" ,
EE =&gt; "Estonia" ,
EG =&gt; "Egypt" ,
ES =&gt; "Spain" ,
EU =&gt; "Europe" ,
FI =&gt; "Finland" ,
FJ =&gt; "Fiji" ,
FM =&gt; "Micronesia, Federated States of" ,
FO =&gt; "Faroe Islands" ,
FR =&gt; "France" ,
GB =&gt; "United Kingdom" ,
GD =&gt; "Grenada" ,
GE =&gt; "Georgia" ,
GG =&gt; "Guernsey" ,
GH =&gt; "Ghana" ,
GI =&gt; "Gibraltar" ,
GL =&gt; "Greenland" ,
GM =&gt; "Gambia" ,
GP =&gt; "Guadeloupe" ,
GR =&gt; "Greece" ,
GT =&gt; "Guatemala" ,
GU =&gt; "Guam" ,
GY =&gt; "Guyana" ,
HK =&gt; "Hong Kong" ,
HN =&gt; "Honduras" ,
HR =&gt; "Croatia" ,
HT =&gt; "Haiti" ,
HU =&gt; "Hungary" ,
ID =&gt; "Indonesia" ,
IE =&gt; "Ireland" ,
IL =&gt; "Israel" ,
IM =&gt; "Isle of Man" ,
IN =&gt; "India" ,
IQ =&gt; "Iraq" ,
IR =&gt; "Iran, Islamic Republic of" ,
IS =&gt; "Iceland" ,
IT =&gt; "Italy" ,
JE =&gt; "Jersey" ,
JM =&gt; "Jamaica" ,
JO =&gt; "Jordan" ,
JP =&gt; "Japan" ,
KE =&gt; "Kenya" ,
KG =&gt; "Kyrgyzstan" ,
KH =&gt; "Cambodia" ,
KN =&gt; "Saint Kitts and Nevis" ,
KR =&gt; "Korea, Republic of" ,
KW =&gt; "Kuwait" ,
KY =&gt; "Cayman Islands" ,
KZ =&gt; "Kazakhstan" ,
LA =&gt; "Lao People's Democratic Republic" ,
LB =&gt; "Lebanon" ,
LI =&gt; "Liechtenstein" ,
LK =&gt; "Sri Lanka" ,
LS =&gt; "Lesotho" ,
LT =&gt; "Lithuania" ,
LU =&gt; "Luxembourg" ,
LV =&gt; "Latvia" ,
LY =&gt; "Libyan Arab Jamahiriya" ,
MA =&gt; "Morocco" ,
MC =&gt; "Monaco" ,
MD =&gt; "Moldova, Republic of" ,
ME =&gt; "Montenegro" ,
MG =&gt; "Madagascar" ,
MH =&gt; "Marshall Islands" ,
MK =&gt; "Macedonia" ,
ML =&gt; "Mali" ,
MM =&gt; "Myanmar" ,
MN =&gt; "Mongolia" ,
MO =&gt; "Macau" ,
MT =&gt; "Malta" ,
MU =&gt; "Mauritius" ,
MV =&gt; "Maldives" ,
MW =&gt; "Malawi" ,
MX =&gt; "Mexico" ,
MY =&gt; "Malaysia" ,
MZ =&gt; "Mozambique" ,
NA =&gt; "Namibia" ,
NC =&gt; "New Caledonia" ,
NF =&gt; "Norfolk Island" ,
NG =&gt; "Nigeria" ,
NI =&gt; "Nicaragua" ,
NL =&gt; "Netherlands" ,
NO =&gt; "Norway" ,
NP =&gt; "Nepal" ,
NR =&gt; "Nauru" ,
NU =&gt; "Niue" ,
NZ =&gt; "New Zealand" ,
OM =&gt; "Oman" ,
PA =&gt; "Panama" ,
PE =&gt; "Peru" ,
PF =&gt; "French Polynesia" ,
PG =&gt; "Papua New Guinea" ,
PH =&gt; "Philippines" ,
PK =&gt; "Pakistan" ,
PL =&gt; "Poland" ,
PR =&gt; "Puerto Rico" ,
PS =&gt; "Palestinian Territory" ,
PT =&gt; "Portugal" ,
PW =&gt; "Palau" ,
PY =&gt; "Paraguay" ,
QA =&gt; "Qatar" ,
RO =&gt; "Romania" ,
RS =&gt; "Serbia" ,
RU =&gt; "Russian Federation" ,
RW =&gt; "Rwanda" ,
SA =&gt; "Saudi Arabia" ,
SB =&gt; "Solomon Islands" ,
SC =&gt; "Seychelles" ,
SD =&gt; "Sudan" ,
SE =&gt; "Sweden" ,
SG =&gt; "Singapore" ,
SI =&gt; "Slovenia" ,
SK =&gt; "Slovakia" ,
SL =&gt; "Sierra Leone" ,
SM =&gt; "San Marino" ,
SN =&gt; "Senegal" ,
SO =&gt; "Somalia" ,
ST =&gt; "Sao Tome and Principe" ,
SV =&gt; "El Salvador" ,
SY =&gt; "Syrian Arab Republic" ,
SZ =&gt; "Swaziland" ,
TH =&gt; "Thailand" ,
TK =&gt; "Tokelau" ,
TN =&gt; "Tunisia" ,
TO =&gt; "Tonga" ,
TR =&gt; "Turkey" ,
TT =&gt; "Trinidad and Tobago" ,
TV =&gt; "Tuvalu" ,
TW =&gt; "Taiwan" ,
TZ =&gt; "Tanzania, United Republic of" ,
UA =&gt; "Ukraine" ,
UG =&gt; "Uganda" ,
US =&gt; "United States" ,
UY =&gt; "Uruguay" ,
UZ =&gt; "Uzbekistan" ,
VA =&gt; "Holy See (Vatican City State)" ,
VE =&gt; "Venezuela" ,
VI =&gt; "Virgin Islands, U.S." ,
VN =&gt; "Vietnam" ,
VU =&gt; "Vanuatu" ,
WS =&gt; "Samoa" ,
YE =&gt; "Yemen" ,
ZA =&gt; "South Africa" ,
ZM =&gt; "Zambia" ,
ZW =&gt; "Zimbabwe" ,
</programlisting>
</section>
</article>

8
docs/template.xml
View File

@ -5,7 +5,7 @@
<!--$Id$-->
<articleinfo>
<title></title>
<title/>
<authorgroup>
<author>
@ -18,7 +18,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2011</year>
<year>2012</year>
<holder>Thomas M. Eastep</holder>
</copyright>
@ -35,8 +35,8 @@
</articleinfo>
<section>
<title></title>
<title/>
<para></para>
<para/>
</section>
</article>