<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<article>
  <!--$Id$-->

  <articleinfo>
    <title>ISO 3661 Country Codes recognized by Shorewall</title>

    <authorgroup>
      <author>
        <firstname>Tom</firstname>

        <surname>Eastep</surname>
      </author>
    </authorgroup>

    <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>

    <copyright>
      <year>2012</year>

      <holder>Thomas M. Eastep</holder>
    </copyright>

    <legalnotice>
      <para>Permission is granted to copy, distribute and/or modify this
      document under the terms of the GNU Free Documentation License, Version
      1.2 or any later version published by the Free Software Foundation; with
      no Invariant Sections, with no Front-Cover, and with no Back-Cover
      Texts. A copy of the license is included in the section entitled
      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation
      License</ulink></quote>.</para>
    </legalnotice>
  </articleinfo>

  <section>
    <title>Introduction</title>

    <para>Beginning with Shorewall 4.5.4, Shorewall allows matching packet
    SOURCE and/or DEST IP addresses by their corresponding country. That is
    done by specifying a comma-separated list of up to 15 ISO-3661 2-character
    Country Codes enclosed in square brackets ('[...]') and prefixed by a
    caret ('^'). When a single country code is given, the square brackets can
    be omitted.</para>

    <para>Example - Drop email from the Anonymous Proxy and Satellite Provider
    networks.</para>

    <para><filename>/etc/shorewall/rules</filename>:</para>

    <programlisting>    #ACTION   	   SOURCE	 	DEST	PROTO	DEST
    #		   					PORT(S)
    DROP:info	   net:^[A1,A2]		dmz	tcp	25
</programlisting>

    <para>Using this feature requires the <firstterm>GeoIP Match</firstterm>
    capability in your iptables and kernel. As of this writing, that
    capability requires installing <ulink
    url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> 1.33
    or later and <ulink
    url="http://xtables-addons.sourceforge.net/geoip.php">creating a
    country-code database</ulink>.</para>

    <para>The Shorewall compiler uses the geoip country-code database to
    determine the valid set of two-character alphanumeric country codes. The
    location of that database is currently hard-coded in xtables-addons as
    <filename>/usr/share/xt_geoip/</filename>. Within that directory are two
    sub-directories:</para>

    <itemizedlist>
      <listitem>
        <para>LE -- contains the little-endian database</para>
      </listitem>

      <listitem>
        <para>BE -- contains the big-endian database</para>
      </listitem>
    </itemizedlist>

    <para>To accomodate both big-endian and little-endian machines as well as
    any future ability to install the database at another location, Shorewall
    supports a GEOIPDIR option in <ulink
    url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink
    url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5). The
    default value of that option is
    <filename>/usr/share/xt_geoip/LE</filename>.</para>

    <para>The country codes at the time of this writing are shown in the
    following two sections.</para>
  </section>

  <section>
    <title>IPv4</title>

    <programlisting>     A1 =&gt; "Anonymous Proxy" ,
     A2 =&gt; "Satellite Provider" ,
     AD =&gt; "Andorra" ,
     AE =&gt; "United Arab Emirates" ,
     AF =&gt; "Afghanistan" ,
     AG =&gt; "Antigua and Barbuda" ,
     AI =&gt; "Anguilla" ,
     AL =&gt; "Albania" ,
     AM =&gt; "Armenia" ,
     AN =&gt; "Netherlands Antilles" ,
     AO =&gt; "Angola" ,
     AP =&gt; "Asia/Pacific Region" ,
     AQ =&gt; "Antarctica" ,
     AR =&gt; "Argentina" ,
     AS =&gt; "American Samoa" ,
     AT =&gt; "Austria" ,
     AU =&gt; "Australia" ,
     AW =&gt; "Aruba" ,
     AX =&gt; "Aland Islands" ,
     AZ =&gt; "Azerbaijan" ,
     BA =&gt; "Bosnia and Herzegovina" ,
     BB =&gt; "Barbados" ,
     BD =&gt; "Bangladesh" ,
     BE =&gt; "Belgium" ,
     BF =&gt; "Burkina Faso" ,
     BG =&gt; "Bulgaria" ,
     BH =&gt; "Bahrain" ,
     BI =&gt; "Burundi" ,
     BJ =&gt; "Benin" ,
     BM =&gt; "Bermuda" ,
     BN =&gt; "Brunei Darussalam" ,
     BO =&gt; "Bolivia" ,
     BR =&gt; "Brazil" ,
     BS =&gt; "Bahamas" ,
     BT =&gt; "Bhutan" ,
     BV =&gt; "Bouvet Island" ,
     BW =&gt; "Botswana" ,
     BY =&gt; "Belarus" ,
     BZ =&gt; "Belize" ,
     CA =&gt; "Canada" ,
     CC =&gt; "Cocos (Keeling) Islands" ,
     CD =&gt; "Congo, The Democratic Republic of the" ,
     CF =&gt; "Central African Republic" ,
     CG =&gt; "Congo" ,
     CH =&gt; "Switzerland" ,
     CI =&gt; "Cote D'Ivoire" ,
     CK =&gt; "Cook Islands" ,
     CL =&gt; "Chile" ,
     CM =&gt; "Cameroon" ,
     CN =&gt; "China" ,
     CO =&gt; "Colombia" ,
     CR =&gt; "Costa Rica" ,
     CU =&gt; "Cuba" ,
     CV =&gt; "Cape Verde" ,
     CX =&gt; "Christmas Island" ,
     CY =&gt; "Cyprus" ,
     CZ =&gt; "Czech Republic" ,
     DE =&gt; "Germany" ,
     DJ =&gt; "Djibouti" ,
     DK =&gt; "Denmark" ,
     DM =&gt; "Dominica" ,
     DO =&gt; "Dominican Republic" ,
     DZ =&gt; "Algeria" ,
     EC =&gt; "Ecuador" ,
     EE =&gt; "Estonia" ,
     EG =&gt; "Egypt" ,
     EH =&gt; "Western Sahara" ,
     ER =&gt; "Eritrea" ,
     ES =&gt; "Spain" ,
     ET =&gt; "Ethiopia" ,
     EU =&gt; "Europe" ,
     FI =&gt; "Finland" ,
     FJ =&gt; "Fiji" ,
     FK =&gt; "Falkland Islands (Malvinas)" ,
     FM =&gt; "Micronesia, Federated States of" ,
     FO =&gt; "Faroe Islands" ,
     FR =&gt; "France" ,
     GA =&gt; "Gabon" ,
     GB =&gt; "United Kingdom" ,
     GD =&gt; "Grenada" ,
     GE =&gt; "Georgia" ,
     GF =&gt; "French Guiana" ,
     GG =&gt; "Guernsey" ,
     GH =&gt; "Ghana" ,
     GI =&gt; "Gibraltar" ,
     GL =&gt; "Greenland" ,
     GM =&gt; "Gambia" ,
     GN =&gt; "Guinea" ,
     GP =&gt; "Guadeloupe" ,
     GQ =&gt; "Equatorial Guinea" ,
     GR =&gt; "Greece" ,
     GS =&gt; "South Georgia and the South Sandwich Islands" ,
     GT =&gt; "Guatemala" ,
     GU =&gt; "Guam" ,
     GW =&gt; "Guinea-Bissau" ,
     GY =&gt; "Guyana" ,
     HK =&gt; "Hong Kong" ,
     HN =&gt; "Honduras" ,
     HR =&gt; "Croatia" ,
     HT =&gt; "Haiti" ,
     HU =&gt; "Hungary" ,
     ID =&gt; "Indonesia" ,
     IE =&gt; "Ireland" ,
     IL =&gt; "Israel" ,
     IM =&gt; "Isle of Man" ,
     IN =&gt; "India" ,
     IO =&gt; "British Indian Ocean Territory" ,
     IQ =&gt; "Iraq" ,
     IR =&gt; "Iran, Islamic Republic of" ,
     IS =&gt; "Iceland" ,
     IT =&gt; "Italy" ,
     JE =&gt; "Jersey" ,
     JM =&gt; "Jamaica" ,
     JO =&gt; "Jordan" ,
     JP =&gt; "Japan" ,
     KE =&gt; "Kenya" ,
     KG =&gt; "Kyrgyzstan" ,
     KH =&gt; "Cambodia" ,
     KI =&gt; "Kiribati" ,
     KM =&gt; "Comoros" ,
     KN =&gt; "Saint Kitts and Nevis" ,
     KP =&gt; "Korea, Democratic People's Republic of" ,
     KR =&gt; "Korea, Republic of" ,
     KW =&gt; "Kuwait" ,
     KY =&gt; "Cayman Islands" ,
     KZ =&gt; "Kazakhstan" ,
     LA =&gt; "Lao People's Democratic Republic" ,
     LB =&gt; "Lebanon" ,
     LC =&gt; "Saint Lucia" ,
     LI =&gt; "Liechtenstein" ,
     LK =&gt; "Sri Lanka" ,
     LR =&gt; "Liberia" ,
     LS =&gt; "Lesotho" ,
     LT =&gt; "Lithuania" ,
     LU =&gt; "Luxembourg" ,
     LV =&gt; "Latvia" ,
     LY =&gt; "Libyan Arab Jamahiriya" ,
     MA =&gt; "Morocco" ,
     MC =&gt; "Monaco" ,
     MD =&gt; "Moldova, Republic of" ,
     ME =&gt; "Montenegro" ,
     MG =&gt; "Madagascar" ,
     MH =&gt; "Marshall Islands" ,
     MK =&gt; "Macedonia" ,
     ML =&gt; "Mali" ,
     MM =&gt; "Myanmar" ,
     MN =&gt; "Mongolia" ,
     MO =&gt; "Macau" ,
     MP =&gt; "Northern Mariana Islands" ,
     MQ =&gt; "Martinique" ,
     MR =&gt; "Mauritania" ,
     MS =&gt; "Montserrat" ,
     MT =&gt; "Malta" ,
     MU =&gt; "Mauritius" ,
     MV =&gt; "Maldives" ,
     MW =&gt; "Malawi" ,
     MX =&gt; "Mexico" ,
     MY =&gt; "Malaysia" ,
     MZ =&gt; "Mozambique" ,
     NA =&gt; "Namibia" ,
     NC =&gt; "New Caledonia" ,
     NE =&gt; "Niger" ,
     NF =&gt; "Norfolk Island" ,
     NG =&gt; "Nigeria" ,
     NI =&gt; "Nicaragua" ,
     NL =&gt; "Netherlands" ,
     NO =&gt; "Norway" ,
     NP =&gt; "Nepal" ,
     NR =&gt; "Nauru" ,
     NU =&gt; "Niue" ,
     NZ =&gt; "New Zealand" ,
     OM =&gt; "Oman" ,
     PA =&gt; "Panama" ,
     PE =&gt; "Peru" ,
     PF =&gt; "French Polynesia" ,
     PG =&gt; "Papua New Guinea" ,
     PH =&gt; "Philippines" ,
     PK =&gt; "Pakistan" ,
     PL =&gt; "Poland" ,
     PM =&gt; "Saint Pierre and Miquelon" ,
     PR =&gt; "Puerto Rico" ,
     PS =&gt; "Palestinian Territory, Occupied" ,
     PT =&gt; "Portugal" ,
     PW =&gt; "Palau" ,
     PY =&gt; "Paraguay" ,
     QA =&gt; "Qatar" ,
     RE =&gt; "Reunion" ,
     RO =&gt; "Romania" ,
     RS =&gt; "Serbia" ,
     RU =&gt; "Russian Federation" ,
     RW =&gt; "Rwanda" ,
     SA =&gt; "Saudi Arabia" ,
     SB =&gt; "Solomon Islands" ,
     SC =&gt; "Seychelles" ,
     SD =&gt; "Sudan" ,
     SE =&gt; "Sweden" ,
     SG =&gt; "Singapore" ,
     SH =&gt; "Saint Helena" ,
     SI =&gt; "Slovenia" ,
     SJ =&gt; "Svalbard and Jan Mayen" ,
     SK =&gt; "Slovakia" ,
     SL =&gt; "Sierra Leone" ,
     SM =&gt; "San Marino" ,
     SN =&gt; "Senegal" ,
     SO =&gt; "Somalia" ,
     SR =&gt; "Suriname" ,
     ST =&gt; "Sao Tome and Principe" ,
     SV =&gt; "El Salvador" ,
     SY =&gt; "Syrian Arab Republic" ,
     SZ =&gt; "Swaziland" ,
     TC =&gt; "Turks and Caicos Islands" ,
     TD =&gt; "Chad" ,
     TF =&gt; "French Southern Territories" ,
     TG =&gt; "Togo" ,
     TH =&gt; "Thailand" ,
     TJ =&gt; "Tajikistan" ,
     TK =&gt; "Tokelau" ,
     TL =&gt; "Timor-Leste" ,
     TM =&gt; "Turkmenistan" ,
     TN =&gt; "Tunisia" ,
     TO =&gt; "Tonga" ,
     TR =&gt; "Turkey" ,
     TT =&gt; "Trinidad and Tobago" ,
     TV =&gt; "Tuvalu" ,
     TW =&gt; "Taiwan" ,
     TZ =&gt; "Tanzania, United Republic of" ,
     UA =&gt; "Ukraine" ,
     UG =&gt; "Uganda" ,
     UM =&gt; "United States Minor Outlying Islands" ,
     US =&gt; "United States" ,
     UY =&gt; "Uruguay" ,
     UZ =&gt; "Uzbekistan" ,
     VA =&gt; "Holy See (Vatican City State)" ,
     VC =&gt; "Saint Vincent and the Grenadines" ,
     VE =&gt; "Venezuela" ,
     VG =&gt; "Virgin Islands, British" ,
     VI =&gt; "Virgin Islands, U.S." ,
     VN =&gt; "Vietnam" ,
     VU =&gt; "Vanuatu" ,
     WF =&gt; "Wallis and Futuna" ,
     WS =&gt; "Samoa" ,
     YE =&gt; "Yemen" ,
     YT =&gt; "Mayotte" ,
     ZA =&gt; "South Africa" ,
     ZM =&gt; "Zambia" ,
     ZW =&gt; "Zimbabwe" ,
</programlisting>
  </section>

  <section>
    <title>IPv6</title>

    <programlisting>     AD =&gt;  "Andorra" ,
     AE =&gt;  "United Arab Emirates" ,
     AF =&gt;  "Afghanistan" ,
     AL =&gt;  "Albania" ,
     AM =&gt;  "Armenia" ,
     AO =&gt;  "Angola" ,
     AP =&gt;  "Asia/Pacific Region" ,
     AR =&gt;  "Argentina" ,
     AS =&gt;  "American Samoa" ,
     AT =&gt;  "Austria" ,
     AU =&gt;  "Australia" ,
     AW =&gt;  "Aruba" ,
     AZ =&gt;  "Azerbaijan" ,
     BA =&gt;  "Bosnia and Herzegovina" ,
     BD =&gt;  "Bangladesh" ,
     BE =&gt;  "Belgium" ,
     BF =&gt;  "Burkina Faso" ,
     BG =&gt;  "Bulgaria" ,
     BH =&gt;  "Bahrain" ,
     BI =&gt;  "Burundi" ,
     BJ =&gt;  "Benin" ,
     BM =&gt;  "Bermuda" ,
     BN =&gt;  "Brunei Darussalam" ,
     BO =&gt;  "Bolivia" ,
     BR =&gt;  "Brazil" ,
     BS =&gt;  "Bahamas" ,
     BT =&gt;  "Bhutan" ,
     BW =&gt;  "Botswana" ,
     BY =&gt;  "Belarus" ,
     BZ =&gt;  "Belize" ,
     CA =&gt;  "Canada" ,
     CD =&gt;  "Congo, The Democratic Republic of the" ,
     CH =&gt;  "Switzerland" ,
     CI =&gt;  "Cote D'Ivoire" ,
     CK =&gt;  "Cook Islands" ,
     CL =&gt;  "Chile" ,
     CM =&gt;  "Cameroon" ,
     CN =&gt;  "China" ,
     CO =&gt;  "Colombia" ,
     CR =&gt;  "Costa Rica" ,
     CU =&gt;  "Cuba" ,
     CW =&gt;  "" ,
     CY =&gt;  "Cyprus" ,
     CZ =&gt;  "Czech Republic" ,
     DE =&gt;  "Germany" ,
     DJ =&gt;  "Djibouti" ,
     DK =&gt;  "Denmark" ,
     DO =&gt;  "Dominican Republic" ,
     DZ =&gt;  "Algeria" ,
     EC =&gt;  "Ecuador" ,
     EE =&gt;  "Estonia" ,
     EG =&gt;  "Egypt" ,
     ES =&gt;  "Spain" ,
     EU =&gt;  "Europe" ,
     FI =&gt;  "Finland" ,
     FJ =&gt;  "Fiji" ,
     FM =&gt;  "Micronesia, Federated States of" ,
     FO =&gt;  "Faroe Islands" ,
     FR =&gt;  "France" ,
     GB =&gt;  "United Kingdom" ,
     GD =&gt;  "Grenada" ,
     GE =&gt;  "Georgia" ,
     GG =&gt;  "Guernsey" ,
     GH =&gt;  "Ghana" ,
     GI =&gt;  "Gibraltar" ,
     GL =&gt;  "Greenland" ,
     GM =&gt;  "Gambia" ,
     GP =&gt;  "Guadeloupe" ,
     GR =&gt;  "Greece" ,
     GT =&gt;  "Guatemala" ,
     GU =&gt;  "Guam" ,
     GY =&gt;  "Guyana" ,
     HK =&gt;  "Hong Kong" ,
     HN =&gt;  "Honduras" ,
     HR =&gt;  "Croatia" ,
     HT =&gt;  "Haiti" ,
     HU =&gt;  "Hungary" ,
     ID =&gt;  "Indonesia" ,
     IE =&gt;  "Ireland" ,
     IL =&gt;  "Israel" ,
     IM =&gt;  "Isle of Man" ,
     IN =&gt;  "India" ,
     IQ =&gt;  "Iraq" ,
     IR =&gt;  "Iran, Islamic Republic of" ,
     IS =&gt;  "Iceland" ,
     IT =&gt;  "Italy" ,
     JE =&gt;  "Jersey" ,
     JM =&gt;  "Jamaica" ,
     JO =&gt;  "Jordan" ,
     JP =&gt;  "Japan" ,
     KE =&gt;  "Kenya" ,
     KG =&gt;  "Kyrgyzstan" ,
     KH =&gt;  "Cambodia" ,
     KN =&gt;  "Saint Kitts and Nevis" ,
     KR =&gt;  "Korea, Republic of" ,
     KW =&gt;  "Kuwait" ,
     KY =&gt;  "Cayman Islands" ,
     KZ =&gt;  "Kazakhstan" ,
     LA =&gt;  "Lao People's Democratic Republic" ,
     LB =&gt;  "Lebanon" ,
     LI =&gt;  "Liechtenstein" ,
     LK =&gt;  "Sri Lanka" ,
     LS =&gt;  "Lesotho" ,
     LT =&gt;  "Lithuania" ,
     LU =&gt;  "Luxembourg" ,
     LV =&gt;  "Latvia" ,
     LY =&gt;  "Libyan Arab Jamahiriya" ,
     MA =&gt;  "Morocco" ,
     MC =&gt;  "Monaco" ,
     MD =&gt;  "Moldova, Republic of" ,
     ME =&gt;  "Montenegro" ,
     MG =&gt;  "Madagascar" ,
     MH =&gt;  "Marshall Islands" ,
     MK =&gt;  "Macedonia" ,
     ML =&gt;  "Mali" ,
     MM =&gt;  "Myanmar" ,
     MN =&gt;  "Mongolia" ,
     MO =&gt;  "Macau" ,
     MT =&gt;  "Malta" ,
     MU =&gt;  "Mauritius" ,
     MV =&gt;  "Maldives" ,
     MW =&gt;  "Malawi" ,
     MX =&gt;  "Mexico" ,
     MY =&gt;  "Malaysia" ,
     MZ =&gt;  "Mozambique" ,
     NA =&gt;  "Namibia" ,
     NC =&gt;  "New Caledonia" ,
     NF =&gt;  "Norfolk Island" ,
     NG =&gt;  "Nigeria" ,
     NI =&gt;  "Nicaragua" ,
     NL =&gt;  "Netherlands" ,
     NO =&gt;  "Norway" ,
     NP =&gt;  "Nepal" ,
     NR =&gt;  "Nauru" ,
     NU =&gt;  "Niue" ,
     NZ =&gt;  "New Zealand" ,
     OM =&gt;  "Oman" ,
     PA =&gt;  "Panama" ,
     PE =&gt;  "Peru" ,
     PF =&gt;  "French Polynesia" ,
     PG =&gt;  "Papua New Guinea" ,
     PH =&gt;  "Philippines" ,
     PK =&gt;  "Pakistan" ,
     PL =&gt;  "Poland" ,
     PR =&gt;  "Puerto Rico" ,
     PS =&gt;  "Palestinian Territory" ,
     PT =&gt;  "Portugal" ,
     PW =&gt;  "Palau" ,
     PY =&gt;  "Paraguay" ,
     QA =&gt;  "Qatar" ,
     RO =&gt;  "Romania" ,
     RS =&gt;  "Serbia" ,
     RU =&gt;  "Russian Federation" ,
     RW =&gt;  "Rwanda" ,
     SA =&gt;  "Saudi Arabia" ,
     SB =&gt;  "Solomon Islands" ,
     SC =&gt;  "Seychelles" ,
     SD =&gt;  "Sudan" ,
     SE =&gt;  "Sweden" ,
     SG =&gt;  "Singapore" ,
     SI =&gt;  "Slovenia" ,
     SK =&gt;  "Slovakia" ,
     SL =&gt;  "Sierra Leone" ,
     SM =&gt;  "San Marino" ,
     SN =&gt;  "Senegal" ,
     SO =&gt;  "Somalia" ,
     ST =&gt;  "Sao Tome and Principe" ,
     SV =&gt;  "El Salvador" ,
     SY =&gt;  "Syrian Arab Republic" ,
     SZ =&gt;  "Swaziland" ,
     TH =&gt;  "Thailand" ,
     TK =&gt;  "Tokelau" ,
     TN =&gt;  "Tunisia" ,
     TO =&gt;  "Tonga" ,
     TR =&gt;  "Turkey" ,
     TT =&gt;  "Trinidad and Tobago" ,
     TV =&gt;  "Tuvalu" ,
     TW =&gt;  "Taiwan" ,
     TZ =&gt;  "Tanzania, United Republic of" ,
     UA =&gt;  "Ukraine" ,
     UG =&gt;  "Uganda" ,
     US =&gt;  "United States" ,
     UY =&gt;  "Uruguay" ,
     UZ =&gt;  "Uzbekistan" ,
     VA =&gt;  "Holy See (Vatican City State)" ,
     VE =&gt;  "Venezuela" ,
     VI =&gt;  "Virgin Islands, U.S." ,
     VN =&gt;  "Vietnam" ,
     VU =&gt;  "Vanuatu" ,
     WS =&gt;  "Samoa" ,
     YE =&gt;  "Yemen" ,
     ZA =&gt;  "South Africa" ,
     ZM =&gt;  "Zambia" ,
     ZW =&gt;  "Zimbabwe" ,
</programlisting>
  </section>
</article>