shorewall_code/docs/ISO-3661.xml

552 lines
16 KiB
XML
Raw Permalink Normal View History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<article>
<!--$Id$-->
<articleinfo>
<title>ISO 3661 Country Codes recognized by Shorewall</title>
<authorgroup>
<author>
<firstname>Tom</firstname>
<surname>Eastep</surname>
</author>
</authorgroup>
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright>
<year>2012</year>
<holder>Thomas M. Eastep</holder>
</copyright>
<legalnotice>
<para>Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version
1.2 or any later version published by the Free Software Foundation; with
no Invariant Sections, no Front-Cover Texts, and no Back-Cover
Texts. A copy of the license is included in the section entitled
<quote><ulink url="GnuCopyright.htm">GNU Free Documentation
License</ulink></quote>.</para>
</legalnotice>
</articleinfo>
<section>
<title>Introduction</title>
<para>Beginning with Shorewall 4.5.4, Shorewall allows matching packet
SOURCE and/or DEST IP addresses by their corresponding country. That is
done by specifying a comma-separated list of up to 15 ISO-3661 2-character
Country Codes enclosed in square brackets ('[...]') and prefixed by a
caret ('^'). When a single country code is given, the square brackets can
be omitted.</para>
<para>Example - Drop email from the Anonymous Proxy and Satellite Provider
networks.</para>
<para><filename>/etc/shorewall/rules</filename>:</para>
<programlisting> #ACTION SOURCE DEST PROTO DPORT
?SECTION NEW
DROP:info net:^[A1,A2] dmz tcp 25
</programlisting>
<para>Using this feature requires the <firstterm>GeoIP Match</firstterm>
capability in your iptables and kernel. That capability requires <ulink
url="https://dev.maxmind.com/geoip/geoip2/geolite2/">creating a
country-code database</ulink>.</para>
<para>The Shorewall compiler uses the geoip country-code database to
determine the valid set of two-character alphanumeric country codes. The
location of that database is currently hard-coded in xtables-addons as
<filename>/usr/share/xt_geoip/</filename>. Within that directory are two
sub-directories:</para>
<itemizedlist>
<listitem>
<para>LE -- contains the little-endian database</para>
</listitem>
<listitem>
<para>BE -- contains the big-endian database</para>
</listitem>
</itemizedlist>
<para>To accomodate both big-endian and little-endian machines as well as
any future ability to install the database at another location, Shorewall
supports a GEOIPDIR option in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink>(5) and <ulink
url="manpages/shorewall.conf.html">shorewall6.conf</ulink>(5). The default
value of that option is
<filename>/usr/share/xt_geoip/LE</filename>.</para>
<important>
<para>Recent versions of the country-code database are installed in
<filename>/usr/share/xt_geoip/, regardless of endian convention. This
requires modifying the setting of GEOIPDIR in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink
url="manpages/shorewall.conf.html">shorewall6.conf</ulink>(5).</filename></para>
</important>
<para>The country codes at the time of this writing are shown in the
following two sections.</para>
</section>
<section>
<title>IPv4</title>
<programlisting> A1 =&gt; "Anonymous Proxy" ,
A2 =&gt; "Satellite Provider" ,
AD =&gt; "Andorra" ,
AE =&gt; "United Arab Emirates" ,
AF =&gt; "Afghanistan" ,
AG =&gt; "Antigua and Barbuda" ,
AI =&gt; "Anguilla" ,
AL =&gt; "Albania" ,
AM =&gt; "Armenia" ,
AN =&gt; "Netherlands Antilles" ,
AO =&gt; "Angola" ,
AP =&gt; "Asia/Pacific Region" ,
AQ =&gt; "Antarctica" ,
AR =&gt; "Argentina" ,
AS =&gt; "American Samoa" ,
AT =&gt; "Austria" ,
AU =&gt; "Australia" ,
AW =&gt; "Aruba" ,
AX =&gt; "Aland Islands" ,
AZ =&gt; "Azerbaijan" ,
BA =&gt; "Bosnia and Herzegovina" ,
BB =&gt; "Barbados" ,
BD =&gt; "Bangladesh" ,
BE =&gt; "Belgium" ,
BF =&gt; "Burkina Faso" ,
BG =&gt; "Bulgaria" ,
BH =&gt; "Bahrain" ,
BI =&gt; "Burundi" ,
BJ =&gt; "Benin" ,
BM =&gt; "Bermuda" ,
BN =&gt; "Brunei Darussalam" ,
BO =&gt; "Bolivia" ,
BR =&gt; "Brazil" ,
BS =&gt; "Bahamas" ,
BT =&gt; "Bhutan" ,
BV =&gt; "Bouvet Island" ,
BW =&gt; "Botswana" ,
BY =&gt; "Belarus" ,
BZ =&gt; "Belize" ,
CA =&gt; "Canada" ,
CC =&gt; "Cocos (Keeling) Islands" ,
CD =&gt; "Congo, The Democratic Republic of the" ,
CF =&gt; "Central African Republic" ,
CG =&gt; "Congo" ,
CH =&gt; "Switzerland" ,
CI =&gt; "Cote D'Ivoire" ,
CK =&gt; "Cook Islands" ,
CL =&gt; "Chile" ,
CM =&gt; "Cameroon" ,
CN =&gt; "China" ,
CO =&gt; "Colombia" ,
CR =&gt; "Costa Rica" ,
CU =&gt; "Cuba" ,
CV =&gt; "Cape Verde" ,
CX =&gt; "Christmas Island" ,
CY =&gt; "Cyprus" ,
CZ =&gt; "Czech Republic" ,
DE =&gt; "Germany" ,
DJ =&gt; "Djibouti" ,
DK =&gt; "Denmark" ,
DM =&gt; "Dominica" ,
DO =&gt; "Dominican Republic" ,
DZ =&gt; "Algeria" ,
EC =&gt; "Ecuador" ,
EE =&gt; "Estonia" ,
EG =&gt; "Egypt" ,
EH =&gt; "Western Sahara" ,
ER =&gt; "Eritrea" ,
ES =&gt; "Spain" ,
ET =&gt; "Ethiopia" ,
EU =&gt; "Europe" ,
FI =&gt; "Finland" ,
FJ =&gt; "Fiji" ,
FK =&gt; "Falkland Islands (Malvinas)" ,
FM =&gt; "Micronesia, Federated States of" ,
FO =&gt; "Faroe Islands" ,
FR =&gt; "France" ,
GA =&gt; "Gabon" ,
GB =&gt; "United Kingdom" ,
GD =&gt; "Grenada" ,
GE =&gt; "Georgia" ,
GF =&gt; "French Guiana" ,
GG =&gt; "Guernsey" ,
GH =&gt; "Ghana" ,
GI =&gt; "Gibraltar" ,
GL =&gt; "Greenland" ,
GM =&gt; "Gambia" ,
GN =&gt; "Guinea" ,
GP =&gt; "Guadeloupe" ,
GQ =&gt; "Equatorial Guinea" ,
GR =&gt; "Greece" ,
GS =&gt; "South Georgia and the South Sandwich Islands" ,
GT =&gt; "Guatemala" ,
GU =&gt; "Guam" ,
GW =&gt; "Guinea-Bissau" ,
GY =&gt; "Guyana" ,
HK =&gt; "Hong Kong" ,
HN =&gt; "Honduras" ,
HR =&gt; "Croatia" ,
HT =&gt; "Haiti" ,
HU =&gt; "Hungary" ,
ID =&gt; "Indonesia" ,
IE =&gt; "Ireland" ,
IL =&gt; "Israel" ,
IM =&gt; "Isle of Man" ,
IN =&gt; "India" ,
IO =&gt; "British Indian Ocean Territory" ,
IQ =&gt; "Iraq" ,
IR =&gt; "Iran, Islamic Republic of" ,
IS =&gt; "Iceland" ,
IT =&gt; "Italy" ,
JE =&gt; "Jersey" ,
JM =&gt; "Jamaica" ,
JO =&gt; "Jordan" ,
JP =&gt; "Japan" ,
KE =&gt; "Kenya" ,
KG =&gt; "Kyrgyzstan" ,
KH =&gt; "Cambodia" ,
KI =&gt; "Kiribati" ,
KM =&gt; "Comoros" ,
KN =&gt; "Saint Kitts and Nevis" ,
KP =&gt; "Korea, Democratic People's Republic of" ,
KR =&gt; "Korea, Republic of" ,
KW =&gt; "Kuwait" ,
KY =&gt; "Cayman Islands" ,
KZ =&gt; "Kazakhstan" ,
LA =&gt; "Lao People's Democratic Republic" ,
LB =&gt; "Lebanon" ,
LC =&gt; "Saint Lucia" ,
LI =&gt; "Liechtenstein" ,
LK =&gt; "Sri Lanka" ,
LR =&gt; "Liberia" ,
LS =&gt; "Lesotho" ,
LT =&gt; "Lithuania" ,
LU =&gt; "Luxembourg" ,
LV =&gt; "Latvia" ,
LY =&gt; "Libyan Arab Jamahiriya" ,
MA =&gt; "Morocco" ,
MC =&gt; "Monaco" ,
MD =&gt; "Moldova, Republic of" ,
ME =&gt; "Montenegro" ,
MG =&gt; "Madagascar" ,
MH =&gt; "Marshall Islands" ,
MK =&gt; "Macedonia" ,
ML =&gt; "Mali" ,
MM =&gt; "Myanmar" ,
MN =&gt; "Mongolia" ,
MO =&gt; "Macau" ,
MP =&gt; "Northern Mariana Islands" ,
MQ =&gt; "Martinique" ,
MR =&gt; "Mauritania" ,
MS =&gt; "Montserrat" ,
MT =&gt; "Malta" ,
MU =&gt; "Mauritius" ,
MV =&gt; "Maldives" ,
MW =&gt; "Malawi" ,
MX =&gt; "Mexico" ,
MY =&gt; "Malaysia" ,
MZ =&gt; "Mozambique" ,
NA =&gt; "Namibia" ,
NC =&gt; "New Caledonia" ,
NE =&gt; "Niger" ,
NF =&gt; "Norfolk Island" ,
NG =&gt; "Nigeria" ,
NI =&gt; "Nicaragua" ,
NL =&gt; "Netherlands" ,
NO =&gt; "Norway" ,
NP =&gt; "Nepal" ,
NR =&gt; "Nauru" ,
NU =&gt; "Niue" ,
NZ =&gt; "New Zealand" ,
OM =&gt; "Oman" ,
PA =&gt; "Panama" ,
PE =&gt; "Peru" ,
PF =&gt; "French Polynesia" ,
PG =&gt; "Papua New Guinea" ,
PH =&gt; "Philippines" ,
PK =&gt; "Pakistan" ,
PL =&gt; "Poland" ,
PM =&gt; "Saint Pierre and Miquelon" ,
PR =&gt; "Puerto Rico" ,
PS =&gt; "Palestinian Territory, Occupied" ,
PT =&gt; "Portugal" ,
PW =&gt; "Palau" ,
PY =&gt; "Paraguay" ,
QA =&gt; "Qatar" ,
RE =&gt; "Reunion" ,
RO =&gt; "Romania" ,
RS =&gt; "Serbia" ,
RU =&gt; "Russian Federation" ,
RW =&gt; "Rwanda" ,
SA =&gt; "Saudi Arabia" ,
SB =&gt; "Solomon Islands" ,
SC =&gt; "Seychelles" ,
SD =&gt; "Sudan" ,
SE =&gt; "Sweden" ,
SG =&gt; "Singapore" ,
SH =&gt; "Saint Helena" ,
SI =&gt; "Slovenia" ,
SJ =&gt; "Svalbard and Jan Mayen" ,
SK =&gt; "Slovakia" ,
SL =&gt; "Sierra Leone" ,
SM =&gt; "San Marino" ,
SN =&gt; "Senegal" ,
SO =&gt; "Somalia" ,
SR =&gt; "Suriname" ,
ST =&gt; "Sao Tome and Principe" ,
SV =&gt; "El Salvador" ,
SY =&gt; "Syrian Arab Republic" ,
SZ =&gt; "Swaziland" ,
TC =&gt; "Turks and Caicos Islands" ,
TD =&gt; "Chad" ,
TF =&gt; "French Southern Territories" ,
TG =&gt; "Togo" ,
TH =&gt; "Thailand" ,
TJ =&gt; "Tajikistan" ,
TK =&gt; "Tokelau" ,
TL =&gt; "Timor-Leste" ,
TM =&gt; "Turkmenistan" ,
TN =&gt; "Tunisia" ,
TO =&gt; "Tonga" ,
TR =&gt; "Turkey" ,
TT =&gt; "Trinidad and Tobago" ,
TV =&gt; "Tuvalu" ,
TW =&gt; "Taiwan" ,
TZ =&gt; "Tanzania, United Republic of" ,
UA =&gt; "Ukraine" ,
UG =&gt; "Uganda" ,
UM =&gt; "United States Minor Outlying Islands" ,
US =&gt; "United States" ,
UY =&gt; "Uruguay" ,
UZ =&gt; "Uzbekistan" ,
VA =&gt; "Holy See (Vatican City State)" ,
VC =&gt; "Saint Vincent and the Grenadines" ,
VE =&gt; "Venezuela" ,
VG =&gt; "Virgin Islands, British" ,
VI =&gt; "Virgin Islands, U.S." ,
VN =&gt; "Vietnam" ,
VU =&gt; "Vanuatu" ,
WF =&gt; "Wallis and Futuna" ,
WS =&gt; "Samoa" ,
YE =&gt; "Yemen" ,
YT =&gt; "Mayotte" ,
ZA =&gt; "South Africa" ,
ZM =&gt; "Zambia" ,
ZW =&gt; "Zimbabwe" ,
</programlisting>
</section>
<section>
<title>IPv6</title>
<programlisting> AD =&gt; "Andorra" ,
AE =&gt; "United Arab Emirates" ,
AF =&gt; "Afghanistan" ,
AL =&gt; "Albania" ,
AM =&gt; "Armenia" ,
AO =&gt; "Angola" ,
AP =&gt; "Asia/Pacific Region" ,
AR =&gt; "Argentina" ,
AS =&gt; "American Samoa" ,
AT =&gt; "Austria" ,
AU =&gt; "Australia" ,
AW =&gt; "Aruba" ,
AZ =&gt; "Azerbaijan" ,
BA =&gt; "Bosnia and Herzegovina" ,
BD =&gt; "Bangladesh" ,
BE =&gt; "Belgium" ,
BF =&gt; "Burkina Faso" ,
BG =&gt; "Bulgaria" ,
BH =&gt; "Bahrain" ,
BI =&gt; "Burundi" ,
BJ =&gt; "Benin" ,
BM =&gt; "Bermuda" ,
BN =&gt; "Brunei Darussalam" ,
BO =&gt; "Bolivia" ,
BR =&gt; "Brazil" ,
BS =&gt; "Bahamas" ,
BT =&gt; "Bhutan" ,
BW =&gt; "Botswana" ,
BY =&gt; "Belarus" ,
BZ =&gt; "Belize" ,
CA =&gt; "Canada" ,
CD =&gt; "Congo, The Democratic Republic of the" ,
CH =&gt; "Switzerland" ,
CI =&gt; "Cote D'Ivoire" ,
CK =&gt; "Cook Islands" ,
CL =&gt; "Chile" ,
CM =&gt; "Cameroon" ,
CN =&gt; "China" ,
CO =&gt; "Colombia" ,
CR =&gt; "Costa Rica" ,
CU =&gt; "Cuba" ,
CW =&gt; "" ,
CY =&gt; "Cyprus" ,
CZ =&gt; "Czech Republic" ,
DE =&gt; "Germany" ,
DJ =&gt; "Djibouti" ,
DK =&gt; "Denmark" ,
DO =&gt; "Dominican Republic" ,
DZ =&gt; "Algeria" ,
EC =&gt; "Ecuador" ,
EE =&gt; "Estonia" ,
EG =&gt; "Egypt" ,
ES =&gt; "Spain" ,
EU =&gt; "Europe" ,
FI =&gt; "Finland" ,
FJ =&gt; "Fiji" ,
FM =&gt; "Micronesia, Federated States of" ,
FO =&gt; "Faroe Islands" ,
FR =&gt; "France" ,
GB =&gt; "United Kingdom" ,
GD =&gt; "Grenada" ,
GE =&gt; "Georgia" ,
GG =&gt; "Guernsey" ,
GH =&gt; "Ghana" ,
GI =&gt; "Gibraltar" ,
GL =&gt; "Greenland" ,
GM =&gt; "Gambia" ,
GP =&gt; "Guadeloupe" ,
GR =&gt; "Greece" ,
GT =&gt; "Guatemala" ,
GU =&gt; "Guam" ,
GY =&gt; "Guyana" ,
HK =&gt; "Hong Kong" ,
HN =&gt; "Honduras" ,
HR =&gt; "Croatia" ,
HT =&gt; "Haiti" ,
HU =&gt; "Hungary" ,
ID =&gt; "Indonesia" ,
IE =&gt; "Ireland" ,
IL =&gt; "Israel" ,
IM =&gt; "Isle of Man" ,
IN =&gt; "India" ,
IQ =&gt; "Iraq" ,
IR =&gt; "Iran, Islamic Republic of" ,
IS =&gt; "Iceland" ,
IT =&gt; "Italy" ,
JE =&gt; "Jersey" ,
JM =&gt; "Jamaica" ,
JO =&gt; "Jordan" ,
JP =&gt; "Japan" ,
KE =&gt; "Kenya" ,
KG =&gt; "Kyrgyzstan" ,
KH =&gt; "Cambodia" ,
KN =&gt; "Saint Kitts and Nevis" ,
KR =&gt; "Korea, Republic of" ,
KW =&gt; "Kuwait" ,
KY =&gt; "Cayman Islands" ,
KZ =&gt; "Kazakhstan" ,
LA =&gt; "Lao People's Democratic Republic" ,
LB =&gt; "Lebanon" ,
LI =&gt; "Liechtenstein" ,
LK =&gt; "Sri Lanka" ,
LS =&gt; "Lesotho" ,
LT =&gt; "Lithuania" ,
LU =&gt; "Luxembourg" ,
LV =&gt; "Latvia" ,
LY =&gt; "Libyan Arab Jamahiriya" ,
MA =&gt; "Morocco" ,
MC =&gt; "Monaco" ,
MD =&gt; "Moldova, Republic of" ,
ME =&gt; "Montenegro" ,
MG =&gt; "Madagascar" ,
MH =&gt; "Marshall Islands" ,
MK =&gt; "Macedonia" ,
ML =&gt; "Mali" ,
MM =&gt; "Myanmar" ,
MN =&gt; "Mongolia" ,
MO =&gt; "Macau" ,
MT =&gt; "Malta" ,
MU =&gt; "Mauritius" ,
MV =&gt; "Maldives" ,
MW =&gt; "Malawi" ,
MX =&gt; "Mexico" ,
MY =&gt; "Malaysia" ,
MZ =&gt; "Mozambique" ,
NA =&gt; "Namibia" ,
NC =&gt; "New Caledonia" ,
NF =&gt; "Norfolk Island" ,
NG =&gt; "Nigeria" ,
NI =&gt; "Nicaragua" ,
NL =&gt; "Netherlands" ,
NO =&gt; "Norway" ,
NP =&gt; "Nepal" ,
NR =&gt; "Nauru" ,
NU =&gt; "Niue" ,
NZ =&gt; "New Zealand" ,
OM =&gt; "Oman" ,
PA =&gt; "Panama" ,
PE =&gt; "Peru" ,
PF =&gt; "French Polynesia" ,
PG =&gt; "Papua New Guinea" ,
PH =&gt; "Philippines" ,
PK =&gt; "Pakistan" ,
PL =&gt; "Poland" ,
PR =&gt; "Puerto Rico" ,
PS =&gt; "Palestinian Territory" ,
PT =&gt; "Portugal" ,
PW =&gt; "Palau" ,
PY =&gt; "Paraguay" ,
QA =&gt; "Qatar" ,
RO =&gt; "Romania" ,
RS =&gt; "Serbia" ,
RU =&gt; "Russian Federation" ,
RW =&gt; "Rwanda" ,
SA =&gt; "Saudi Arabia" ,
SB =&gt; "Solomon Islands" ,
SC =&gt; "Seychelles" ,
SD =&gt; "Sudan" ,
SE =&gt; "Sweden" ,
SG =&gt; "Singapore" ,
SI =&gt; "Slovenia" ,
SK =&gt; "Slovakia" ,
SL =&gt; "Sierra Leone" ,
SM =&gt; "San Marino" ,
SN =&gt; "Senegal" ,
SO =&gt; "Somalia" ,
ST =&gt; "Sao Tome and Principe" ,
SV =&gt; "El Salvador" ,
SY =&gt; "Syrian Arab Republic" ,
SZ =&gt; "Swaziland" ,
TH =&gt; "Thailand" ,
TK =&gt; "Tokelau" ,
TN =&gt; "Tunisia" ,
TO =&gt; "Tonga" ,
TR =&gt; "Turkey" ,
TT =&gt; "Trinidad and Tobago" ,
TV =&gt; "Tuvalu" ,
TW =&gt; "Taiwan" ,
TZ =&gt; "Tanzania, United Republic of" ,
UA =&gt; "Ukraine" ,
UG =&gt; "Uganda" ,
US =&gt; "United States" ,
UY =&gt; "Uruguay" ,
UZ =&gt; "Uzbekistan" ,
VA =&gt; "Holy See (Vatican City State)" ,
VE =&gt; "Venezuela" ,
VI =&gt; "Virgin Islands, U.S." ,
VN =&gt; "Vietnam" ,
VU =&gt; "Vanuatu" ,
WS =&gt; "Samoa" ,
YE =&gt; "Yemen" ,
ZA =&gt; "South Africa" ,
ZM =&gt; "Zambia" ,
ZW =&gt; "Zimbabwe" ,
</programlisting>
</section>
</article>