From 68c089735244673e399c3b0700fe057ee11572a9 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Mon, 17 Aug 2020 16:30:50 -0700 Subject: [PATCH] Update GEOIPDIR setting info Signed-off-by: Tom Eastep --- docs/ISO-3661.xml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/docs/ISO-3661.xml b/docs/ISO-3661.xml index 4f7bcfdfd..160f86505 100644 --- a/docs/ISO-3661.xml +++ b/docs/ISO-3661.xml @@ -57,11 +57,8 @@ Using this feature requires the GeoIP Match - capability in your iptables and kernel. As of this writing, that - capability requires installing xtables-addons 1.33 - or later and creating a + capability in your iptables and kernel. That capability requires creating a country-code database. The Shorewall compiler uses the geoip country-code database to @@ -83,11 +80,19 @@ To accomodate both big-endian and little-endian machines as well as any future ability to install the database at another location, Shorewall supports a GEOIPDIR option in shorewall.conf (5) and shorewall6.conf (5). The - default value of that option is + url="manpages/shorewall.conf.html">shorewall.conf(5) and shorewall6.conf(5). The default + value of that option is /usr/share/xt_geoip/LE. + + Recent versions of the country-code database are installed in + /usr/share/xt_geoip/, regardless of endian convention. This + requires modifying the setting of GEOIPDIR in shorewall.conf (5) and shorewall6.conf(5). + + The country codes at the time of this writing are shown in the following two sections.