Expand the GEOIP documentation to describe GEOIPDIR option.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-05-20 09:40:00 -07:00
parent 6b23eff650
commit 73e5bb0374

View File

@ -57,12 +57,37 @@
<para>Using this feature requires the <firstterm>GeoIP Match</firstterm>
capability in your iptables and kernel. As of this writing, that
capability requires installing <ulink
url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> and
<ulink url="http://xtables-addons.sourceforge.net/geoip.php">building a
url="http://xtables-addons.sourceforge.net/">xtables-addons</ulink> 1.33
or later and <ulink
url="http://xtables-addons.sourceforge.net/geoip.php">creating a
country-code database</ulink>.</para>
<para>The country codes recognized by Shorewall as of Shorewall 4.5.4 are
shown in the following two sections.</para>
<para>The Shorewall compiler uses the geoip country-code database to
determine the valid set of two-character alphanumeric country codes. The
location of that database is currently hard-coded in xtables-addons as
<filename>/usr/share/xt_geoip/</filename>. Within that directory are two
sub-directories:</para>
<itemizedlist>
<listitem>
<para>LE -- contains the little-endian database</para>
</listitem>
<listitem>
<para>BE -- contains the big-endian database</para>
</listitem>
</itemizedlist>
<para>To accomodate both big-endian and little-endian machines as well as
any future ability to install the database at another location, Shorewall
supports a GEOIPDIR option in <ulink
url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5) and <ulink
url="manpages6/shorewall6.conf.html">shorewall6.conf</ulink> (5). The
default value of that option is
<filename>/usr/share/xt_geoip/LE</filename>.</para>
<para>The country codes at the time of this writing are shown in the
following two sections.</para>
</section>
<section>