diff --git a/docs/network-security.md b/docs/network-security.md index 8c9406d..c425ff7 100644 --- a/docs/network-security.md +++ b/docs/network-security.md @@ -386,8 +386,11 @@ sudo fail2ban-client get sshd banned - **Last Update:** September 17, 2025 at 00:57:41 ### Whitelisted Countries + +**Configuration:** All EU member states plus European territories (full list accepted by geoip-shell) + ``` -AL (Albania), AD (Andorra), AM (Armenia), AT (Austria), AZ (Azerbaijan) +AL (Albania), AD (Andorra), AM (Armenia), AT (Austria), AX (Ă…land Islands), AZ (Azerbaijan) BY (Belarus), BE (Belgium), BA (Bosnia and Herzegovina), BG (Bulgaria) HR (Croatia), CY (Cyprus), CZ (Czech Republic), DK (Denmark) EE (Estonia), FO (Faroe Islands), FI (Finland), FR (France) @@ -440,14 +443,36 @@ journalctl -u geoip-shell tail -f /var/log/geoip-shell.log ``` -### Manual Setup Process -The tool was installed manually with interactive prompts rather than scripted installation due to security considerations. Key decisions made during setup: +### Installation and Setup + +**Installation Method:** Interactive CLI setup using geoip-shell installer + +The tool was configured using its interactive setup wizard, which prompted for configuration choices and automatically applied all necessary changes to the firewall. This approach ensures proper integration with the existing firewall backend. + +**Key Configuration Decisions:** 1. **Whitelist Mode:** Chosen over blacklist for better control -2. **European Focus:** Primary whitelist consists of European countries -3. **Network Exceptions:** Docker and LAN networks automatically detected -4. **Dual Stack:** Both IPv4 and IPv6 protection enabled -5. **Full Protocol Coverage:** TCP and UDP both protected +2. **European Focus:** All EU member states plus European territories +3. **Country List:** Complete list of countries accepted by geoip-shell +4. **Network Exceptions:** Docker and LAN networks automatically detected +5. **Dual Stack:** Both IPv4 and IPv6 protection enabled +6. **Full Protocol Coverage:** TCP and UDP both protected + +**Setup Command:** +```bash +# Download and run installer +curl -fsSL https://raw.githubusercontent.com/friendly-bits/geoip-shell/main/install.sh | bash + +# Run configuration wizard (prompted automatically after install) +geoip-shell configure +``` + +During the interactive setup, the wizard prompted for: +- Firewall backend selection (iptables chosen) +- IP list source (RIPE selected) +- Mode selection (whitelist chosen) +- Country selection (all EU countries entered) +- Network interface configuration (all interfaces selected) ### Detailed Documentation For complete setup details, see **[docs/geoip-blocking.md](docs/geoip-blocking.md)**