hoborg/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update geoip-shell documentation with implementation details

Browse Source 
- Document interactive installation process
- Add complete EU country whitelist configuration
- Include setup commands and wizard prompts
- Clarify that geoip-shell was used instead of manual iptables setup
This commit is contained in:
Arpad Krejczinger
2025-10-06 20:40:27 +02:00
parent 6761c8903d
commit 6894c5f175
1 changed files with 32 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
docs/network-security.md
View File

@@ -386,8 +386,11 @@ sudo fail2ban-client get sshd banned
- **Last Update:** September 17, 2025 at 00:57:41 - **Last Update:** September 17, 2025 at 00:57:41
### Whitelisted Countries ### Whitelisted Countries
**Configuration:** All EU member states plus European territories (full list accepted by geoip-shell)
``` ```
AL (Albania), AD (Andorra), AM (Armenia), AT (Austria), AZ (Azerbaijan) AL (Albania), AD (Andorra), AM (Armenia), AT (Austria), AX (Åland Islands), AZ (Azerbaijan)
BY (Belarus), BE (Belgium), BA (Bosnia and Herzegovina), BG (Bulgaria) BY (Belarus), BE (Belgium), BA (Bosnia and Herzegovina), BG (Bulgaria)
HR (Croatia), CY (Cyprus), CZ (Czech Republic), DK (Denmark) HR (Croatia), CY (Cyprus), CZ (Czech Republic), DK (Denmark)
EE (Estonia), FO (Faroe Islands), FI (Finland), FR (France) EE (Estonia), FO (Faroe Islands), FI (Finland), FR (France)
@@ -440,14 +443,36 @@ journalctl -u geoip-shell
tail -f /var/log/geoip-shell.log tail -f /var/log/geoip-shell.log
``` ```
### Manual Setup Process ### Installation and Setup
The tool was installed manually with interactive prompts rather than scripted installation due to security considerations. Key decisions made during setup:
**Installation Method:** Interactive CLI setup using geoip-shell installer
The tool was configured using its interactive setup wizard, which prompted for configuration choices and automatically applied all necessary changes to the firewall. This approach ensures proper integration with the existing firewall backend.
**Key Configuration Decisions:**
1. **Whitelist Mode:** Chosen over blacklist for better control 1. **Whitelist Mode:** Chosen over blacklist for better control
2. **European Focus:** Primary whitelist consists of European countries 2. **European Focus:** All EU member states plus European territories
3. **Network Exceptions:** Docker and LAN networks automatically detected 3. **Country List:** Complete list of countries accepted by geoip-shell
4. **Dual Stack:** Both IPv4 and IPv6 protection enabled 4. **Network Exceptions:** Docker and LAN networks automatically detected
5. **Full Protocol Coverage:** TCP and UDP both protected 5. **Dual Stack:** Both IPv4 and IPv6 protection enabled
6. **Full Protocol Coverage:** TCP and UDP both protected
**Setup Command:**
```bash
# Download and run installer
curl -fsSL https://raw.githubusercontent.com/friendly-bits/geoip-shell/main/install.sh | bash
# Run configuration wizard (prompted automatically after install)
geoip-shell configure
```
During the interactive setup, the wizard prompted for:
- Firewall backend selection (iptables chosen)
- IP list source (RIPE selected)
- Mode selection (whitelist chosen)
- Country selection (all EU countries entered)
- Network interface configuration (all interfaces selected)
### Detailed Documentation ### Detailed Documentation
For complete setup details, see **[docs/geoip-blocking.md](docs/geoip-blocking.md)** For complete setup details, see **[docs/geoip-blocking.md](docs/geoip-blocking.md)**