I try to add this rule:
iptables -A INPUT -m geoip ! --src-cc CZ,SK -j DROP
I set GeoIP support according to this answer: Ubuntu IPTables allow only allow 1 country | Super User
But it doesn't work, because I get message: iptables: No chain/target/match by that name.
I use Debian 9.
Update:
After result after running uname -a
Linux Andromeda 4.9.0-4-amd64 #1 SMP Debian 4.9.51-1 (2017-09-28) x86_64 GNU/Linux
How can I fix it?
The linked Q/A is incomplete. In addition to userland tools, you need the kernel side equivalent: you'll have to install the package
xtables-addons-dkms. Note thatxtables-addons-commonrecommendsxtables-addons-dkms, so installing the former should have either installed the later, or mentioned the recommendation. Not doing it severely limits the usefulness ofxtables-addons-common.Beware, it will pull a whole compilation suite needed by
dkms. Make sure you get thelinux-headers-4.9.0-4-amd64package because it's not the latest available and might not be pulled automatically.If that's understandably not acceptable for production systems, it will have to be installed on a development system and this will have to be run manually. The exact command might depend on the target kernel's version:
The newly built package found with:
can then be installed on the production server (along with the
xtables-addons-commonpackage).To state it again:
dkms mkbmdeb ...is needed only for a "two stages" installation. Ifxtables-addons-dkmsis installed directly on the server using the iptables rules, it doesn't have to be done: the installation took care of it already.