Cannot use geoip-def-americas.nft

pvxe / nftables-geoip

Python script that generates nft maps of ip address blocks and corresponding geolocation. This data is taken from db-ip.com, so yo don't have to worry about accepting any EULA.

GNU General Public License v2.0

115 stars 17 forks source link

Cannot use geoip-def-americas.nft #8

Closed keebs closed 7 months ago

keebs commented 7 months ago

After including "geoip-def-all.nft", "geoip-ipv4.nft", and "geoip-ipv6.nft", all nft commands take about 15s to process. I was trying to replace "geoip-def-all.nft" with "geoip-def-americas.nft" to improve this timeframe, but "geoip-ipv4.nft" & "geoip-ipv6.nft" require the "geoip-def-all.nft" file to load. Am I missing some way to generate the ipv4 and ipv6 files for the regional nft files?

Or is there some other way to improve the nft response time after loading the "geoip-def-all.nft" file? I am not limited by cpu or memory. TY

pvxe commented 7 months ago

I cannot reproduce this right now but if you need only a little subset of countries you can use -c/--country-filter to generate a smaller map of countries and addresses.

To use a smaller *def-*.nft file the only solution as of now is to create it manually with the necessary define ... lines and using it in your main nft file.

keebs commented 7 months ago

If I generate a US subset, I can now use the geoip-def-americas.nft file instead of geoip-def-all.nft. This also reduced my nft response times from 15s to 2s. Thanks!

pvxe commented 7 months ago

Nice! Closing this now.