Allow two countries with third country's some IPs

rpthms / nft-geo-filter

Allow/deny traffic in nftables using country specific IP blocks

MIT License

98 stars 24 forks source link

Allow two countries with third country's some IPs #8

Closed imdrpn closed 3 years ago

imdrpn commented 3 years ago

Hello , firstly I really appreciated by your work on GEO filter . but at a time it's only taking one rule, also if I want to allow two countries IPs suppose US, CN and only My public ip (IN) Then how it will work ?

rpthms commented 3 years ago

Hi there,

To allow traffic from certain countries and your public IP, you can use the --exceptions flag to explicitly allow packets from your public IP through the firewall.

So, given your example. You'll need to run the following command:

# nft-geo-filter --allow --exceptions <YOUR_PUBLIC_IP> US CN

imdrpn commented 3 years ago

Hello , Thanks a lot. I thought --exceptions flag will work only for those countries which we have mentioned in command .