Enzo's picture

Hi,

how can I setup geoIP for iptables? The needed packages are not availlable in the repository (maxmind - xptables).

Thanks a lot for any help / solution!

Forum: 
Jeremy Davis's picture

Hi Enzo, welcome to TurnKey and apologies on my slow response. I've had my head down trying to put the last few pieces of v17.0 release in place.

Anyway, what have you tried so far? TBH I'm not 100% sure what the steps are as I've never done it. So without any context of what got you to where you are makes it a little difficult to be sure!

You mention packages (maxmind, xptables) that aren't available but you don't give any reference to where you got those package names from? It's often useful to have an understanding of what instructions you are trying to follow.

Anyway a quick google suggests that whilst it can still be done, as you note there are missing packages in Debian Buster (what TurnKey v16.x is based on). Apparently it should work again on Buster (what v17.x will be based on when I release it, which should start any day now...).

I can see a few paths forward for you:

  1. Do a Debian "in place" upgrade (i.e. upgrade the base OS to Debian Buster)
  2. Install software from source (or some other non-default method)
  3. Wait a little bit until we release v17.0

1. Debian "in place" upgrade

This option is not technically supported by TurnKey, but should work fine (after all TurnKey is Debian under the hood). I suggest reading the Debian wiki page first, then checkout the Debian Bullseye release notes; the specific section you'll want to pay attention to is Upgrades from Debian 10 (buster). There are also tons of other advice you'll find online.

If you do go this path, be sure that you have a good, working and tested backup. If possible, I also recommend a "snapshot" of your root volume prior to starting. That makes rolling back much quicker and easier if things go pear shaped. It may even be best to test it on a disposable VM first.

It's worth noting, that as we haven't yet done a v17.0 stable release, the packages in our repo are prone to change. Considering were so late in the release process, that shouldn't be an issue, but it's worth noting.

2. Install software from source

I am unfamiliar with the software so can't say how hard (or easy) this might be. It can be a little tedious and depending on what you are building, can take a little time. But generally once you get your head around whatever is required, it's not as intimidating as it seems at first.

If you create good notes, you can likely turn your install (from source) command(s) into a script. That will make life easier in the long term.

The big downside of this path is the longer term maintenance. You will need to rebuild every time you wish to update. You'll also need to monitor the software provider for security issues, so that you can upgrade as required.

3. Wait until we release v17.0

Hopefully an initial v17.0 stable release won't be too far away. Perhaps within the next week or 2? (No promises...). Although we'll be releasing in batches, the first batch will likely be just Core, TKLDev and perhaps a few others. So it might be a bit longer for whatever appliance you are using (or trying to use).

If you share the appliance you are using, then I may be able to give you a little more insight into how close it might be (not necessarily via ETA, but at least how far down the list it is - and whether it can be bumped or not).

Sorry I don't have a super simple nicer answer for you...

Add new comment