I am going to share a few lines about adding GeoIP support to the IPFire firewall engine, which currently is founded on the IPFire wishlist.
What has been done so far
Some important parts already have been done. The development process started with the implementation of the required iptables extension and an automatic download and update mechanism for the used GeoIP databases.
The next step was to design a new CGI script for the web interface called “geoip-block.cgi”. This page takes advantage of the new features and is used to block any incoming traffic from one or multiple countries. I have attached a screenshot which shows this new feature.
More needs to be done
As described in the text of the wish we also like to add the feature for creating GeoIP based groups and to allow GeoIP in any kind of input, forward or outgoing firewall rule.
This will gain you the power to block outgoing traffic from your local networks to one or more countries, or to limit the amount of new connection attempts for certain countries. The final implementation can also handle GeoIP-based forward rules for services and ports or plenty of other fancy firewall rules.
You see a lot of work has been done, but there is still a lot more do. So please help us implementing this awesome feature with your donation.