ProFTPd and geoip/maxmind

scotia

scotia

All,

for anyone hoping to keep using geographic filtering with ProFTPd now that ftp/proftpd-mod_geoip is deprecated, you can use proftpd-mod_geoip2.

It's not a port, but compiling is easy if you have mod_dso compiled into ProFTPd:

# proftpd -l | grep mod_dso
mod_dso.c


Grab the new module from GitHub:

# cd /tmp
# git clone https://github.com/Castaglia/proftpd-mod_geoip2.git
# cd proftpd-mod_geoip2


Compile using prxs:

prxs -c -i -I /usr/local/include/proftpd -I /usr/local/include -L /usr/local/lib mod_geoip2.c

Edit /usr/local/etc/proftpd.conf (just the basics):

Code: 
#TraceLog                       /var/log/proftpd-trace.log
#Trace                          geoip2:20
<IfModule mod_dso.c>
  LoadModule                    mod_geoip2.c
</IfModule>                              
<IfModule mod_geoip2.c>
  GeoIPEngine on
  GeoIPLog /var/log/proftpd-geoip.log
  GeoIPTable /var/db/maxmind/GeoLite2-City.mmdb
  GeoIPPolicy deny,allow
  GeoIPAllowFilter CountryCode (AU|US|CA)
</IfModule>
<Class geoip-whitelist>
  From 10.
</Class>
<IfClass geoip-whitelist>
  GeoIPEngine off
</IfClass>
<IfClass !geoip-whitelist>
  GeoIPEngine on
</IfClass>
 
If it is not a port, what is it then? A complete rewrite? Can you explain what the difference is between the two modules?
 
tommiie said:
If it is not a port, what is it then? A complete rewrite? Can you explain what the difference is between the two modules?
Click to expand...

:). When I say "port" I mean a port in the FreeBSD ports tree.

From a codebase point of view I'd call proftpd-mod_geoip2.git a "fork" of the original. (I consider a port in the general sense to mean code compiled to another platform - "a port of Quake for macOS", for example. I might be wrong in that sense but that's the nomenclature I use. And that's lazy of me as I really mean the gerundive form - "a porting").

Anyway to your other question about the differences.

The port (in the ports tree) ftp/proftpd-mod_geoip was deprecated because it relied upon GeoIP (from Freshports: DEPRECATED: Uses legacy GeoIP 1 format which no longer works; switch to GeoIP 2 where possible).

That's where "proftpd-mod_geoip2.git" comes in. But unfortunately no-one has created a FreeBSD port of it. I might get time over summer but as it would be my first port I want to get it right.

Scott
 
You must log in or register to reply here.
Back
Top