ISO 3661 Country Codes recognized by Shorewall

Tom Eastep

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts. A copy of the license is included in the section entitled GNU Free Documentation License.

2020/09/07


Table of Contents

Introduction
IPv4
IPv6

Introduction

Beginning with Shorewall 4.5.4, Shorewall allows matching packet SOURCE and/or DEST IP addresses by their corresponding country. That is done by specifying a comma-separated list of up to 15 ISO-3661 2-character Country Codes enclosed in square brackets ('[...]') and prefixed by a caret ('^'). When a single country code is given, the square brackets can be omitted.

Example - Drop email from the Anonymous Proxy and Satellite Provider networks.

/etc/shorewall/rules:

    #ACTION         SOURCE          DEST            PROTO   DPORT

    ?SECTION NEW

    DROP:info	    net:^[A1,A2]    dmz             tcp     25

Using this feature requires the GeoIP Match capability in your iptables and kernel. That capability requires creating a country-code database.

The Shorewall compiler uses the geoip country-code database to determine the valid set of two-character alphanumeric country codes. The location of that database is currently hard-coded in xtables-addons as /usr/share/xt_geoip/. Within that directory are two sub-directories:

  • LE -- contains the little-endian database

  • BE -- contains the big-endian database

To accomodate both big-endian and little-endian machines as well as any future ability to install the database at another location, Shorewall supports a GEOIPDIR option in shorewall.conf(5) and shorewall6.conf(5). The default value of that option is /usr/share/xt_geoip/LE.

Important

Recent versions of the country-code database are installed in /usr/share/xt_geoip/, regardless of endian convention. This requires modifying the setting of GEOIPDIR in shorewall.conf (5) and shorewall6.conf(5).

The country codes at the time of this writing are shown in the following two sections.

IPv4

     A1 => "Anonymous Proxy" ,
     A2 => "Satellite Provider" ,
     AD => "Andorra" ,
     AE => "United Arab Emirates" ,
     AF => "Afghanistan" ,
     AG => "Antigua and Barbuda" ,
     AI => "Anguilla" ,
     AL => "Albania" ,
     AM => "Armenia" ,
     AN => "Netherlands Antilles" ,
     AO => "Angola" ,
     AP => "Asia/Pacific Region" ,
     AQ => "Antarctica" ,
     AR => "Argentina" ,
     AS => "American Samoa" ,
     AT => "Austria" ,
     AU => "Australia" ,
     AW => "Aruba" ,
     AX => "Aland Islands" ,
     AZ => "Azerbaijan" ,
     BA => "Bosnia and Herzegovina" ,
     BB => "Barbados" ,
     BD => "Bangladesh" ,
     BE => "Belgium" ,
     BF => "Burkina Faso" ,
     BG => "Bulgaria" ,
     BH => "Bahrain" ,
     BI => "Burundi" ,
     BJ => "Benin" ,
     BM => "Bermuda" ,
     BN => "Brunei Darussalam" ,
     BO => "Bolivia" ,
     BR => "Brazil" ,
     BS => "Bahamas" ,
     BT => "Bhutan" ,
     BV => "Bouvet Island" ,
     BW => "Botswana" ,
     BY => "Belarus" ,
     BZ => "Belize" ,
     CA => "Canada" ,
     CC => "Cocos (Keeling) Islands" ,
     CD => "Congo, The Democratic Republic of the" ,
     CF => "Central African Republic" ,
     CG => "Congo" ,
     CH => "Switzerland" ,
     CI => "Cote D'Ivoire" ,
     CK => "Cook Islands" ,
     CL => "Chile" ,
     CM => "Cameroon" ,
     CN => "China" ,
     CO => "Colombia" ,
     CR => "Costa Rica" ,
     CU => "Cuba" ,
     CV => "Cape Verde" ,
     CX => "Christmas Island" ,
     CY => "Cyprus" ,
     CZ => "Czech Republic" ,
     DE => "Germany" ,
     DJ => "Djibouti" ,
     DK => "Denmark" ,
     DM => "Dominica" ,
     DO => "Dominican Republic" ,
     DZ => "Algeria" ,
     EC => "Ecuador" ,
     EE => "Estonia" ,
     EG => "Egypt" ,
     EH => "Western Sahara" ,
     ER => "Eritrea" ,
     ES => "Spain" ,
     ET => "Ethiopia" ,
     EU => "Europe" ,
     FI => "Finland" ,
     FJ => "Fiji" ,
     FK => "Falkland Islands (Malvinas)" ,
     FM => "Micronesia, Federated States of" ,
     FO => "Faroe Islands" ,
     FR => "France" ,
     GA => "Gabon" ,
     GB => "United Kingdom" ,
     GD => "Grenada" ,
     GE => "Georgia" ,
     GF => "French Guiana" ,
     GG => "Guernsey" ,
     GH => "Ghana" ,
     GI => "Gibraltar" ,
     GL => "Greenland" ,
     GM => "Gambia" ,
     GN => "Guinea" ,
     GP => "Guadeloupe" ,
     GQ => "Equatorial Guinea" ,
     GR => "Greece" ,
     GS => "South Georgia and the South Sandwich Islands" ,
     GT => "Guatemala" ,
     GU => "Guam" ,
     GW => "Guinea-Bissau" ,
     GY => "Guyana" ,
     HK => "Hong Kong" ,
     HN => "Honduras" ,
     HR => "Croatia" ,
     HT => "Haiti" ,
     HU => "Hungary" ,
     ID => "Indonesia" ,
     IE => "Ireland" ,
     IL => "Israel" ,
     IM => "Isle of Man" ,
     IN => "India" ,
     IO => "British Indian Ocean Territory" ,
     IQ => "Iraq" ,
     IR => "Iran, Islamic Republic of" ,
     IS => "Iceland" ,
     IT => "Italy" ,
     JE => "Jersey" ,
     JM => "Jamaica" ,
     JO => "Jordan" ,
     JP => "Japan" ,
     KE => "Kenya" ,
     KG => "Kyrgyzstan" ,
     KH => "Cambodia" ,
     KI => "Kiribati" ,
     KM => "Comoros" ,
     KN => "Saint Kitts and Nevis" ,
     KP => "Korea, Democratic People's Republic of" ,
     KR => "Korea, Republic of" ,
     KW => "Kuwait" ,
     KY => "Cayman Islands" ,
     KZ => "Kazakhstan" ,
     LA => "Lao People's Democratic Republic" ,
     LB => "Lebanon" ,
     LC => "Saint Lucia" ,
     LI => "Liechtenstein" ,
     LK => "Sri Lanka" ,
     LR => "Liberia" ,
     LS => "Lesotho" ,
     LT => "Lithuania" ,
     LU => "Luxembourg" ,
     LV => "Latvia" ,
     LY => "Libyan Arab Jamahiriya" ,
     MA => "Morocco" ,
     MC => "Monaco" ,
     MD => "Moldova, Republic of" ,
     ME => "Montenegro" ,
     MG => "Madagascar" ,
     MH => "Marshall Islands" ,
     MK => "Macedonia" ,
     ML => "Mali" ,
     MM => "Myanmar" ,
     MN => "Mongolia" ,
     MO => "Macau" ,
     MP => "Northern Mariana Islands" ,
     MQ => "Martinique" ,
     MR => "Mauritania" ,
     MS => "Montserrat" ,
     MT => "Malta" ,
     MU => "Mauritius" ,
     MV => "Maldives" ,
     MW => "Malawi" ,
     MX => "Mexico" ,
     MY => "Malaysia" ,
     MZ => "Mozambique" ,
     NA => "Namibia" ,
     NC => "New Caledonia" ,
     NE => "Niger" ,
     NF => "Norfolk Island" ,
     NG => "Nigeria" ,
     NI => "Nicaragua" ,
     NL => "Netherlands" ,
     NO => "Norway" ,
     NP => "Nepal" ,
     NR => "Nauru" ,
     NU => "Niue" ,
     NZ => "New Zealand" ,
     OM => "Oman" ,
     PA => "Panama" ,
     PE => "Peru" ,
     PF => "French Polynesia" ,
     PG => "Papua New Guinea" ,
     PH => "Philippines" ,
     PK => "Pakistan" ,
     PL => "Poland" ,
     PM => "Saint Pierre and Miquelon" ,
     PR => "Puerto Rico" ,
     PS => "Palestinian Territory, Occupied" ,
     PT => "Portugal" ,
     PW => "Palau" ,
     PY => "Paraguay" ,
     QA => "Qatar" ,
     RE => "Reunion" ,
     RO => "Romania" ,
     RS => "Serbia" ,
     RU => "Russian Federation" ,
     RW => "Rwanda" ,
     SA => "Saudi Arabia" ,
     SB => "Solomon Islands" ,
     SC => "Seychelles" ,
     SD => "Sudan" ,
     SE => "Sweden" ,
     SG => "Singapore" ,
     SH => "Saint Helena" ,
     SI => "Slovenia" ,
     SJ => "Svalbard and Jan Mayen" ,
     SK => "Slovakia" ,
     SL => "Sierra Leone" ,
     SM => "San Marino" ,
     SN => "Senegal" ,
     SO => "Somalia" ,
     SR => "Suriname" ,
     ST => "Sao Tome and Principe" ,
     SV => "El Salvador" ,
     SY => "Syrian Arab Republic" ,
     SZ => "Swaziland" ,
     TC => "Turks and Caicos Islands" ,
     TD => "Chad" ,
     TF => "French Southern Territories" ,
     TG => "Togo" ,
     TH => "Thailand" ,
     TJ => "Tajikistan" ,
     TK => "Tokelau" ,
     TL => "Timor-Leste" ,
     TM => "Turkmenistan" ,
     TN => "Tunisia" ,
     TO => "Tonga" ,
     TR => "Turkey" ,
     TT => "Trinidad and Tobago" ,
     TV => "Tuvalu" ,
     TW => "Taiwan" ,
     TZ => "Tanzania, United Republic of" ,
     UA => "Ukraine" ,
     UG => "Uganda" ,
     UM => "United States Minor Outlying Islands" ,
     US => "United States" ,
     UY => "Uruguay" ,
     UZ => "Uzbekistan" ,
     VA => "Holy See (Vatican City State)" ,
     VC => "Saint Vincent and the Grenadines" ,
     VE => "Venezuela" ,
     VG => "Virgin Islands, British" ,
     VI => "Virgin Islands, U.S." ,
     VN => "Vietnam" ,
     VU => "Vanuatu" ,
     WF => "Wallis and Futuna" ,
     WS => "Samoa" ,
     YE => "Yemen" ,
     YT => "Mayotte" ,
     ZA => "South Africa" ,
     ZM => "Zambia" ,
     ZW => "Zimbabwe" ,

IPv6

     AD =>  "Andorra" ,
     AE =>  "United Arab Emirates" ,
     AF =>  "Afghanistan" ,
     AL =>  "Albania" ,
     AM =>  "Armenia" ,
     AO =>  "Angola" ,
     AP =>  "Asia/Pacific Region" ,
     AR =>  "Argentina" ,
     AS =>  "American Samoa" ,
     AT =>  "Austria" ,
     AU =>  "Australia" ,
     AW =>  "Aruba" ,
     AZ =>  "Azerbaijan" ,
     BA =>  "Bosnia and Herzegovina" ,
     BD =>  "Bangladesh" ,
     BE =>  "Belgium" ,
     BF =>  "Burkina Faso" ,
     BG =>  "Bulgaria" ,
     BH =>  "Bahrain" ,
     BI =>  "Burundi" ,
     BJ =>  "Benin" ,
     BM =>  "Bermuda" ,
     BN =>  "Brunei Darussalam" ,
     BO =>  "Bolivia" ,
     BR =>  "Brazil" ,
     BS =>  "Bahamas" ,
     BT =>  "Bhutan" ,
     BW =>  "Botswana" ,
     BY =>  "Belarus" ,
     BZ =>  "Belize" ,
     CA =>  "Canada" ,
     CD =>  "Congo, The Democratic Republic of the" ,
     CH =>  "Switzerland" ,
     CI =>  "Cote D'Ivoire" ,
     CK =>  "Cook Islands" ,
     CL =>  "Chile" ,
     CM =>  "Cameroon" ,
     CN =>  "China" ,
     CO =>  "Colombia" ,
     CR =>  "Costa Rica" ,
     CU =>  "Cuba" ,
     CW =>  "" ,
     CY =>  "Cyprus" ,
     CZ =>  "Czech Republic" ,
     DE =>  "Germany" ,
     DJ =>  "Djibouti" ,
     DK =>  "Denmark" ,
     DO =>  "Dominican Republic" ,
     DZ =>  "Algeria" ,
     EC =>  "Ecuador" ,
     EE =>  "Estonia" ,
     EG =>  "Egypt" ,
     ES =>  "Spain" ,
     EU =>  "Europe" ,
     FI =>  "Finland" ,
     FJ =>  "Fiji" ,
     FM =>  "Micronesia, Federated States of" ,
     FO =>  "Faroe Islands" ,
     FR =>  "France" ,
     GB =>  "United Kingdom" ,
     GD =>  "Grenada" ,
     GE =>  "Georgia" ,
     GG =>  "Guernsey" ,
     GH =>  "Ghana" ,
     GI =>  "Gibraltar" ,
     GL =>  "Greenland" ,
     GM =>  "Gambia" ,
     GP =>  "Guadeloupe" ,
     GR =>  "Greece" ,
     GT =>  "Guatemala" ,
     GU =>  "Guam" ,
     GY =>  "Guyana" ,
     HK =>  "Hong Kong" ,
     HN =>  "Honduras" ,
     HR =>  "Croatia" ,
     HT =>  "Haiti" ,
     HU =>  "Hungary" ,
     ID =>  "Indonesia" ,
     IE =>  "Ireland" ,
     IL =>  "Israel" ,
     IM =>  "Isle of Man" ,
     IN =>  "India" ,
     IQ =>  "Iraq" ,
     IR =>  "Iran, Islamic Republic of" ,
     IS =>  "Iceland" ,
     IT =>  "Italy" ,
     JE =>  "Jersey" ,
     JM =>  "Jamaica" ,
     JO =>  "Jordan" ,
     JP =>  "Japan" ,
     KE =>  "Kenya" ,
     KG =>  "Kyrgyzstan" ,
     KH =>  "Cambodia" ,
     KN =>  "Saint Kitts and Nevis" ,
     KR =>  "Korea, Republic of" ,
     KW =>  "Kuwait" ,
     KY =>  "Cayman Islands" ,
     KZ =>  "Kazakhstan" ,
     LA =>  "Lao People's Democratic Republic" ,
     LB =>  "Lebanon" ,
     LI =>  "Liechtenstein" ,
     LK =>  "Sri Lanka" ,
     LS =>  "Lesotho" ,
     LT =>  "Lithuania" ,
     LU =>  "Luxembourg" ,
     LV =>  "Latvia" ,
     LY =>  "Libyan Arab Jamahiriya" ,
     MA =>  "Morocco" ,
     MC =>  "Monaco" ,
     MD =>  "Moldova, Republic of" ,
     ME =>  "Montenegro" ,
     MG =>  "Madagascar" ,
     MH =>  "Marshall Islands" ,
     MK =>  "Macedonia" ,
     ML =>  "Mali" ,
     MM =>  "Myanmar" ,
     MN =>  "Mongolia" ,
     MO =>  "Macau" ,
     MT =>  "Malta" ,
     MU =>  "Mauritius" ,
     MV =>  "Maldives" ,
     MW =>  "Malawi" ,
     MX =>  "Mexico" ,
     MY =>  "Malaysia" ,
     MZ =>  "Mozambique" ,
     NA =>  "Namibia" ,
     NC =>  "New Caledonia" ,
     NF =>  "Norfolk Island" ,
     NG =>  "Nigeria" ,
     NI =>  "Nicaragua" ,
     NL =>  "Netherlands" ,
     NO =>  "Norway" ,
     NP =>  "Nepal" ,
     NR =>  "Nauru" ,
     NU =>  "Niue" ,
     NZ =>  "New Zealand" ,
     OM =>  "Oman" ,
     PA =>  "Panama" ,
     PE =>  "Peru" ,
     PF =>  "French Polynesia" ,
     PG =>  "Papua New Guinea" ,
     PH =>  "Philippines" ,
     PK =>  "Pakistan" ,
     PL =>  "Poland" ,
     PR =>  "Puerto Rico" ,
     PS =>  "Palestinian Territory" ,
     PT =>  "Portugal" ,
     PW =>  "Palau" ,
     PY =>  "Paraguay" ,
     QA =>  "Qatar" ,
     RO =>  "Romania" ,
     RS =>  "Serbia" ,
     RU =>  "Russian Federation" ,
     RW =>  "Rwanda" ,
     SA =>  "Saudi Arabia" ,
     SB =>  "Solomon Islands" ,
     SC =>  "Seychelles" ,
     SD =>  "Sudan" ,
     SE =>  "Sweden" ,
     SG =>  "Singapore" ,
     SI =>  "Slovenia" ,
     SK =>  "Slovakia" ,
     SL =>  "Sierra Leone" ,
     SM =>  "San Marino" ,
     SN =>  "Senegal" ,
     SO =>  "Somalia" ,
     ST =>  "Sao Tome and Principe" ,
     SV =>  "El Salvador" ,
     SY =>  "Syrian Arab Republic" ,
     SZ =>  "Swaziland" ,
     TH =>  "Thailand" ,
     TK =>  "Tokelau" ,
     TN =>  "Tunisia" ,
     TO =>  "Tonga" ,
     TR =>  "Turkey" ,
     TT =>  "Trinidad and Tobago" ,
     TV =>  "Tuvalu" ,
     TW =>  "Taiwan" ,
     TZ =>  "Tanzania, United Republic of" ,
     UA =>  "Ukraine" ,
     UG =>  "Uganda" ,
     US =>  "United States" ,
     UY =>  "Uruguay" ,
     UZ =>  "Uzbekistan" ,
     VA =>  "Holy See (Vatican City State)" ,
     VE =>  "Venezuela" ,
     VI =>  "Virgin Islands, U.S." ,
     VN =>  "Vietnam" ,
     VU =>  "Vanuatu" ,
     WS =>  "Samoa" ,
     YE =>  "Yemen" ,
     ZA =>  "South Africa" ,
     ZM =>  "Zambia" ,
     ZW =>  "Zimbabwe" ,

Documentation


Frequently Used Articles

- FAQs - Manpages - Configuration File Basics - Beginner Documentation - Troubleshooting

Shorewall 4.4/4.5/4.6 Documentation

Shorewall 4.0/4.2 Documentation


Shorewall 5.0/5.1/5.2 HOWTOs and Other Articles

- 6to4 and 6in4 Tunnels - Accounting - Actions - Aliased (virtual) Interfaces (e.g., eth0:0) - Anatomy of Shorewall - Anti-Spoofing Measures - AUDIT Target support - Bandwidth Control - Blacklisting/Whitelisting - Bridge/Firewall - Building Shorewall from GIT - Commands - Compiled Programs - Configuration File Basics - DHCP - DNAT - Docker - Dynamic Zones - ECN Disabling by host or subnet - Events - Extension Scripts - Fallback/Uninstall - FAQs - Features - Fool's Firewall - Forwarding Traffic on the Same Interface - FTP and Shorewall - Helpers/Helper Modules - Installation/Upgrade - IPP2P - IPSEC - Ipsets - IPv6 Support - ISO 3661 Country Codes - Kazaa Filtering - Kernel Configuration - KVM (Kernel-mode Virtual Machine) - Limiting Connection Rates - Linux Containers (LXC) - Linux-vserver - Logging - Macros - MAC Verification - Manpages - Manual Chains - Masquerading - Multiple Internet Connections from a Single Firewall - Multiple Zones Through One Interface - My Shorewall Configuration - Netfilter Overview - Network Mapping - No firewalling of traffic between bridge port - One-to-one NAT - Operating Shorewall - OpenVPN - OpenVZ - Packet Marking - Packet Processing in a Shorewall-based Firewall - 'Ping' Management - Port Forwarding - Port Information - Port Knocking (deprecated) - Port Knocking, Auto Blacklisting and Other Uses of the 'Recent Match' - PPTP - Proxy ARP - QuickStart Guides - Release Model - Requirements - Routing and Shorewall - Routing on One Interface - Samba - Shared Shorewall/Shorewall6 Configuration - Shorewall Events - Shorewall Init - Shorewall Lite - Shorewall on a Laptop - Shorewall Perl - Shorewall Setup Guide - SMB - SNAT - Split DNS the Easy Way - Squid with Shorewall - Starting/stopping the Firewall - Static (one-to-one) NAT - Support - Tips and Hints - Traffic Shaping/QOS - Simple - Traffic Shaping/QOS - Complex - Transparent Proxy - UPnP - Upgrade Issues - Upgrading to Shorewall 4.4 (Upgrading Debian Lenny to Squeeze) - VPN - VPN Passthrough - White List Creation - Xen - Shorewall in a Bridged Xen DomU - Xen - Shorewall in Routed Xen Dom0

Top of Page