At home there are usually a lot of devices using the internet. Unwanted advertisments Unerwünschte Werbung kann man mit diversen Browserplugins in einem can be suppressed with browser plugins but this requires to install a pugin on every device - multiple tablets, multiple smartphones, multiple laptops and multiple desktops.

Everybody running a server on a Raspberry with an open internet connection should protect against unauthorized access. There are various ways to protect. An additional protection is to restrict access to the Raspberry to specific IP ranges. The easiest way to do this is by using geoip and iptables and allow access from IPs from your country only. Actually this makes sense only if the server is used by you only and is no open server for everybody (owncloud, seafile, ...).

Just execute following steps in order to install geoip on Raspbian Stretch:

1) Install the xtables-addons

sudo apt-get install raspberrypi-kernel-headers

tar xf xtables-addons-2.14.tar.xz
cd xtables-addons-2.14
make install


Kudos to @Basti

You can also use DKMS to build this module. Place source to /usr/src/xtables-addons-2.14 for example and create a dkms.conf in there. I have used the file shipped with xtables-addons-dkms_2.12-0.1_all.deb and edit the PACKAGE_VERSION="2.14" and
DEST_MODULE_LOCATION[0]="/extra". More infos about dkms (


2) Create a file /usr/local/bin/ and insert following code

set -euo pipefail

set +e
if ! dpkg -l xtables-addons-common >/dev/null ; then
        apt install xtables-addons-common
if ! dpkg -l libtext-csv-xs-perl >/dev/null ; then
        apt install libtext-csv-xs-perl
set -e

if [ ! -d /usr/share/xt_geoip ]; then
        mkdir /usr/share/xt_geoip

geotmpdir=$(mktemp -d)
csv_files="${geotmpdir}/GeoIPCountryWhois.csv ${geotmpdir}/GeoIPv6.csv"
cd "${geotmpdir}"
/usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip ${csv_files}
cd "${OLDPWD}"
rm -r "${geotmpdir}"
exit 0

3) Make this file executable and invoke it

chmod +x /usr/local/bin/

4) Add iptables rules to accept IPs from US and Germany


iptables -A INPUT -m geoip --src-cc DE,US -m conntrack --ctstate NEW -j ACCEPT



If you get iptables: No chain/target/match by that name. error messages test whether the xtables_addons are installed correctly

modprobe -c | grep x_tab

should display a long list of modules.

modprobe xt_geoip

Should succeed.

depmod -a

may also help to fix the issue.



Maxmind geoip

GeoIP based filtering with iptables

Linoxide: Block IP from countries using Geoip

Netfilter: geoip howto

Xtables-addons (source code)

Blocklist ipsets

How to install kernel headers

Linxu headers rpi from mhieenka
Solved: iptables & geoip

rpi-source wiki

Alternative: ipset usage (German)

Every Raspberry beginner starts with a NOOBS image, which is listed by first as the suggested image to use (See

NOOBS allows to start different operating systems which is useful when you want to evaluate the different alternatives to decide which is the right one for you. Unfortunately most of the people continue to use NOOBS when they have decided which OS to use. But that's the point to setup a new image with only one operating system.


NOOBS is no normal Linux system and has various quirks which causes a lot of headache sooner or later. If you ask for help if you have issues with NOOBS there is low probability you will get any responses. All experienced Raspberry users don't use NOOBS. As soon as you have decided which OS to use setup a new image and don't use NOOBS any more. This will make your life much easier when using your Raspberry.

raspiBackup supports NOOBS images in partitionorientierted backupmode . For production like systems it's suggested to create a single operating system image and backup this with raspiBackup in normal backup mode. the normal backup mode is also able to save an external root partition.

I just wanted to get nfs up and running on my Raspberry Jessie and got the uggly error message. Root cause is the nfs-server starts before rpcbind. If you restart the nfs-server after boot it will work. But will not work again after reboot. Following page describes how to get this fixed.

If you want to clone a SD image which was created on a Raspberry Pi and use the cloned SD on another Raspberry you have to execute one important additional step. Otherwise the Raspberry starting with the cloned SD card will not get a network connection.

To learn to use threading in Python you have to have a concrete problem to solve. Just use Raspberry Pi to connet 6 LEDs and manage them via GIO. On the following pages I describe how to customize my sample program to simulate tarffic lights. You also find a video which shows the program in action and a download link for the sample program.


The Raspberry Pi is a nice system which is used a lot of time to provide server services to be accessible from worldwide. That's Owncloud, a HTTP server, seafile or other services..

A VPN is the right way to access the server in a secure way. But if you want to give a lot of people access there is no way other than to allow access direct from the internet. Usually you use a DMZ for this but that's a feature a normal home router doesn't have. But now you should protect the Raspberry from internet access as far as you can and also protect your home network from access from the pi server when an intruder managed to get access to the pi. But note: If an the intruder managed to get root access then the iptables firewall can be turned off very quickly. So it's very important to get SW updates on a regular base.

Following article describes how to configure an iptables firewall to protect it from unauthorized access from the internet and to protect a local home network to be attacked from the server - just in case.

Owncloud has a very poor performance on Raspberry Pi. But seafile runs very fast if running on nginx. There exist already a lot of instructions how to install seafile on raspberry so you will find links to these website on the following page which I used to install seafile. In addition I wrote down the sequence of steps I executed. It's primaily a combination of the various installation instructions which I found. My config files of seafile running with nginx can be downloaded as sample config files for your convenience. In addition there is a startscript for /etc/init.d available which starts seafile all the time when Linux ist started and and stops it when it's shut down. 

Characteristics of the seafileserver: is used as external dns name, nginx (no apache), runs on secure https port and offers webdav services.

Raspberry Pi usually runs Linux (raspbian oder raspbmc). Linux allows to mount various external data sources. Following protocols are used commonly: SAMBA: smbfs/cifs, NFS: nfs, SSH: sshfs, FTP: cupsftp and Cloudspace: webdav/davfs. Following article explains with sample config files how to get access to these different datasourecs on the Raspberry Pi.

Raspberry Pi runs with Raspian, a Debian compiled for ARM architecture. Pi has an ethernet adapter and usually also an USB WLAN adapter is attached in order to be able to access Pi wireless. Given this hardware you can use the Raspberry Pi as an ethernet to WLAN bridge and/or as an access point with a cable connection. The following article explains how to create an ethernet to WLAN bridge on Debian and Raspberry Pi running Raspbian but will work also on other Linux distributions.
Raspberry Pi runs with Raspian, a Debian compiled for  ARM architecture. Pi has an ethernet adapter and usually a USB WLAN adapter is also attached in order to be able to have wireless access to Pi. Given this hardware you can use the Raspberry Pi as a  ethernet to WLAN bridge and/or as an access point with a cable connection. The following article explains ho to create a ethernet to WLAN bridge on Debian and Raspberry Pi running Raspbian.
Update March 1st, 2014: Until kernel 3.6.11+ everything works as described below. Starting with 3.10.25+ ist doesn't work any more and a router has to be configured.
Update March 2018: There exists another way to create a kind of bridge by using an arp proxy. See here.