Important
This setup forces iptables-legacy (not nftables) and installs a custom-built xt_geoip_query tool written in C to properly read modern GeoIP databases (xtables-addons ≥ 3.20).
The script does not modify firewall rules automatically; it only echoes recommended examples.
Caution
If you use Docker or containerized services, switching to iptables-legacy can temporarily break container networking.
This happens because Docker manages its own NAT and MASQUERADE rules, which can be lost when iptables backends change or modules are reloaded.
SEE NOTES BELOW.