OS

2022.02.14 15:51

Xtables-2.11 설치 (GeoIP)

  • 비아웹 오래 전 2022.02.14 15:51 인기
  • 4,423
    0

1. 테스트 환경

OS : CentOS Linux release 7.7.1908 (Core)

SELINUX : disabled

Kernel Version : kernel-3.10.0-1062.el7.x86_64

테스트 일자 : 2020.11.17

 

2. 패키지 설치

root@viaweb:~/source:# yum -y install wget gcc gcc-c++ make automake unzip zip xz iptables-devel perl-Text-CSV_XS perl-CPAN

3. kernel-devel 설치 ( kernel과 동일한 버전을 설치해야합니다. )

- 현재 구동 커널과 동일버전의 kernel-devel 설치

- CentOS kernel devel

https://archive.kernel.org/centos-vault/

 

 

4. 소스 다운로드

root@viaweb:~/source:# wget http://ftp.naist.jp/pub/lang/perl/CPAN/modules/by-module/NetAddr/NetAddr-IP-4.078.tar.gz root@viaweb:~/source:# wget https://sourceforge.net/projects/xtables-addons/files/Xtables-addons/xtables-addons-2.11.tar.xz

5. NetAddr-IP-4.078 설치

root@viaweb:~/source:# tar xvfz NetAddr-IP-4.078.tar.gz root@viaweb:~/source:# cd NetAddr-IP-4.078 root@viaweb:~/source/NetAddr-IP-4.078:# perl Makefile.PL root@viaweb:~/source/NetAddr-IP-4.078:# make && make install

6. xtables-addons-2.11 설치

root@viaweb:~/source:# tar -xvf xtables-addons-2.11.tar.xz root@viaweb:~/source:# cd xtables-addons-2.11 root@viaweb:~/source/xtables-addons-2.11:# vi mconfig ##(12번 라인 build_TARPIT=m 주석추가)## ---- vi mconfig ---- # -*- Makefile -*- # build_ACCOUNT=m build_CHAOS=m build_DELUDE=m build_DHCPMAC=m build_DNETMAP=m build_ECHO=m build_IPMARK=m build_LOGMARK=m build_SYSRQ=m #build_TARPIT=m <= 주석처리 # build_condition=m build_fuzzy=m build_geoip=m build_gradm=m build_iface=m build_ipp2p=m build_ipv4options=m build_length2=m build_lscan=m build_pknock=m build_psd=m ---- vi mconfig ---- root@viaweb:~/source/xtables-addons-2.11:# ./configure root@viaweb:~/source/xtables-addons-2.11:# make && make install

7. CSV파일에서 국가코드 데이터베이스 추출


* GeoIP DB 파일 경로 : /usr/share/xt_geoip/BE & LE

root@viaweb]# cd xtables-addons-2.11/geoip root@viaweb]# wget https://files-cdn.liferay.com/mirrors/geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip root@viaweb]# unzip GeoIPCountryCSV.zip root@viaweb]# ./xt_geoip_build GeoIPCountryWhois.csv root@viaweb]# mkdir -p /usr/share/xt_geoip/ root@viaweb]# /bin/cp -r {BE,LE}/usr/share/xt_geoip/

8. GeoIP 설치 후 iptables 연동 확인

#ex) 중국(CN)차단

root@viaweb:~:# iptables -AINPUT-m geoip --src-cc CN-j DROP

감사합니다.

서버호스팅 비아웹

 

  • 공유링크 복사
  • 이전글CentOS 5.X iptables_GeoIP Install2022.02.14
  • 다음글apache2.4 mod_cband 연동2022.02.14

    • 댓글목록

    등록된 댓글이 없습니다.