OS
CentOS 5.X iptables_GeoIP Install
- 비아웹 오래 전 2022.02.14 16:03 인기
-
3,850
0
1. 테스트 환경
OS : CentOS release 5.9 (Final)
SELINUX : disabled
IPTABLES Version : iptables v1.3.5
테스트 일자 : 2020.11.18
2. 패키지 설치
root@viaweb:~:# yum -y install wget make unzip zip xz gcc gcc-c++
3. 소스 다운로드
https://ftp.cc.uoc.gr/mirrors/ftp.netfilter.org/patch-o-matic-ng/snapshot/patch-o-matic-ng-20071231.tar.bz2http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/iptables-1.3.5-5.3.el5.src.rpm
root@viaweb]# cd /usr/src
root@viaweb]# wget https://ftp.cc.uoc.gr/mirrors/ftp.netfilter.org/patch-o-matic-ng/snapshot/patch-o-matic-ng-20071231.tar.bz2
root@viaweb]# wget http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/iptables-1.3.5-5.3.el5.src.rpm
root@viaweb]# tar xvfj patch-o-matic-ng-20071231.tar.bz2
root@viaweb]# rpm -ivh iptables-1.3.5-5.3.el5.src.rpm
4. patch-o-matic-ng 적용 및 iptables 리빌드
root@viaweb]# cd /usr/src/redhat/SOURCES/
root@viaweb]:# tar xvfj iptables-1.3.5.tar.bz2
root@viaweb]# ln -s /usr/src/redhat/SOURCES/iptables-1.3.5/usr/src/iptables
root@viaweb]# ln -s /usr/src/kernels/2.6.18-348.el5-x86_64 /usr/src/linux
root@viaweb]# cd /usr/src/patch-o-matic-ng-20071231
root@viaweb:/usr/src/patch-o-matic-ng-20071231:# ./runme --download
실행화면
http://svn.berlios.de/svnroot/repos/portknocko/trunk/pom/: bad patch name in the server error log.</p>, ignored
http://svn.berlios.de/svnroot/repos/portknocko/trunk/pom/: bad patch name </body></html>, ignored
Hey!KERNEL_DIR is not set.
Where is your kernel source directory?[/usr/src/linux] # 엔터
::
Hey!IPTABLES_DIR is not set.
Where is your iptables source code directory?[/usr/src/iptables] # 엔터
root@viaweb:/usr/src/patch-o-matic-ng-20071231:# ./runme geoip
실행화면
Hey!KERNEL_DIR is not set.
Where is your kernel source directory?[/usr/src/linux] # 엔터
Hey!IPTABLES_DIR is not set.
Where is your iptables source code directory?[/usr/src/iptables] # 엔터
::
The only extra files you need is a binary db(geoipdb.bin)& its index file(geoipdb.idx).
Take a look at http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO.html
for a quick HOWTO.
-----------------------------------------------------------------
Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y <== y
root@viaweb:/usr/src/patch-o-matic-ng-20071231:# cd /usr/src/iptables
root@viaweb:/usr/src/iptables:# make
root@viaweb:/usr/src/iptables:# cd extensions
root@viaweb:/usr/src/iptables/extentions:# cp libipt_geoip.so /lib64/iptables/
5. 커널 수동 업데이트
root@viaweb:/usr/src/iptables/extentions:# cd /usr/src/linux/
root@viaweb:/usr/src/linux:# make oldconfig
root@viaweb:/usr/src/linux:# make modules_prepare
root@viaweb:/usr/src/linux:# cd net/ipv4/netfilter/
root@viaweb:/usr/src/linux/net/ipv4/netfilter:# mv Makefile Makefile.ori
root@viaweb:/usr/src/linux/net/ipv4/netfilter:# vi Makefile (아래 내용 추가 후 저장)
-- vi Makefile --
obj-m := ipt_geoip.o
KDIR:=/lib/modules/$(shell uname -r)/build
PWD:=$(shell pwd)default:$(MAKE)-C$(KDIR)M=$(PWD) modules
-- vi Makefile --
root@viaweb]# cd /usr/src/linux/
root@viaweb]# make M=net/ipv4/netfilter
root@viaweb]# cp net/ipv4/netfilter/ipt_geoip.ko /lib/modules/2.6.18-348.el5/kernel/net/ipv4/netfilter/
root@viaweb]# chmod 744/lib/modules/2.6.18-348.el5/kernel/net/ipv4/netfilter/ipt_geoip.ko
root@viaweb]# depmod -a
root@viaweb]# modprobe ipt_geoip
root@viaweb]# lsmod | grep geoip
6. CSV 파일에서 국가코드 데이터베이스 추출
* GeoIP 모듈은 /var/geoip 경로를 사용
root@viaweb:/usr/src/linux:# cd /usr/local/src/
root@viaweb:/usr/src/linux:# mkdir -p /var/geoip
root@viaweb:/usr/local/src:#
wget http://people.netfilter.org/peejix/geoip/tools/csv2bin-20041103.tar.gz
root@viaweb:/usr/local/src:# tar xvfz csv2bin-20041103.tar.gz
root@viaweb:/usr/local/src:# cd csv2bin
root@viaweb:/usr/local/src/csv2bin:# make
root@viaweb:/usr/local/src/csv2bin:# /bin/cp -r csv2bin /var/geoip/
root@viaweb:/usr/local/src/csv2bin:# cd /var/geoip/
root@viaweb:/var/geoip:#
wget http://attic-distfiles.pld-linux.org/by-md5/4/e/4e22dd36f85737f45f8595d0ba1f2e85/GeoIPCountryCSV.zip
root@viaweb:/var/geoip:# unzip GeoIPCountryCSV.zip
root@viaweb:/var/geoip:# ./csv2bin GeoIPCountryWhois.csv
root@viaweb:/var/geoip:# cp geoipdb.*/var/geoip/
7. GeoIP 설치 후 iptables 연동 확인
# 중국차단
root@viaweb:~:# iptables -AINPUT-m geoip --src-cc CN-j DROP
감사합니다.
서버호스팅 비아웹
- 이전글NGINX-1.19.4 Compile 설치2022.02.14
- 다음글Xtables-2.11 설치 (GeoIP)2022.02.14
댓글목록
등록된 댓글이 없습니다.