OS

2022.02.14 16:03

CentOS 5.X iptables_GeoIP Install

  • 비아웹 오래 전 2022.02.14 16:03 인기
  • 3,797
    0

1. 테스트 환경

OS : CentOS release 5.9 (Final)

SELINUX : disabled

IPTABLES Version : iptables v1.3.5

테스트 일자 : 2020.11.18

 

2. 패키지 설치

root@viaweb:~:# yum -y install wget make unzip zip xz gcc gcc-c++

3. 소스 다운로드

https://ftp.cc.uoc.gr/mirrors/ftp.netfilter.org/patch-o-matic-ng/snapshot/patch-o-matic-ng-20071231.tar.bz2http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/iptables-1.3.5-5.3.el5.src.rpm
root@viaweb]# cd /usr/src root@viaweb]# wget https://ftp.cc.uoc.gr/mirrors/ftp.netfilter.org/patch-o-matic-ng/snapshot/patch-o-matic-ng-20071231.tar.bz2 root@viaweb]# wget http://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/iptables-1.3.5-5.3.el5.src.rpm root@viaweb]# tar xvfj patch-o-matic-ng-20071231.tar.bz2 root@viaweb]# rpm -ivh iptables-1.3.5-5.3.el5.src.rpm

4. patch-o-matic-ng 적용 및 iptables 리빌드

root@viaweb]# cd /usr/src/redhat/SOURCES/ root@viaweb]:# tar xvfj iptables-1.3.5.tar.bz2 root@viaweb]# ln -s /usr/src/redhat/SOURCES/iptables-1.3.5/usr/src/iptables root@viaweb]# ln -s /usr/src/kernels/2.6.18-348.el5-x86_64 /usr/src/linux root@viaweb]# cd /usr/src/patch-o-matic-ng-20071231
root@viaweb:/usr/src/patch-o-matic-ng-20071231:# ./runme --download 실행화면 http://svn.berlios.de/svnroot/repos/portknocko/trunk/pom/: bad patch name in the server error log.</p>, ignored http://svn.berlios.de/svnroot/repos/portknocko/trunk/pom/: bad patch name </body></html>, ignored Hey!KERNEL_DIR is not set. Where is your kernel source directory?[/usr/src/linux] # 엔터 :: Hey!IPTABLES_DIR is not set. Where is your iptables source code directory?[/usr/src/iptables] # 엔터
root@viaweb:/usr/src/patch-o-matic-ng-20071231:# ./runme geoip 실행화면 Hey!KERNEL_DIR is not set. Where is your kernel source directory?[/usr/src/linux] # 엔터 Hey!IPTABLES_DIR is not set. Where is your iptables source code directory?[/usr/src/iptables] # 엔터 :: The only extra files you need is a binary db(geoipdb.bin)& its index file(geoipdb.idx). Take a look at http://people.netfilter.org/peejix/geoip/howto/geoip-HOWTO.html for a quick HOWTO.
----------------------------------------------------------------- Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y <== y
root@viaweb:/usr/src/patch-o-matic-ng-20071231:# cd /usr/src/iptables root@viaweb:/usr/src/iptables:# make root@viaweb:/usr/src/iptables:# cd extensions root@viaweb:/usr/src/iptables/extentions:# cp libipt_geoip.so /lib64/iptables/

5. 커널 수동 업데이트

root@viaweb:/usr/src/iptables/extentions:# cd /usr/src/linux/ root@viaweb:/usr/src/linux:# make oldconfig root@viaweb:/usr/src/linux:# make modules_prepare root@viaweb:/usr/src/linux:# cd net/ipv4/netfilter/ root@viaweb:/usr/src/linux/net/ipv4/netfilter:# mv Makefile Makefile.ori root@viaweb:/usr/src/linux/net/ipv4/netfilter:# vi Makefile (아래 내용 추가 후 저장)
-- vi Makefile -- obj-m := ipt_geoip.o KDIR:=/lib/modules/$(shell uname -r)/build PWD:=$(shell pwd)default:$(MAKE)-C$(KDIR)M=$(PWD) modules -- vi Makefile --
root@viaweb]# cd /usr/src/linux/ root@viaweb]# make M=net/ipv4/netfilter root@viaweb]# cp net/ipv4/netfilter/ipt_geoip.ko /lib/modules/2.6.18-348.el5/kernel/net/ipv4/netfilter/ root@viaweb]# chmod 744/lib/modules/2.6.18-348.el5/kernel/net/ipv4/netfilter/ipt_geoip.ko root@viaweb]# depmod -a root@viaweb]# modprobe ipt_geoip root@viaweb]# lsmod | grep geoip

6. CSV 파일에서 국가코드 데이터베이스 추출

* GeoIP 모듈은 /var/geoip 경로를 사용

root@viaweb:/usr/src/linux:# cd /usr/local/src/ root@viaweb:/usr/src/linux:# mkdir -p /var/geoip root@viaweb:/usr/local/src:#
wget http://people.netfilter.org/peejix/geoip/tools/csv2bin-20041103.tar.gz
root@viaweb:/usr/local/src:# tar xvfz csv2bin-20041103.tar.gz root@viaweb:/usr/local/src:# cd csv2bin root@viaweb:/usr/local/src/csv2bin:# make root@viaweb:/usr/local/src/csv2bin:# /bin/cp -r csv2bin /var/geoip/ root@viaweb:/usr/local/src/csv2bin:# cd /var/geoip/ root@viaweb:/var/geoip:#
wget http://attic-distfiles.pld-linux.org/by-md5/4/e/4e22dd36f85737f45f8595d0ba1f2e85/GeoIPCountryCSV.zip root@viaweb:/var/geoip:# unzip GeoIPCountryCSV.zip root@viaweb:/var/geoip:# ./csv2bin GeoIPCountryWhois.csv root@viaweb:/var/geoip:# cp geoipdb.*/var/geoip/

7. GeoIP 설치 후 iptables 연동 확인

# 중국차단

root@viaweb:~:# iptables -AINPUT-m geoip --src-cc CN-j DROP

감사합니다.

서버호스팅 비아웹


 

  • 공유링크 복사
  • 이전글NGINX-1.19.4 Compile 설치2022.02.14
  • 다음글Xtables-2.11 설치 (GeoIP)2022.02.14

    • 댓글목록

    등록된 댓글이 없습니다.