티스토리 뷰

Linux

firewalld + geoip with CentOS7

초보의 CHOMAN 2019.08.26 16:01

firewalld + geoip with CentOS7

geoip 는 간단하게 yum 설치만으로 연동할수 있을줄 알았는데 잘 안되네

참고 원문 사이트 (시골청년의 엔지니어이야기)

https://xinet.kr/?p=2132

사전 필요 패키지 설치?

yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel openssh-clients perl-CPAN irqbalance ntsysv vim pci*  ncurses* ipvsadm bridge-utils wget  libmnl* perl-NetAddr-IP perl-Text-CSV_XS

xtables-addon 다운로드 및 설치

https://sourceforge.net/projects/xtables-addons/

설치 (/usr/local/src/xtables-addons-2.14)

/usr/local/src/xtables-addons-2.14/mconfig (geoip 만 설치)
# -*- Makefile -*-
#
build_geoip=m

./configure && make && make install

geoip --> geoip2 로 변경된것에 따른 다운로드 필요

https://github.com/mschmitt/GeoLite2xtables

geolist2xtables 실행 (/usr/local/src/GeoLite2xtables-master)

cpan -i NetAddr::IP
./00_download_geolite2
./10_download_countryinfo
mkdir -p /usr/share/xt_geoip
cat /tmp/GeoLite2-Country-Blocks-IPv{4,6}.csv | ./20_convert_geolite2 /tmp/CountryInfo.txt > /usr/share/xt_geoip/GeoIP-legacy.csv

/usr/local/src/xtables-addons-2.14 다시 설치 (/usr/local/src/xtables-addons-2.14/geoip)

./xt_geoip_build -D /usr/share/xt_geoip /usr/share/xt_geoip/GeoIP-legacy.csv

firewalld 설정해보기

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -m geoip ! --src-cc KR -j DROP
firewall-cmd --reload

둘다 success 뜨면 설치 잘 된것

'Linux' 카테고리의 다른 글

smt  (0) 2019.08.27
mod_geoip + httpd  (0) 2019.08.26
firewalld + geoip with CentOS7  (0) 2019.08.26
Can't locate NetAddr/IP.pm in @INC  (0) 2019.08.26
firewalld + ipset with CentOS7  (0) 2019.08.26
Geoip2  (0) 2019.08.13
댓글
댓글쓰기 폼