¶óÀ̼¾½º ¹ß±ÞÀº ¾Æ·¡ URLÀ» Âü°í
Maxmind GeoIP2 ¾÷µ¥ÀÌÆ®
¼³Ä¡È¯°æ
OS : Ubuntu 18.04 LTS
# cat /etc/issue
Ubuntu 18.04.3 LTS \n \l
# iptables -m geoip
iptables v1.6.1: Couldn't load match `geoip':No such file or directory
Try `iptables -h' or 'iptables --help' for more information.
¼³Ä¡¿¡ ÇÊ¿äÇÑ ±âº»ÆÐÅ°Áö ¼³Ä¡
# apt install -y unzip libtext-csv-xs-perl
# apt install -y libmoosex-types-netaddr-ip-perl xtables-addons-common
´Ù¿î·Îµå
¿©±â¼´Â ¾Æ·¡ github ¿¡¼ ¹èÆ÷ÇÏ°í ÀÖ´Â ¼³Ä¡ ¹× ¾÷µ¥ÀÌÆ® ¹æ¹ýÀ¸·Î ÁøÇàÇÑ´Ù.
# git clone https://github.com/mschmitt/GeoLite2xtables
# cd GeoLite2xtables
ȸ¿ø°¡ÀÔÀ» ÅëÇØ ¹ß±Þ¹ÞÀº ¶óÀ̼¾½ºÅ° ÀÔ·Â
# cp geolite2.license.example geolite2.license
# vim geolite2.license
YOUR_LICENSE_KEY='<LICENSE_KEY>'
µ¥ÀÌŸ Á¤º¸ ´Ù¿î·Îµå
# ./00_download_geolite2
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1743k 100 1743k 0 0 1812k 0 --:--:-- --:--:-- --:--:-- 1810k
Archive: /tmp/tmp.LvtWjSCkxP
inflating: /tmp/GeoLite2-Country-Blocks-IPv4.csv
inflating: /tmp/GeoLite2-Country-Blocks-IPv6.csv
# ./10_download_countryinfo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 31523 100 31523 0 0 9947 0 0:00:03 0:00:03 --:--:-- 9947
´Ù¿î·ÎµåµÈ Á¤º¸ Æ÷¸Ëº¯È¯
# mkdir /usr/share/xt_geoip
# cat /tmp/GeoLite2-Country-Blocks-IPv{4,6}.csv | ./20_convert_geolite2 /tmp/CountryInfo.txt > /usr/share/xt_geoip/GeoIP-legacy.csv
10000
20000
..........
..........
390000
400000
º¯È¯µÈ Æ÷¸ËÆÄÀÏÀ» xtables geoip build
# /usr/lib/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip /usr/share/xt_geoip/GeoIP-legacy.csv
# pwd
/usr/share/xt_geoip
# ls -l
total 37632
drwxr-xr-x 2 root root 16384 Mar 31 15:25 BE
-rw-r--r-- 1 root root 38501371 Mar 31 15:24 GeoIP-legacy.csv
drwxr-xr-x 2 root root 16384 Mar 31 15:25 LE
¼³Ä¡È®ÀÎ
:: º»¹®¿¡¼´Â KR(Çѱ¹) Æ®·¡ÇÈ°ú ! KR Æ®·¡ÇÈÀ» Ä«¿îÆÃÇÏ°í ·Î±ëÀ» À§ÇÑ RuleÀÌ¸ç ±âº» RuleÀ» Áö¿ì°í(-F) ÁøÇàÇÏ¿´´Ù.
# iptables -F
# iptables -A INPUT -m geoip --src-cc KR -j RETURN
# iptables -A INPUT -m geoip ! --src-cc KR
# iptables -A INPUT -j LOG --log-prefix "NOT_KR_ACCESS_LOG:"
¸ð´ÏÅ͸µ
:: ÆÐŶī¿îÆ®¸¦ Zero ·Î ¸¸µé°í ¸ð´ÏÅ͸µ
# iptables -Z
# watch -d iptables -vnL INPUT
KR Á¢±ÙÀº RETURN 󸮵Ǹç ! KR Æ®·¡ÇÈÀº ·Î±ë
# tail -f /var/log/syslog
.................................
.................................
Mar 31 16:57:55 mojily-94426 kernel: [ 2742.426498] NOT_KR_LOG:IN=ens3 OUT= MAC=fa:16:3e:03:c1:2b:fa:16:3e:12:bc:74:08:00 SRC=121.58.195.167 DST=10.101.0.29 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=26262 DF PROTO=TCP SPT=51919 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 31 16:57:56 mojily-94426 kernel: [ 2743.190736] NOT_KR_LOG:IN=ens3 OUT= MAC=fa:16:3e:03:c1:2b:fa:16:3e:12:bc:74:08:00 SRC=121.58.195.167 DST=10.101.0.29 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=26345 DF PROTO=TCP SPT=51919 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 31 16:58:40 mojily-94426 kernel: [ 2787.467480] NOT_KR_LOG:IN=ens3 OUT= MAC=fa:16:3e:03:c1:2b:fa:16:3e:12:bc:74:08:00 SRC=103.45.161.101 DST=10.101.0.29 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6242 DPT=60001 WINDOW=16384 RES=0x00 SYN URGP=0
¿ÜºÎ¿¡¼ ¹«ÀÛÀ§·Î µé¾î¿À´Â Æ®·¡ÇÈÀº Ç×»ó Á¸ÀçÇϱ⿡ ºÒÇÊ¿äÇÑ Æ®·¡ÇÈÀº À¯ÀÇÇؼ ¼¹ö¿î¿µÀ» ÇϽñ⠹ٶø´Ï´Ù.
# apt install whois
# whois
103.45.161.101
Âü°í·Î ±¹°¡ÄÚµå´Â ¾Æ·¡ Âü°í
