CentOS7 에서 iptables GeoIP 모듈 적용하기

maxmind 회원가입 후 라이선스 키 발급

• https://www.maxmind.com/en/geolite2/signup
• 생성 시 만 볼수 있으므로 관리 유의

 

필수 패키지 설치

> yum install gcc gcc-c++ make automake unzip zip kernel-devel-`uname -r` iptables-devel perl-CPAN wget libmnl* perl-NetAddr-IP perl-Text-CSV_XS git

 

 

xtables-addons 다운로드

> wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/xtables-addons-2.13.tar.xz 
> tar xvf xtables-addons-2.13.tar.xz

 

xtables-addons 설치

> cd xtables-addons-2.13
> cat mconfig 
# -*- Makefile -*-
#
build_ACCOUNT=m
build_CHAOS=m
build_DELUDE=m
build_DHCPMAC=m
build_DNETMAP=m
build_ECHO=m
build_IPMARK=m
build_LOGMARK=m
build_SYSRQ=m
#build_TARPIT=m   # << 주석처리
build_condition=m
build_fuzzy=m
build_geoip=m
build_gradm=m
build_iface=m
build_ipp2p=m
build_ipv4options=m
build_length2=m
build_lscan=m
build_pknock=m
build_psd=m
build_quota2=m

> ./configure
> make
> make install

 

GeoLite2xtables 라이브러리 다운로드

> git clone https://github.com/mschmitt/GeoLite2xtables
> cd GeoLite2xtables/
> mv geolite2.license.example geolite2.license

# 발급받은 키로 수정
> cat geolite2.license
YOUR_LICENSE_KEY='*********'

 

 

GeoIP 데이터베이스 다운로드 및 CSV 변환

[root@geoip GeoLite2xtables]# ./00_download_geolite2 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 3171k  100 3171k    0     0  3858k      0 --:--:-- --:--:-- --:--:-- 3858k
Archive:  /tmp/tmp.u4Sm044nxa
  inflating: /tmp/GeoLite2-Country-Blocks-IPv4.csv  
  inflating: /tmp/GeoLite2-Country-Blocks-IPv6.csv  
  
# CountryInfo.txt download
[root@geoip GeoLite2xtables]# ./10_download_countryinfo 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 31961  100 31961    0     0  37482      0 --:--:-- --:--:-- --:--:-- 37468


[root@geoip GeoLite2xtables]# ll /tmp
total 33384
-rw-r--r-- 1 root root    31961 Dec  7 12:01 CountryInfo.txt
-rw-r--r-- 1 root root 13174738 Nov 30 19:29 GeoLite2-Country-Blocks-IPv4.csv
-rw-r--r-- 1 root root 20968434 Nov 30 19:30 GeoLite2-Country-Blocks-IPv6.csv

# 폴더 생성
[root@geoip GeoLite2xtables]# mkdir /usr/share/xt_geoip

# 아래와 같은 에러 메세지가 나오면
[root@geoip GeoLite2xtables]# cat /tmp/GeoLite2-Country-Blocks-IPv{4,6}.csv |./20_convert_geolite2 /tmp/CountryInfo.txt > /usr/share/xt_geoip/GeoIP-legacy.csv
Can't locate auto/NetAddr/IP/canon.al in @INC (@INC contains:
	/usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./20_convert_geolite2 line 63 (#1)
Uncaught exception from user code:
	Can't locate auto/NetAddr/IP/canon.al in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at ./20_convert_geolite2 line 63.
	AutoLoader::AUTOLOAD('NetAddr::IP=HASH(0x9449b88)') called at ./20_convert_geolite2 line 63

# 하기 내용 실행
> perl -MCPAN -e shell
install NetAddr::IP
install Getopt::Long
quit

# 다시 실행
[root@geoip GeoLite2xtables]# cat /tmp/GeoLite2-Country-Blocks-IPv{4,6}.csv |./20_convert_geolite2 /tmp/CountryInfo.txt > /usr/share/xt_geoip/GeoIP-legacy.csv

 

geoip 모듈 csv 파일 적용

 

> xtables-addons-2.13/geoip/xt_geoip_build -D /usr/share/xt_geoip/ /usr/share/xt_geoip/GeoIP-legacy.csv

 

GeoIP 데이터 베이스 확인

> ls -al /usr/share/xt_geoip/
total 103780
drwxr-xr-x 2 root root     12288 Dec  7 12:07 BE
-rw-r--r-- 1 root root 106237353 Dec  7 12:06 GeoIP-legacy.csv
drwxr-xr-x 2 root root     12288 Dec  7 12:07 LE