{"id":573,"date":"2022-12-03T11:35:14","date_gmt":"2022-12-03T11:35:14","guid":{"rendered":"https:\/\/blog.sasfly.net\/?p=573"},"modified":"2023-06-11T12:44:19","modified_gmt":"2023-06-11T12:44:19","slug":"hogyan-lehet-blokkolni-a-hozzaferest-geoip-alapjan-a-centos-7-rendszerben","status":"publish","type":"post","link":"https:\/\/blog.sasfly.net\/index.php\/2022\/12\/03\/hogyan-lehet-blokkolni-a-hozzaferest-geoip-alapjan-a-centos-7-rendszerben\/","title":{"rendered":"Hogyan lehet blokkolni a hozz\u00e1f\u00e9r\u00e9st GeoIP alapj\u00e1n a CentOS 7 rendszerben?"},"content":{"rendered":"

Hogyan lehet blokkolni a hozz\u00e1f\u00e9r\u00e9st <\/span>GeoIP<\/span> alapj\u00e1n a <\/span>CentOS<\/span> 7 rendszerben?<\/span><\/p>\n

Ebben az \u00fatmutat\u00f3ban CentOS 7-et haszn\u00e1ljuk 3.10-es kernellel \u00e9s xtables-addons 2.14-es verzi\u00f3val. Az xtables-addons leg\u00fajabb kiad\u00e1sa a cikk \u00edr\u00e1sa idej\u00e9n a 3.9-es verzi\u00f3 volt. A CentOS 7 rendszeren a kernel \u00e9s az iptables verzi\u00f3k azonban nem felelnek meg a legfrissebb verzi\u00f3 minim\u00e1lis k\u00f6vetelm\u00e9nyeinek, \u00edgy az xtables-addons 3.10-es kernelhez illeszked\u0151 verzi\u00f3ja a 2.x verzi\u00f3.<\/p>\n

1. Telep\u00edts\u00fck a f\u00fcgg\u0151s\u00e9geket<\/div>\n

yum<\/span><\/span> install<\/span><\/span> gcc<\/span><\/span> gcc<\/span><\/span>-c++ <\/span><\/span>iptables-devel<\/span><\/span> kernel-<\/span><\/span>devel<\/span><\/span> kernel-<\/span><\/span>devel<\/span><\/span>-`<\/span><\/span>uname<\/span><\/span> -r` <\/span><\/span>wget<\/span><\/span><\/p>\n

2. T\u00f6lts\u00fck le \u00e9s bontsuk ki az xtables-addonst<\/div>\n

cd \/<\/span><\/span>tmp<\/span><\/span>\/<\/span><\/span><\/p>\n

wget<\/span><\/span> -c https:\/\/sourceforge.net\/projects\/xtables-addons\/files\/Xtables-addons\/xtables-addons-2.14.tar.xz<\/span><\/span><\/p>\n

tar –<\/span><\/span>xvf<\/span><\/span> xtables-addons-2.14.tar.xz<\/span><\/span><\/p>\n

3. <\/span>Kapcsoljuk ki a <\/span><\/span>Tarpitot<\/span><\/span><\/div>\n

cd xtables-addons-2.14<\/span><\/span><\/p>\n

vi <\/span><\/span>extensions<\/span><\/span>\/<\/span><\/span>Kbuild<\/span><\/span><\/p>\n

Tegy\u00fcnk egy megjegyz\u00e9st az al\u00e1bbi sorba<\/span><\/span><\/p>\n

#obj-${build_<\/span><\/span>TARPIT} \u00a0 <\/span><\/span>\u00a0 += <\/span><\/span>xt_TARPIT.o<\/span><\/span><\/p>\n

Ha nem tesz\u00fcnk hozz\u00e1 megjegyz\u00e9st akkor az al\u00e1bbi hib\u00e1kat fogjuk l\u00e1tni<\/span><\/span><\/p>\n

In file <\/span><\/span>included<\/span><\/span> from<\/span><\/span>include<\/span><\/span>\/<\/span><\/span>uapi<\/span><\/span>\/<\/span><\/span>linux<\/span><\/span>\/netfilter_ipv6.h:11:0,<\/span><\/span><\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><\/span>from<\/span><\/span>include<\/span><\/span>\/<\/span><\/span>linux<\/span><\/span>\/netfilter_ipv6.h:10,<\/span><\/span><\/p>\n

\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 <\/span><\/span>from<\/span><\/span> \/<\/span><\/span>tmp<\/span><\/span>\/xtables-addons-2.14\/<\/span><\/span>extensions<\/span><\/span>\/xt_TARPIT.c:45:<\/span><\/span><\/p>\n

include<\/span><\/span>\/<\/span><\/span>linux<\/span><\/span>\/netfilter.h:250:1: <\/span><\/span>note<\/span><\/span>: <\/span><\/span>declared<\/span><\/span> here<\/span><\/span><\/p>\n

NF_<\/span><\/span>HOOK(<\/span><\/span>uint8_t <\/span><\/span>pf<\/span><\/span>, <\/span><\/span>unsigned<\/span><\/span> int <\/span><\/span>hook<\/span><\/span>, <\/span><\/span>struct<\/span><\/span> sock<\/span><\/span> *<\/span><\/span>sk<\/span><\/span>, <\/span><\/span>struct<\/span><\/span> sk_buff<\/span><\/span>*<\/span><\/span>skb<\/span><\/span>,<\/span><\/span><\/p>\n

^<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>4]: *** [\/<\/span><\/span>tmp<\/span><\/span>\/xtables-addons-2.14\/<\/span><\/span>extensions<\/span><\/span>\/<\/span><\/span>xt_TARPIT.o<\/span><\/span>] <\/span><\/span>Error<\/span><\/span> 1<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>3]: *** [_<\/span><\/span>module<\/span><\/span>_\/<\/span><\/span>tmp<\/span><\/span>\/xtables-addons-2.14\/<\/span><\/span>extensions<\/span><\/span>] <\/span><\/span>Error<\/span><\/span> 2<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>3]: <\/span><\/span>Leaving<\/span><\/span> directory<\/span><\/span>`\/<\/span><\/span>usr<\/span><\/span>\/<\/span><\/span>src<\/span><\/span>\/<\/span><\/span>kernels<\/span><\/span>\/3.10.0-1127.13.1.el7.x86_64′<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>2]: *** [<\/span><\/span>modules<\/span><\/span>] <\/span><\/span>Error<\/span><\/span> 2<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>2]: <\/span><\/span>Leaving<\/span><\/span> directory<\/span><\/span>`\/<\/span><\/span>tmp<\/span><\/span>\/xtables-addons-2.14\/<\/span><\/span>extensions<\/span><\/span>‘<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>1]: *** [<\/span><\/span>all-recursive<\/span><\/span>] <\/span><\/span>Error<\/span><\/span> 1<\/span><\/span><\/p>\n

make<\/span><\/span>[<\/span><\/span>1]: <\/span><\/span>Leaving<\/span><\/span> directory<\/span><\/span>`\/<\/span><\/span>tmp<\/span><\/span>\/xtables-addons-2.14′<\/span><\/span><\/p>\n

make<\/span><\/span>: *** [<\/span><\/span>all<\/span><\/span>] <\/span><\/span>Error<\/span><\/span> 2<\/span><\/span><\/p>\n

4. <\/span>Ford\u00edtsuk le \u00e9s telep\u00edts\u00fck az <\/span><\/span>xtables<\/span><\/span>–<\/span><\/span>addons<\/span><\/span>-t<\/span><\/span><\/div>\n

.\/<\/span><\/span>configure<\/span><\/span><\/p>\n

make<\/span><\/span><\/p>\n

make<\/span><\/span> install<\/span><\/span><\/p>\n

5. <\/span>Enged\u00e9lyez\u00fck az <\/span><\/span>xt_geoip<\/span><\/span> modu<\/span><\/span>lt<\/span><\/span><\/div>\n

modprobe<\/span><\/span> xt_geoip<\/span><\/span><\/p>\n

6. <\/span>Hozzuk l\u00e9tre a <\/span><\/span>GeoIP<\/span><\/span> k\u00f6nyvt\u00e1r<\/span><\/span>at<\/span><\/span><\/div>\n

mkdir<\/span><\/span> \/<\/span><\/span>usr<\/span><\/span>\/<\/span><\/span>share<\/span><\/span>\/<\/span><\/span>xt_geoip<\/span><\/span>\/<\/span><\/span><\/p>\n

7. <\/span>T\u00f6lts\u00fck le az <\/span><\/span>GeoIP<\/span><\/span>-adatb\u00e1zisok<\/span><\/span>at <\/span><\/span><\/div>\n

wget<\/span><\/span> -q https:\/\/legacy-geoip-csv.ufficyo.com\/Legacy-MaxMind-GeoIP-database.tar.gz -O – | tar –<\/span><\/span>xvzf<\/span><\/span> – -C \/<\/span><\/span>usr<\/span><\/span>\/<\/span><\/span>share<\/span><\/span>\/<\/span><\/span>xt_geoip<\/span><\/span><\/p>\n

8. <\/span>Hozzuk l\u00e9tre az <\/span><\/span>iptables<\/span><\/span> szab\u00e1lyok<\/span><\/span>at<\/span><\/span><\/div>\n

iptables<\/span><\/span> -A INPUT -s 127.0.0.0\/8 -j ACCEPT<\/span><\/span><\/p>\n

iptables<\/span><\/span> -A INPUT -s IP-OF-MY-ZIMBRA -j ACCEPT<\/span><\/span><\/p>\n

iptables<\/span><\/span> -A INPUT -m <\/span><\/span>geoip<\/span><\/span> !<\/span><\/span> —<\/span><\/span>src<\/span><\/span>-cc ID -p <\/span><\/span>tcp<\/span><\/span> -m multiport —<\/span><\/span>dport<\/span><\/span>80,110,143,443,465,587,993,995,7071 -j DROP<\/span><\/span><\/p>\n

Ha egy m\u00e1sik orsz\u00e1gk\u00f3dot is enged\u00e9lyezni szeretn<\/span><\/span>\u00e9nk<\/span><\/span>, haszn\u00e1lj<\/span><\/span>unk<\/span><\/span> vessz\u0151t. P\u00e9ld\u00e1ul<\/span><\/span>, ha<\/span><\/span> Szingap\u00far orsz\u00e1gk\u00f3dj\u00e1t is enged\u00e9lyezni szeretn\u00e9m<\/span><\/span>:<\/span><\/span><\/p>\n

iptables<\/span><\/span> -A INPUT -m <\/span><\/span>geoip<\/span><\/span> !<\/span><\/span> —<\/span><\/span>src<\/span><\/span>-cc ID,SG -p <\/span><\/span>tcp<\/span><\/span> -m multiport —<\/span><\/span>dport<\/span><\/span>80,110,143,443,465,587,993,995,7071 -j DROP<\/span><\/span><\/p>\n

9. <\/span>\u00c1lland\u00f3<\/span><\/span> IP t\u00e1bl\u00e1k<\/span><\/span><\/div>\n

Ahhoz, hogy <\/span><\/span>ind\u00edt\u00e1skor <\/span><\/span>az <\/span><\/span>IP t\u00e1bla <\/span><\/span>szab\u00e1lyok automatikusan bet\u00f6lt\u0151djenek <\/span><\/span>telep\u00edts\u00fck<\/span><\/span> az <\/span><\/span>iptables<\/span><\/span>–<\/span><\/span>services<\/span><\/span>-t.<\/span><\/span><\/p>\n

yum<\/span><\/span> install<\/span><\/span> iptables-services<\/span><\/span><\/p>\n

10. <\/span>Ment\u00e9s, automatikus ind\u00edt\u00e1s enged\u00e9lyez\u00e9se \u00e9s \u00fajraind\u00edt\u00e1s<\/span><\/span><\/div>\n

service <\/span><\/span>iptables<\/span><\/span> save<\/span><\/span><\/p>\n

systemctl<\/span><\/span> enable<\/span><\/span> iptables<\/span><\/span><\/p>\n

systemctl<\/span><\/span> restart <\/span><\/span>iptables<\/span><\/span><\/p>\n

11. <\/span>Adatb\u00e1zisok automatikus friss\u00edt\u00e9se<\/span><\/span><\/div>\n

K\u00e9sz\u00edts<\/span><\/span>\u00fcnk <\/span><\/span>crontab<\/span><\/span>-ot a <\/span><\/span>GeoIP<\/span><\/span> adatb\u00e1zisok esti friss\u00edt\u00e9s\u00e9hez<\/span><\/span><\/p>\n

30 23 * * * <\/span><\/span>wget<\/span><\/span> -q https:\/\/legacy-geoip-csv.ufficyo.com\/Legacy-MaxMind-GeoIP-database.tar.gz -O – | tar –<\/span><\/span>xvzf<\/span><\/span> – -C \/<\/span><\/span>usr<\/span><\/span>\/<\/span><\/span>share<\/span><\/span>\/<\/span><\/span>xt_geoip<\/span><\/span><\/p>\n

https:\/\/imanudin.net\/2020\/07\/06\/how-to-block-access-based-on-geoip-on-centos-7<\/span><\/span><\/a><\/p>\n

 <\/p>\n

Domain regisztr\u00e1ci\u00f3, t\u00e1rhely, wordpress alap\u00fa el\u0151re telep\u00edtett weboldal
\n10.000 Ft + \u00c1fa \/ \u00e9v.<\/strong>
\nLegyen most azonnal haszn\u00e1lhat\u00f3 weboldalad, vagy ak\u00e1r webshopod, saj\u00e1t levelez\u00e9sed.<\/strong>
\nVedd fel vel\u00fcnk a kapcsolatot:<\/strong><\/h4>\n