아래 스크립트를 리눅스에서 실행하여 GeoIP DB를 만든다.
아래 스크립트를 OpenWRT에서 실행하여 GeoIP를 설치한다.
download_geoip_in_pc.sh
#!/bin/bash
######################################################################
#
# geolite2.license 준비 방법
#
# 1.https://www.maxmind.com/en/account/login 로그인 진행
#
# 2.좌측 Manage License Keys 선택
#
# 3."Generate new license key"을 클릭하여 라이선스 생성
#
# 4.라이선스가 생성되면 Account ID와 License key가 보여지는데 다시 볼 수 없으므로 반드시 캡쳐 또는 GeoIP.conf 다운로드
#
# 5. geolite2.license 내용 예제
# YOUR_LICENSE_KEY='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'
#
######################################################################
######################################################################
#
# iptables의 GeoIP 적용을 위한 국가별 DB 준비 작업
#
######################################################################
SCRIPT_NAME=`basename $0`
TIMESTAMP_STR1=`date "+%Y%m%d_%H%M%S"`
TIMESTAMP_STR2=`date "+%Y%m%d"`
TIMESTAMP_STR3=`date "+%Y-%m"`
CURRENT_DIR=`pwd -P`
# 버전은 변경하지 말것!
XTABLES_ADDONS_VER="2.15"
######################################################################
#
# Error Handling
#
######################################################################
error_exit()
{
clear
echo "${SCRIPT_NAME}: ${1:-\"Unknown Error\"}" 1>&2
exit 1
}
######################################################################
#
# 실행에 필요한 패키지 설치
#
######################################################################
apt_install() {
apt -y install libnetaddr-ip-perl
apt -y install libnet-cidr-lite-perl
apt -y install libtext-csv-xs-perl
apt -y install xtables-addons-common
apt -y install iptables-dev
apt -y install linux-headers-generic
}
######################################################################
#
# xtables-addons 다운로드
# https://codeberg.org/jengelh/xtables-addons
# https://inai.de/projects/xtables-addons/
#
######################################################################
download_xtables_addons() {
if [ -d xtables-addons-* ]
then
rm -rf xtables-addons-*
fi
if [ -f xtables-addons-${XTABLES_ADDONS_VER}.tar.xz ]
then
rm -f xtables-addons-${XTABLES_ADDONS_VER}.tar.xz
fi
wget --no-check-certificate "https://inai.de/files/xtables-addons/xtables-addons-${XTABLES_ADDONS_VER}.tar.xz" -O "xtables-addons-${XTABLES_ADDONS_VER}.tar.xz"
if [ ! -f xtables-addons-${XTABLES_ADDONS_VER}.tar.xz ]
then
error_exit
fi
tar -xJf xtables-addons-*.tar.xz
rm -f xtables-addons-*.tar.xz
}
######################################################################
#
# dbip-country-lite-YYYY-MM.csv.gz 다운로드
#
######################################################################
download_dbip_country_lite() {
rm -f dbip-country-lite-${TIMESTAMP_STR3}.csv.gz
wget --no-check-certificate "https://download.db-ip.com/free/dbip-country-lite-${TIMESTAMP_STR3}.csv.gz"
if [ ! -f dbip-country-lite-${TIMESTAMP_STR3}.csv.gz ]
then
error_exit
fi
gzip -d dbip-country-lite-${TIMESTAMP_STR3}.csv.gz
}
######################################################################
#
# 신DB > 구DB로 변환하기 위한 GeoLite2xtables 다운로드
#
######################################################################
download_geolite2xtables() {
if [ -d GeoLite2xtables ]
then
rm -rf GeoLite2xtables
fi
git clone "https://github.com/mschmitt/GeoLite2xtables.git"
if [ ! -d GeoLite2xtables ]
then
error_exit
fi
if [ ! -f geolite2.license ]
then
echo "geolite2.license not found."
error_exit
fi
cp -f geolite2.license GeoLite2xtables
}
######################################################################
#
# 신DB를 구DB로 변환하는 작업
# https://github.com/mschmitt/GeoLite2xtables
#
######################################################################
conv_geolite2xtables() {
if [ -d /usr/share/xt_geoip ]
then
rm -rf /usr/share/xt_geoip
fi
rm -f /tmp/GeoLite2-Country-Blocks-*
rm -f /tmp/CountryInfo.txt
mkdir -p /usr/share/xt_geoip/{BE,LE}
cd ${CURRENT_DIR}/GeoLite2xtables
echo "***********************00_download_geolite2"
./00_download_geolite2
sync
echo "***********************10_download_countryinfo"
./10_download_countryinfo
sync
echo "***********************20_convert_geolite2"
cat /tmp/GeoLite2-Country-Blocks-IPv{4,6}.csv | ./20_convert_geolite2 /tmp/CountryInfo.txt > /usr/share/xt_geoip/GeoIP-legacy.csv
sync
echo "***********************xt_geoip_build"
cd ${CURRENT_DIR}/xtables-addons-${XTABLES_ADDONS_VER}/geoip
./xt_geoip_build -D /usr/share/xt_geoip /usr/share/xt_geoip/GeoIP-legacy.csv
sync
echo "***********************tar -cvzf xt_geoip_all.tar.gz /usr/share/xt_geoip"
if [ -f /usr/share/xt_geoip/GeoIP-legacy.csv ]
then
rm -f /usr/share/xt_geoip/GeoIP-legacy.csv
fi
cd ${CURRENT_DIR}
rm -f xt_geoip_all.tar.gz
tar -czf xt_geoip_all.tar.gz /usr/share/xt_geoip
sync
cd ${CURRENT_DIR}
echo "***********************tar -cvzf xt_geoip_kr_only.tar.gz /tmp/xt_geoip_kr_only"
mkdir -p /tmp/xt_geoip_kr_only/usr/share/xt_geoip/BE
mkdir -p /tmp/xt_geoip_kr_only/usr/share/xt_geoip/LE
cp -f /usr/share/xt_geoip/BE/KR.iv4 /tmp/xt_geoip_kr_only/usr/share/xt_geoip/BE
cp -f /usr/share/xt_geoip/BE/KR.iv6 /tmp/xt_geoip_kr_only/usr/share/xt_geoip/BE
cp -f /usr/share/xt_geoip/LE/KR.iv4 /tmp/xt_geoip_kr_only/usr/share/xt_geoip/LE
cp -f /usr/share/xt_geoip/LE/KR.iv6 /tmp/xt_geoip_kr_only/usr/share/xt_geoip/LE
cd /tmp/xt_geoip_kr_only
tar -czf ${CURRENT_DIR}/xt_geoip_kr_only.tar.gz *
rm -rf /tmp/xt_geoip_kr_only
sync
cd ${CURRENT_DIR}
}
######################################################################
#
# 다운받은 파일들 삭제
#
######################################################################
clean_data() {
cd ${CURRENT_DIR}
if [ -d xtables-addons-* ]
then
rm -rf xtables-addons-*
fi
if [ -d GeoLite2xtables ]
then
rm -rf GeoLite2xtables
fi
rm -f /tmp/GeoLite2-Country-Blocks-*
rm -f /tmp/CountryInfo.txt
}
rm -f xt_geoip_all.tar.gz
rm -f xt_geoip_kr_only.tar.gz
clean_data
apt_install
#download_dbip_country_lite
download_xtables_addons
download_geolite2xtables
conv_geolite2xtables
clean_data
10_setup_geoip.sh
#!/bin/sh tar -C / -xvzf /tmp/xt_geoip_kr_only.tar.gz rm -f /tmp/xt_geoip_kr_only.tar.gz echo TEST echo iptables -A INPUT -m geoip --src-cc KR -j ACCEPT iptables -A INPUT -m geoip --src-cc KR -j ACCEPT echo iptables -A OUTPUT -p tcp --dport 80 -m string --algo bm --icase --string "test string" -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -m string --algo bm --icase --string "test string" -j ACCEPT rm -f /tmp/10_setup_geoip.sh