![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2024-08-15
目錄
- xt_geoip
- ufw 使用 xt_geoip
xt_geoip
xt_geoip module 是在 xtables-addons 內
apt install curl perl unzip
apt install xtables-addons-common
apt install libtext-csv-xs-perl libmoosex-types-netaddr-ip-perl
mkdir -p /usr/share/xt_geoip
cd /usr/share/xt_geoip
zcat dbip-country-lite.csv.gz > dbip-country-lite.csv
# converter to binary for xt_geoip
# xt_geoip_build 在 U22 的 xtables-addons-common 包內
/usr/libexec/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip *.csv
200704 entries ... 421888 entries 608627 entries total 92 IPv4 ranges for AD 53 IPv6 ranges for AD ...
modprobe xt_geoip
lsmod | grep xt_geoip
xt_geoip 16384 0
ufw 使用 xt_geoip
/etc/ufw/before.rules
... # Rustdesk -A ufw-before-input -p tcp --dport 21115:21117 -m geoip ! --src-cc HK,CN -j DROP -A ufw-before-input -p udp --dport 21116 -m geoip ! --src-cc HK,CN -j DROP COMMIT
/etc/default/ufw
IPT_MODULES="xt_geoip"
ufw reload
P.S.
# Rustdesk with log -A ufw-before-input -p tcp --dport 21115:21117 -m geoip ! --src-cc HK,CN -j LOG --log-prefix "[BLOCKED COUNTRIES] " -A ufw-before-input -p udp --dport 21116 -m geoip ! --src-cc HK,CN -j LOG --log-prefix "[BLOCKED COUNTRIES] " -A ufw-before-input -p tcp --dport 21115:21117 -m geoip ! --src-cc HK,CN -j DROP -A ufw-before-input -p udp --dport 21116 -m geoip ! --src-cc HK,CN -j DROP
