用 iptables 擋特定國家區域連線
這邊都說明的非常仔細了!照做
https://blog.gslin.org/archives/2021/10/16/10377/用-iptables-擋特定國家的封包/
https://ultramookie.com/2020/10/geoip-blocking-ubuntu-20.04/
安裝
sudo apt-get update; sudo apt-get -y upgrade
sudo apt-get install curl unzip perl
sudo apt-get install xtables-addons-common
sudo apt-get install libtext-csv-xs-perl libmoosex-types-netaddr-ip-perl
更新我有小改:
#!/bin/bash
MON=$(date +"%m")
YR=$(date +"%Y")
wget https://download.db-ip.com/free/dbip-country-lite-${YR}-${MON}.csv.gz -O /usr/share/xt_geoip/dbip-country-lite.csv.gz
gunzip /usr/share/xt_geoip/dbip-country-lite.csv.gz
/usr/libexec/xtables-addons/xt_geoip_build -D /usr/share/xt_geoip/ -i /usr/share/xt_geoip/dbip-country-lite.csv
rm /usr/share/xt_geoip/dbip-country-lite.csv
最後就是放 crontab
11 3 1 * * /usr/local/bin/geo-update.sh
iptables 看要怎麼玩:
# DROP ALL FROM special country
iptables -A INPUT -m geoip -p tcp --src-cc RU,CN -j DROP
# allow 443 from TW
iptables -A INPUT -m geoip -p tcp --dport 443 --src-cc TW -j ACCEPT
完!