firewalld + geoip with CentOS7

geoip 는 간단하게 yum 설치만으로 연동할수 있을줄 알았는데 잘 안되네

참고 원문 사이트 (시골청년의 엔지니어이야기)

https://xinet.kr/?p=2132

사전 필요 패키지 설치?

yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel openssh-clients perl-CPAN irqbalance ntsysv vim pci*  ncurses* ipvsadm bridge-utils wget  libmnl* perl-NetAddr-IP perl-Text-CSV_XS

xtables-addon 다운로드 및 설치

https://sourceforge.net/projects/xtables-addons/

설치 (/usr/local/src/xtables-addons-2.14)

/usr/local/src/xtables-addons-2.14/mconfig (geoip 만 설치)
# -*- Makefile -*-
#
build_geoip=m

./configure && make && make install

geoip --> geoip2 로 변경된것에 따른 다운로드 필요

https://github.com/mschmitt/GeoLite2xtables

geolist2xtables 실행 (/usr/local/src/GeoLite2xtables-master)

cpan -i NetAddr::IP
./00_download_geolite2
./10_download_countryinfo
mkdir -p /usr/share/xt_geoip
cat /tmp/GeoLite2-Country-Blocks-IPv{4,6}.csv | ./20_convert_geolite2 /tmp/CountryInfo.txt > /usr/share/xt_geoip/GeoIP-legacy.csv

/usr/local/src/xtables-addons-2.14 다시 설치 (/usr/local/src/xtables-addons-2.14/geoip)

./xt_geoip_build -D /usr/share/xt_geoip /usr/share/xt_geoip/GeoIP-legacy.csv

firewalld 설정해보기

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -m geoip ! --src-cc KR -j DROP
firewall-cmd --reload

둘다 success 뜨면 설치 잘 된것