DenyIP
概述
DenyIP
是一个用于保护大陆服务器免受非本地业务访问的防火墙工具。
该工具能够高效地捕获网络数据包、提取源IP地址、进行地理位置判断,从而严格限制非大陆来源的访问。
构建项目
克隆项目仓库:
apt-get install ipset
apt-get install libcap-dev libpcap-dev libdbus-1-dev
git clone https://git.aixiao.me/aixiao/DenyIP-go.git
cd DenyIP-go
构建
编译项目:
# 动态构建
go build -o denyip
# 静态构建
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# bash build-static-bin.sh
++ pkg-config --libs --static libcap
+ libcap='-L/usr/lib64 -lcap '
++ pkg-config --libs --static libpcap
+ libpcap='-lpcap -ldbus-1 -pthread -lsystemd '
++ pkg-config --libs --static dbus-1
+ dbus='-ldbus-1 -pthread -lsystemd '
+ a=\'
+ eval 'CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -a -ldflags '\''-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd -ldbus-1 -pthread -lsystemd -L/usr/lib64 -lcap -lc"'\'''
++ CGO_ENABLED=1
++ GOOS=linux
++ GOARCH=amd64
++ go build -a -ldflags '-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd -ldbus-1 -pthread -lsystemd -L/usr/lib64 -lcap -lc"'
# denyip
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds':
(.text.get_group_creds+0x84): 警告:Using 'getgrgid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrgid_malloc':
(.text.getgrgid_malloc+0x80): 警告:Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds':
(.text.get_group_creds+0xe4): 警告:Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrnam_malloc':
(.text.getgrnam_malloc+0x7c): 警告:Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x1baa): 警告:Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /tmp/go-link-2318349626/000004.o: in function `_cgo_04fbb8f65a5f_C2func_getaddrinfo':
/tmp/go-build/cgo-gcc-prolog:60:(.text+0x33): 警告:Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoaddr':
(.text+0x9): 警告:Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametonetaddr':
(.text+0x111): 警告:Using 'getnetbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoproto':
(.text+0x471): 警告:Using 'getprotobyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds':
(.text.get_user_creds+0x1ba): 警告:Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x1a1d): 警告:Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds':
(.text.get_user_creds+0x9c): 警告:Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x19c4): 警告:Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go#
安装
root@NG-FROM:~# wget -O install.sh https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh
--2025-01-15 10:56:09-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1110 (1.1K) [text/plain]
Saving to: ‘install.sh’
install.sh 100%[=========================================================================>] 1.08K --.-KB/s in 0s
2025-01-15 10:56:10 (12.8 MB/s) - ‘install.sh’ saved [1110/1110]
root@NG-FROM:~# bash install.sh
+ init
+ DENYIP_HOME=/root/DenyIP-go
+ main
+ test -d /root/DenyIP-go
+ mkdir -p /root/DenyIP-go
+ mkdir -p /root/DenyIP-go/ip2region
+ test -f /root/DenyIp/ip2region/ip2region.xdb
+ wget -O /root/DenyIP-go/ip2region/ip2region.xdb https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb
--2025-01-15 10:56:17-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11070083 (11M) [application/octet-stream]
Saving to: ‘/root/DenyIP-go/ip2region/ip2region.xdb’
/root/DenyIP-go/ip2region/ip2region.xd 100%[=========================================================================>] 10.56M 6.30MB/s in 1.7s
2025-01-15 10:56:19 (6.30 MB/s) - ‘/root/DenyIP-go/ip2region/ip2region.xdb’ saved [11070083/11070083]
++ md5sum /root/DenyIP-go/ip2region/ip2region.xdb
++ cut -d ' ' -f 1
+ test 508c6b0257a02152b9d1b2b3792936e1 '!=' 508c6b0257a02152b9d1b2b3792936e1
+ echo 'ip2region.xdb md5 check success'
ip2region.xdb md5 check success
+ test -f /root/DenyIp/denyip
+ wget -O /root/DenyIP-go/denyip https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip
--2025-01-15 10:56:19-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12559416 (12M) [application/octet-stream]
Saving to: ‘/root/DenyIP-go/denyip’
/root/DenyIP-go/denyip 100%[=========================================================================>] 11.98M 5.28MB/s in 2.3s
2025-01-15 10:56:22 (5.28 MB/s) - ‘/root/DenyIP-go/denyip’ saved [12559416/12559416]
+ chmod +x /root/DenyIP-go/denyip
++ file /root/DenyIP-go/denyip
++ grep ELF
+ test -n '/root/DenyIP-go/denyip: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=abbdb4ab38005c7c40777ac749a81c24f82095ef, for GNU/Linux 3.2.0, with debug_info, not stripped'
+ echo 'denyip install success'
denyip install success
+ exit 0
root@NG-FROM:~#
命令行选项
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# ./denyip -h
Denyip firewall
Version 0.1
E-mail: aixiao@aixiao.me
Date: 20250102
Usage of ./denyip:
-child
子进程模式
-d 守护进程模式
-f string
指定 BPF 过滤器 (default "tcp")
-h
-help
帮助信息
-i string
指定要使用的网络接口
-l 列出可用的网络接口
-o string
保存捕获数据的输出文件(可选)
-s string
-s start 启动 Iptables 规则
-s stop 停止 Iptables 规则
-s list 打印 Iptables 规则
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go#
示例命令
-
启动守护进程:
./denyip -i eth0 -f tcp ./denyip -d -i eth0 -f "tcp"
-
启用Iptables规则:
./denyip -s start
-
禁用Iptables规则:
./denyip -s stop
-
查看帮助信息:
./denyip -h
-
关闭守护进程:
killall -15 denyip
贡献
欢迎贡献代码和提出改进建议!请通过 Pull Request 或 Issue 的方式提交。
联系信息
- 邮箱:aixiao@aixiao.me
- 日期:20250102
许可证
本项目遵循 GNU 许可证,详情参见 LICENSE 文件。
希望这个 README.md
文件能够帮助您更好地介绍和使用 DenyIP
项目。如果有任何其他需求或修改,请随时告知。
Description
Languages
Go
93.6%
Shell
6.4%