# DenyIP ## 概述 `DenyIP` 是一个用于保护大陆服务器免受非本地业务访问的防火墙工具。 该工具能够高效地捕获网络数据包、提取源IP地址、进行地理位置判断,从而严格限制非大陆来源的访问。 ### 构建项目 克隆项目仓库: ```bash apt-get install ipset apt-get install libcap-dev libpcap-dev libdbus-1-dev git clone https://git.aixiao.me/aixiao/DenyIP-go.git cd DenyIP-go ``` ### 构建 编译项目: ```bash # 动态构建 go build -o denyip # 静态构建 root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# bash build-static-bin.sh ++ pkg-config --libs --static libcap + libcap='-L/usr/lib64 -lcap ' ++ pkg-config --libs --static libpcap + libpcap='-lpcap -ldbus-1 -pthread -lsystemd ' ++ pkg-config --libs --static dbus-1 + dbus='-ldbus-1 -pthread -lsystemd ' + a=\' + eval 'CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -a -ldflags '\''-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd -ldbus-1 -pthread -lsystemd -L/usr/lib64 -lcap -lc"'\''' ++ CGO_ENABLED=1 ++ GOOS=linux ++ GOARCH=amd64 ++ go build -a -ldflags '-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd -ldbus-1 -pthread -lsystemd -L/usr/lib64 -lcap -lc"' # denyip /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds': (.text.get_group_creds+0x84): 警告:Using 'getgrgid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrgid_malloc': (.text.getgrgid_malloc+0x80): 警告:Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds': (.text.get_group_creds+0xe4): 警告:Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrnam_malloc': (.text.getgrnam_malloc+0x7c): 警告:Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info': (.text+0x1baa): 警告:Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /tmp/go-link-2318349626/000004.o: in function `_cgo_04fbb8f65a5f_C2func_getaddrinfo': /tmp/go-build/cgo-gcc-prolog:60:(.text+0x33): 警告:Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoaddr': (.text+0x9): 警告:Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametonetaddr': (.text+0x111): 警告:Using 'getnetbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoproto': (.text+0x471): 警告:Using 'getprotobyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds': (.text.get_user_creds+0x1ba): 警告:Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info': (.text+0x1a1d): 警告:Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds': (.text.get_user_creds+0x9c): 警告:Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking /usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info': (.text+0x19c4): 警告:Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# ``` ### 安装 ```bash root@NG-FROM:~# wget -O install.sh https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh --2025-01-15 10:56:09-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93 Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1110 (1.1K) [text/plain] Saving to: ‘install.sh’ install.sh 100%[=========================================================================>] 1.08K --.-KB/s in 0s 2025-01-15 10:56:10 (12.8 MB/s) - ‘install.sh’ saved [1110/1110] root@NG-FROM:~# bash install.sh + init + DENYIP_HOME=/root/DenyIP-go + main + test -d /root/DenyIP-go + mkdir -p /root/DenyIP-go + mkdir -p /root/DenyIP-go/ip2region + test -f /root/DenyIp/ip2region/ip2region.xdb + wget -O /root/DenyIP-go/ip2region/ip2region.xdb https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb --2025-01-15 10:56:17-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93 Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 11070083 (11M) [application/octet-stream] Saving to: ‘/root/DenyIP-go/ip2region/ip2region.xdb’ /root/DenyIP-go/ip2region/ip2region.xd 100%[=========================================================================>] 10.56M 6.30MB/s in 1.7s 2025-01-15 10:56:19 (6.30 MB/s) - ‘/root/DenyIP-go/ip2region/ip2region.xdb’ saved [11070083/11070083] ++ md5sum /root/DenyIP-go/ip2region/ip2region.xdb ++ cut -d ' ' -f 1 + test 508c6b0257a02152b9d1b2b3792936e1 '!=' 508c6b0257a02152b9d1b2b3792936e1 + echo 'ip2region.xdb md5 check success' ip2region.xdb md5 check success + test -f /root/DenyIp/denyip + wget -O /root/DenyIP-go/denyip https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip --2025-01-15 10:56:19-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93 Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 12559416 (12M) [application/octet-stream] Saving to: ‘/root/DenyIP-go/denyip’ /root/DenyIP-go/denyip 100%[=========================================================================>] 11.98M 5.28MB/s in 2.3s 2025-01-15 10:56:22 (5.28 MB/s) - ‘/root/DenyIP-go/denyip’ saved [12559416/12559416] + chmod +x /root/DenyIP-go/denyip ++ file /root/DenyIP-go/denyip ++ grep ELF + test -n '/root/DenyIP-go/denyip: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=abbdb4ab38005c7c40777ac749a81c24f82095ef, for GNU/Linux 3.2.0, with debug_info, not stripped' + echo 'denyip install success' denyip install success + exit 0 root@NG-FROM:~# ``` ### 命令行选项 ```bash root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# ./denyip -h Denyip firewall Version 0.1 E-mail: aixiao@aixiao.me Date: 20250102 Usage of ./denyip: -child 子进程模式 -d 守护进程模式 -f string 指定 BPF 过滤器 (default "tcp") -h -help 帮助信息 -i string 指定要使用的网络接口 -l 列出可用的网络接口 -o string 保存捕获数据的输出文件(可选) -s string -s start 启动 Iptables 规则 -s stop 停止 Iptables 规则 -s list 打印 Iptables 规则 root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# ``` ### 示例命令 - **启动守护进程**: ```bash ./denyip -i eth0 -f tcp ./denyip -d -i eth0 -f "tcp" ``` - **启用Iptables规则**: ```bash ./denyip -s start ``` - **禁用Iptables规则**: ```bash ./denyip -s stop ``` - **查看帮助信息**: ```bash ./denyip -h ``` - **关闭守护进程**: ```bash killall -15 denyip ``` ## 贡献 欢迎贡献代码和提出改进建议!请通过 Pull Request 或 Issue 的方式提交。 ## 联系信息 - **邮箱**: - **日期**:20250102 ## 许可证 本项目遵循 GNU 许可证,详情参见 [LICENSE](LICENSE) 文件。 --- 希望这个 `README.md` 文件能够帮助您更好地介绍和使用 `DenyIP` 项目。如果有任何其他需求或修改,请随时告知。