aixiao/DenyIP-go
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
DenyIP-go/README.md
aixiao 5a7511427f 稍微优化
2025-01-15 17:41:58 +08:00

215 lines
9.6 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# DenyIP
## 概述
`DenyIP` 是一个用于保护大陆服务器免受非本地业务访问的防火墙工具。
该工具能够高效地捕获网络数据包、提取源IP地址、进行地理位置判断从而严格限制非大陆来源的访问。
### 构建项目
克隆项目仓库:
```bash
apt-get install ipset
apt-get install libcap-dev libpcap-dev libdbus-1-dev
git clone https://git.aixiao.me/aixiao/DenyIP-go.git
cd DenyIP-go
```
### 构建
编译项目:
```bash
# 动态构建
go build -o denyip
# 静态构建
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# bash build-static-bin.sh
++ pkg-config --libs --static libcap
+ libcap='-L/usr/lib64 -lcap '
++ pkg-config --libs --static libpcap
+ libpcap='-lpcap -ldbus-1 -pthread -lsystemd '
++ pkg-config --libs --static dbus-1
+ dbus='-ldbus-1 -pthread -lsystemd '
+ a=\'
+ eval 'CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -a -ldflags '\''-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd -ldbus-1 -pthread -lsystemd -L/usr/lib64 -lcap -lc"'\'''
++ CGO_ENABLED=1
++ GOOS=linux
++ GOARCH=amd64
++ go build -a -ldflags '-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd -ldbus-1 -pthread -lsystemd -L/usr/lib64 -lcap -lc"'
# denyip
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds':
(.text.get_group_creds+0x84): 警告Using 'getgrgid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrgid_malloc':
(.text.getgrgid_malloc+0x80): 警告Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds':
(.text.get_group_creds+0xe4): 警告Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrnam_malloc':
(.text.getgrnam_malloc+0x7c): 警告Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x1baa): 警告Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /tmp/go-link-2318349626/000004.o: in function `_cgo_04fbb8f65a5f_C2func_getaddrinfo':
/tmp/go-build/cgo-gcc-prolog:60:(.text+0x33): 警告Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoaddr':
(.text+0x9): 警告Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametonetaddr':
(.text+0x111): 警告Using 'getnetbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoproto':
(.text+0x471): 警告Using 'getprotobyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds':
(.text.get_user_creds+0x1ba): 警告Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x1a1d): 警告Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds':
(.text.get_user_creds+0x9c): 警告Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x19c4): 警告Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go#
```
### 安装
```bash
root@NG-FROM:~# wget -O install.sh https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh
--2025-01-15 10:56:09-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1110 (1.1K) [text/plain]
Saving to: install.sh
install.sh 100%[=========================================================================>] 1.08K --.-KB/s in 0s
2025-01-15 10:56:10 (12.8 MB/s) - install.sh saved [1110/1110]
root@NG-FROM:~# bash install.sh
+ init
+ DENYIP_HOME=/root/DenyIP-go
+ main
+ test -d /root/DenyIP-go
+ mkdir -p /root/DenyIP-go
+ mkdir -p /root/DenyIP-go/ip2region
+ test -f /root/DenyIp/ip2region/ip2region.xdb
+ wget -O /root/DenyIP-go/ip2region/ip2region.xdb https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb
--2025-01-15 10:56:17-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11070083 (11M) [application/octet-stream]
Saving to: /root/DenyIP-go/ip2region/ip2region.xdb
/root/DenyIP-go/ip2region/ip2region.xd 100%[=========================================================================>] 10.56M 6.30MB/s in 1.7s
2025-01-15 10:56:19 (6.30 MB/s) - /root/DenyIP-go/ip2region/ip2region.xdb saved [11070083/11070083]
++ md5sum /root/DenyIP-go/ip2region/ip2region.xdb
++ cut -d ' ' -f 1
+ test 508c6b0257a02152b9d1b2b3792936e1 '!=' 508c6b0257a02152b9d1b2b3792936e1
+ echo 'ip2region.xdb md5 check success'
ip2region.xdb md5 check success
+ test -f /root/DenyIp/denyip
+ wget -O /root/DenyIP-go/denyip https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip
--2025-01-15 10:56:19-- https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12559416 (12M) [application/octet-stream]
Saving to: /root/DenyIP-go/denyip
/root/DenyIP-go/denyip 100%[=========================================================================>] 11.98M 5.28MB/s in 2.3s
2025-01-15 10:56:22 (5.28 MB/s) - /root/DenyIP-go/denyip saved [12559416/12559416]
+ chmod +x /root/DenyIP-go/denyip
++ file /root/DenyIP-go/denyip
++ grep ELF
+ test -n '/root/DenyIP-go/denyip: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=abbdb4ab38005c7c40777ac749a81c24f82095ef, for GNU/Linux 3.2.0, with debug_info, not stripped'
+ echo 'denyip install success'
denyip install success
+ exit 0
root@NG-FROM:~#
```
### 命令行选项
```bash
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# ./denyip -h
Denyip firewall
Version 0.1
E-mail: aixiao@aixiao.me
Date: 20250102
Usage of ./denyip:
-child
子进程模式
-d 守护进程模式
-f string
指定 BPF 过滤器 (default "tcp")
-h
-help
帮助信息
-i string
指定要使用的网络接口
-l 列出可用的网络接口
-o string
保存捕获数据的输出文件(可选)
-s string
-s start 启动 Iptables 规则
-s stop 停止 Iptables 规则
-s list 打印 Iptables 规则
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go#
```
### 示例命令
- **启动守护进程**
```bash
./denyip -i eth0 -f tcp
./denyip -d -i eth0 -f "tcp"
```
- **启用Iptables规则**
```bash
./denyip -s start
```
- **禁用Iptables规则**
```bash
./denyip -s stop
```
- **查看帮助信息**
```bash
./denyip -h
```
- **关闭守护进程**
```bash
killall -15 denyip
```
## 贡献
欢迎贡献代码和提出改进建议!请通过 Pull Request 或 Issue 的方式提交。
## 联系信息
- **邮箱**<aixiao@aixiao.me>
- **日期**20250102
## 许可证
本项目遵循 GNU 许可证,详情参见 [LICENSE](LICENSE) 文件。
---
希望这个 `README.md` 文件能够帮助您更好地介绍和使用 `DenyIP` 项目。如果有任何其他需求或修改,请随时告知。
Reference in New Issue View Git Blame Copy Permalink