aixiao/DenyIP-go

Fork 0

Go to file

aixiao c77429425c 修复错误

2025-01-15 15:42:38 +08:00

ip2region

init

2025-01-02 17:27:37 +08:00

.gitignore

optimize

2025-01-02 18:03:26 +08:00

build-static-bin.sh

支持Debian静态构建

2025-01-14 18:05:01 +08:00

cap.go

优化主进程子进程获取参数

2025-01-06 12:06:38 +08:00

curl.go

新增保存Json数据到文件

2025-01-07 18:04:13 +08:00

denyip

修复错误

2025-01-15 15:42:38 +08:00

go.mod

optimize

2025-01-02 18:03:26 +08:00

go.sum

init

2025-01-02 17:27:37 +08:00

install.sh

修复错误

2025-01-15 15:42:38 +08:00

ip2region.go

增加查看iptales规则功能参数 -s l 或者 -s list，规范变量命名。

2025-01-07 17:43:16 +08:00

ipset.go

优化核心逻辑

2025-01-08 16:01:08 +08:00

main.go

修复错误

2025-01-15 15:42:38 +08:00

README.md

修改文档

2025-01-15 10:57:18 +08:00

README.md

DenyIP

概述

DenyIP 是一个用于保护大陆服务器免受非本地业务访问的防火墙工具。
该工具能够高效地捕获网络数据包、提取源IP地址、进行地理位置判断，从而严格限制非大陆来源的访问。

构建项目

克隆项目仓库：

apt-get install ipset 
apt-get install libcap-dev libpcap-dev libdbus-1-dev

git clone https://git.aixiao.me/aixiao/DenyIP-go.git
cd DenyIP-go

构建

编译项目：

# 动态构建
go build -o denyip

# 静态构建
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# bash build-static-bin.sh
++ pkg-config --libs --static libcap
+ libcap='-L/usr/lib64 -lcap '
++ pkg-config --libs --static libpcap
+ libpcap='-lpcap -ldbus-1 -pthread -lsystemd '
++ pkg-config --libs --static dbus-1
+ dbus='-ldbus-1 -pthread -lsystemd '
+ a=\'
+ eval 'CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -a -ldflags '\''-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd  -ldbus-1 -pthread -lsystemd  -L/usr/lib64 -lcap  -lc"'\'''
++ CGO_ENABLED=1
++ GOOS=linux
++ GOARCH=amd64
++ go build -a -ldflags '-extldflags "-static -lpcap -ldbus-1 -pthread -lsystemd  -ldbus-1 -pthread -lsystemd  -L/usr/lib64 -lcap  -lc"'
# denyip
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds':
(.text.get_group_creds+0x84): 警告：Using 'getgrgid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrgid_malloc':
(.text.getgrgid_malloc+0x80): 警告：Using 'getgrgid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_group_creds':
(.text.get_group_creds+0xe4): 警告：Using 'getgrnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `getgrnam_malloc':
(.text.getgrnam_malloc+0x7c): 警告：Using 'getgrnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x1baa): 警告：Using 'getgrouplist' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /tmp/go-link-2318349626/000004.o: in function `_cgo_04fbb8f65a5f_C2func_getaddrinfo':
/tmp/go-build/cgo-gcc-prolog:60:(.text+0x33): 警告：Using 'getaddrinfo' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoaddr':
(.text+0x9): 警告：Using 'gethostbyname' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametonetaddr':
(.text+0x111): 警告：Using 'getnetbyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libpcap.a(nametoaddr.o): in function `pcap_nametoproto':
(.text+0x471): 警告：Using 'getprotobyname_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds':
(.text.get_user_creds+0x1ba): 警告：Using 'getpwnam' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x1a1d): 警告：Using 'getpwnam_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libsystemd.a(src_basic_user-util.c.o): in function `get_user_creds':
(.text.get_user_creds+0x9c): 警告：Using 'getpwuid' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/14/../../../x86_64-linux-gnu/libdbus-1.a(dbus-sysdeps-unix.c.o): in function `fill_user_info':
(.text+0x19c4): 警告：Using 'getpwuid_r' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking
root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go#

安装

root@NG-FROM:~# wget https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh
--2025-01-15 10:56:09--  https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/install.sh
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1110 (1.1K) [text/plain]
Saving to: ‘install.sh’

install.sh                             100%[=========================================================================>]   1.08K  --.-KB/s    in 0s      

2025-01-15 10:56:10 (12.8 MB/s) - ‘install.sh’ saved [1110/1110]

root@NG-FROM:~# bash install.sh 
+ init
+ DENYIP_HOME=/root/DenyIP-go
+ main
+ test -d /root/DenyIP-go
+ mkdir -p /root/DenyIP-go
+ mkdir -p /root/DenyIP-go/ip2region
+ test -f /root/DenyIp/ip2region/ip2region.xdb
+ wget -O /root/DenyIP-go/ip2region/ip2region.xdb https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb
--2025-01-15 10:56:17--  https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/ip2region/ip2region.xdb
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11070083 (11M) [application/octet-stream]
Saving to: ‘/root/DenyIP-go/ip2region/ip2region.xdb’

/root/DenyIP-go/ip2region/ip2region.xd 100%[=========================================================================>]  10.56M  6.30MB/s    in 1.7s    

2025-01-15 10:56:19 (6.30 MB/s) - ‘/root/DenyIP-go/ip2region/ip2region.xdb’ saved [11070083/11070083]

++ md5sum /root/DenyIP-go/ip2region/ip2region.xdb
++ cut -d ' ' -f 1
+ test 508c6b0257a02152b9d1b2b3792936e1 '!=' 508c6b0257a02152b9d1b2b3792936e1
+ echo 'ip2region.xdb md5 check success'
ip2region.xdb md5 check success
+ test -f /root/DenyIp/denyip
+ wget -O /root/DenyIP-go/denyip https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip
--2025-01-15 10:56:19--  https://git.aixiao.me/aixiao/DenyIP-go/raw/branch/main/denyip
Resolving git.aixiao.me (git.aixiao.me)... 47.240.75.93
Connecting to git.aixiao.me (git.aixiao.me)|47.240.75.93|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12559416 (12M) [application/octet-stream]
Saving to: ‘/root/DenyIP-go/denyip’

/root/DenyIP-go/denyip                 100%[=========================================================================>]  11.98M  5.28MB/s    in 2.3s    

2025-01-15 10:56:22 (5.28 MB/s) - ‘/root/DenyIP-go/denyip’ saved [12559416/12559416]

+ chmod +x /root/DenyIP-go/denyip
++ file /root/DenyIP-go/denyip
++ grep ELF
+ test -n '/root/DenyIP-go/denyip: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=abbdb4ab38005c7c40777ac749a81c24f82095ef, for GNU/Linux 3.2.0, with debug_info, not stripped'
+ echo 'denyip install success'
denyip install success
+ exit 0
root@NG-FROM:~#

命令行选项

root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go# ./denyip -h
                Denyip firewall
        Version 0.1
        E-mail: aixiao@aixiao.me
        Date: 20250102
Usage of ./denyip:
  -child
        子进程模式
  -d    守护进程模式
  -f string
        指定 BPF 过滤器 (default "tcp")
  -h
  -help
        帮助信息
  -i string
        指定要使用的网络接口
  -l    列出可用的网络接口
  -o string
        保存捕获数据的输出文件（可选）
  -s string
        -s start 启动 Iptables 规则
        -s stop  停止 Iptables 规则
        -s list  打印 Iptables 规则

root@NIUYULING:/mnt/c/Users/root/Desktop/git.aixiao.me/DenyIP-go#

示例命令

启动守护进程：

./denyip -i eth0 -f tcp
./denyip -d -i eth0 -f "tcp"

启用Iptables规则：
```
./denyip -s start
```
禁用Iptables规则：
```
./denyip -s stop
```
查看帮助信息：
```
./denyip -h
```
关闭守护进程：
```
killall -15 denyip
```

贡献

欢迎贡献代码和提出改进建议！请通过 Pull Request 或 Issue 的方式提交。

联系信息

邮箱：aixiao@aixiao.me
日期：20250102

许可证

本项目遵循 GNU 许可证，详情参见 LICENSE 文件。

希望这个 README.md 文件能够帮助您更好地介绍和使用 DenyIP 项目。如果有任何其他需求或修改，请随时告知。

README.md Unescape Escape

DenyIP

概述

构建项目

构建

安装

命令行选项

示例命令

贡献

联系信息

许可证

README.md