iptables\u3092\u7528\u3044\u305f\u56fd\u5225\u30d6\u30ed\u30c3\u30af\u306f\u3001\u5927\u91cf\u306eIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u52b9\u7387\u7684\u306b\u7ba1\u7406\u3059\u308b\u305f\u3081\u3001ipset\u3068\u7d44\u307f\u5408\u308f\u305b\u3066\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u56fd\u5225\u306eIP\u30ea\u30b9\u30c8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001\u305d\u306e\u30ea\u30b9\u30c8\uff08\u30bb\u30c3\u30c8\uff09\u3092\u5bfe\u8c61\u306bDROP\u30eb\u30fc\u30eb\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u7279\u5b9a\u306e\u56fd\u304b\u3089\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u8efd\u91cf\u304b\u3064\u8fc5\u901f\u306b\u906e\u65ad\u3067\u304d\u307e\u3059<\/p>\n\n\n\n
\u8a2d\u5b9a\u624b\u9806\u306e\u6982\u8981:<\/p>\n\n\n\n
\uff11\u3000ipset\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb:
yum install ipset (RHEL\/CentOS)\u3002<\/p>\n\n\n\n
\uff12\u3000IP\u30ea\u30b9\u30c8\u306e\u53d6\u5f97: GeoIP\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\uff08\u4f8b: IP2Location\uff09\u304b\u3089\u5bfe\u8c61\u56fd\u306e\u30ea\u30b9\u30c8\u3092\u5165\u624b\u3002<\/p>\n\n\n\n
\uff13\u3000ipset\u30bb\u30c3\u30c8\u306e\u4f5c\u6210\u3068\u30ea\u30b9\u30c8\u306e\u8aad\u307f\u8fbc\u307f:
ipset create country_block hash:net \u3068 ipset add country_block
\u3067\u4f5c\u6210\u30fb\u8ffd\u52a0\u3002<\/p>\n\n\n\n
\uff14\u3000iptables\u3078\u306e\u9069\u7528:
iptables -I INPUT -m set –match-set country_block src -j DROP<\/p>\n\n\n\n
iptables\u3092\u4f7f\u7528\u3057\u3066\u7279\u5b9a\u306e\u56fd\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u30d6\u30ed\u30c3\u30af\u3001\u3042\u308b\u3044\u306f\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\u3059\u308b\u5834\u5408\u3001\u300cipset\u300d\u3068\u7d44\u307f\u5408\u308f\u305b\u3066\u69cb\u7bc9\u3059\u308b\u306e\u304c\u4e00\u822c\u7684\u3067\u52b9\u7387\u7684\u3067\u3059<\/p>\n\n\n\n
iptables\u5358\u4f53\u3067\u6570\u5343?\u6570\u4e07\u4ef6\u306eIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u767b\u9332\u3059\u308b\u3068\u3001\u30d1\u30b1\u30c3\u30c8\u51e6\u7406\u306e\u8ca0\u8377\u304c\u975e\u5e38\u306b\u9ad8\u304f\u306a\u308a\u307e\u3059\u304c\u3001ipset\u3092\u4f7f\u3048\u3070\u30e1\u30e2\u30ea\u4e0a\u3067\u9ad8\u901f\u306b\u7167\u5408\u3067\u304d\u307e\u3059\u3002<\/p>\n\n\n\n
\u5b9f\u88c5\u306e\u4e3b\u306a\u6d41\u308c
\u30c4\u30fc\u30eb\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb: ipset \u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u307e\u3059
\u3002
\u56fd\u5225IP\u30ea\u30b9\u30c8\u306e\u53d6\u5f97: APNIC \u306a\u3069\u306e\u30ec\u30b8\u30b9\u30c8\u30ea\u304c\u516c\u958b\u3057\u3066\u3044\u308b\u6700\u65b0\u306eIP\u5272\u308a\u5f53\u3066\u30ea\u30b9\u30c8\uff08CIDR\u5f62\u5f0f\uff09\u3092\u53d6\u5f97\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
ipset\u3078\u306e\u767b\u9332: \u53d6\u5f97\u3057\u305fIP\u30ea\u30b9\u30c8\uff08\u4f8b: \u65e5\u672c\u56fd\u5185\u306eIP\u30a2\u30c9\u30ec\u30b9\uff09\u3092ipset\u306e\u30ea\u30b9\u30c8\u306b\u4e00\u62ec\u767b\u9332\u3057\u307e\u3059\u3002<\/p>\n\n\n\n
iptables\u30eb\u30fc\u30eb\u306e\u9069\u7528: ipset\u306e\u30ea\u30b9\u30c8\u3092\u53c2\u7167\u3057\u3066\u3001\u300c\u8a31\u53ef\u300d\u307e\u305f\u306f\u300c\u62d2\u5426\u300d\u3059\u308b\u30eb\u30fc\u30eb\u3092\u8ffd\u52a0\u3057\u307e\u3059<\/p>\n\n\n\n
\u5177\u4f53\u7684\u306a\u624b\u6cd5\u306e\u4f8b<\/p>\n\n\n\n
\u65e5\u672c\u56fd\u5185IP\u306e\u307f\u3092\u8a31\u53ef\u3059\u308b\u5834\u5408<\/p>\n\n\n\n
\u300c\u65e5\u672c\u4ee5\u5916\u306e\u3059\u3079\u3066\u306e\u56fd\u3092\u62d2\u5426\u300d\u3059\u308b\u3088\u308a\u3082\u3001\u300c\u65e5\u672c\u306eIP\u30ea\u30b9\u30c8\u3092\u4f5c\u6210\u3057\u3001\u305d\u308c\u4ee5\u5916\u3092DROP\uff08\u7834\u68c4\uff09\u3059\u308b\u300d\u30db\u30ef\u30a4\u30c8\u30ea\u30b9\u30c8\u65b9\u5f0f\u304c\u904b\u7528\u4e0a\u5b89\u5168\u3067\u3059\u3002<\/p>\n\n\n\n
\u7279\u5b9a\u306e\u56fd\uff08\u4e2d\u56fd\u3001\u30ed\u30b7\u30a2\u306a\u3069\uff09\u3092\u30d6\u30ed\u30c3\u30af\u3059\u308b\u5834\u5408
\u653b\u6483\u5143\u3068\u3057\u3066\u591a\u3044\u3068\u3055\u308c\u308b\u7279\u5b9a\u306e\u56fd\u3092\u30ea\u30b9\u30c8\u5316\u3057\u3001iptables\u3067 DROP \u6307\u5b9a\u3092\u884c\u3044\u307e\u3059\u3002<\/p>\n\n\n\n
\u63a8\u5968\u3055\u308c\u308b\u30ea\u30bd\u30fc\u30b9
\u6700\u65b0\u306eIP\u30ea\u30b9\u30c8\u3084\u3001\u8a2d\u5b9a\u3092\u81ea\u52d5\u5316\u3059\u308b\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u3092\u63d0\u4f9b\u3057\u3066\u3044\u308b\u30b5\u30a4\u30c8\u304c\u5f79\u7acb\u3061\u307e\u3059\u3002
ipv4.fetus.jp: iptables\u7528\u306e\u5f62\u5f0f\u3067\u56fd\u5225IP\u30ea\u30b9\u30c8\u3092\u914d\u5e03\u3057\u3066\u304a\u308a\u3001\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u306e\u81ea\u52d5\u66f4\u65b0\u306b\u5411\u3044\u3066\u3044\u307e\u3059\u3002
APNIC \u691c\u7d22\u30b5\u30a4\u30c8: \u7279\u5b9a\u306eIP\u304c\u3069\u306e\u56fd\u306b\u5c5e\u3057\u3066\u3044\u308b\u304b\u3092\u78ba\u8a8d\u3059\u308b\u969b\u306e\u516c\u5f0f\u306a\u60c5\u5831\u6e90\u3067\u3059<\/p>\n\n\n\n
\u6ce8\u610f\u70b9
\u5b9a\u671f\u7684\u306a\u66f4\u65b0: IP\u30a2\u30c9\u30ec\u30b9\u306e\u5272\u308a\u5f53\u3066\u306f\u983b\u7e41\u306b\u5909\u308f\u308b\u305f\u3081\u3001cron \u306a\u3069\u3092\u4f7f\u7528\u3057\u3066\u90311\u56de\u7a0b\u5ea6\u306f\u30ea\u30b9\u30c8\u3092\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002
\u8a2d\u5b9a\u306e\u6c38\u7d9a\u5316: iptables \u3084 ipset \u306f\u518d\u8d77\u52d5\u3059\u308b\u3068\u30ea\u30bb\u30c3\u30c8\u3055\u308c\u308b\u305f\u3081\u3001iptables-persistent \u306a\u3069\u306e\u30c4\u30fc\u30eb\u3084\u30b9\u30af\u30ea\u30d7\u30c8\u3067\u8a2d\u5b9a\u3092\u4fdd\u5b58\u3057\u3066\u304f\u3060\u3055\u3044<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
iptables\u3092\u7528\u3044\u305f\u56fd\u5225\u30d6\u30ed\u30c3\u30af\u306f\u3001\u5927\u91cf\u306eIP\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3092\u52b9\u7387\u7684\u306b\u7ba1\u7406\u3059\u308b\u305f\u3081\u3001ipset\u3068\u7d44\u307f\u5408\u308f\u305b\u3066\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u56fd\u5225\u306eIP\u30ea\u30b9\u30c8\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3001\u305d\u306e\u30ea\u30b9\u30c8\uff08\u30bb\u30c3\u30c8\uff09\u3092\u5bfe\u8c61\u306bDROP\u30eb\u30fc\u30eb\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u3067\u3001\u7279\u5b9a […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":285,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-377","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/377","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=377"}],"version-history":[{"count":2,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/377\/revisions"}],"predecessor-version":[{"id":379,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/377\/revisions\/379"}],"up":[{"embeddable":true,"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=\/wp\/v2\/pages\/285"}],"wp:attachment":[{"href":"https:\/\/falcon21.space\/kazuya\/work\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=377"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}