我尝试这样做:apt install geoip-bin geoip-database
我在 /usr/local/bin/ 中创建了这个脚本
纳米过滤器.sh
#!/bin/bash
ALLOW_COUNTRIES="SA"
if [ $# -ne 1 ]; then
echo "Usage: `basename $0` <ip>" 1>&2
exit 0
fi
COUNTRY=`/usr/share/GeoIP $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`
[[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE="ALLOW" || RESPONSE="DENY"
if [ $RESPONSE = "ALLOW" ]
then
exit 0
else
logger "$RESPONSE sshd connection from $1 ($COUNTRY)"
exit 1
fi
chmod +X filter.sh
为了启用它,/etc/hosts.deny
我添加了:
sshd: ALL
我补充说/etc/hosts.allow
:
sshd: ALL: aclexec /usr/local/bin/filter.sh %a
但问题是当我输入时bash filter.sh anyIP
,出现/usr/share/GeoIP is a directory
错误。