ljluestc
commented
7 months ago #!/bin/bash
# Install required tools
apt-get update
apt-get install -y iptables ipset wget geoip-bin
# Download and extract GeoIP database
mkdir -p /usr/share/GeoIP/
wget -P /tmp http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip /tmp/GeoIP.dat.gz
mv /tmp/GeoIP.dat /usr/share/GeoIP/GeoIP.dat
# Create and populate IPSet
ipset create geoip hash:ip hashsize 4096
grep -E '^[^#]' /usr/share/GeoIP/GeoIP.dat | cut -d ',' -f 1 | xargs -I{} ipset add geoip {}
# Set up IPTables rules
iptables -A INPUT -p tcp --dport 22 -m set --match-set geoip src -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
# Persist IPTables rules
iptables-save > /etc/iptables/rules.v4
# Configure SSLH
sslh -i 0.0.0.0 --ssh 127.0.0.1:22 --transparent --listen <your_sslh_listen_address>:22
# Restart services
systemctl restart iptables
systemctl restart sslh
Hello,
I can configure this filter based on geolocation if I connect directly through SSH server, but I am not able to configure this using SSLH (with transparent setup, forwarding the real source IP to SSH server).
Is there any way to set this up?
This is the guide to configure the filter: http://www.axllent.org/docs/view/ssh-geoip/
Thanks!