{"id":3176,"date":"2025-04-06T09:17:55","date_gmt":"2025-04-06T01:17:55","guid":{"rendered":"https:\/\/jir.idv.tw\/wordpress\/?p=3176"},"modified":"2025-09-25T22:09:52","modified_gmt":"2025-09-25T14:09:52","slug":"linux%e5%a6%82%e4%bd%95%e4%bd%bf%e7%94%a8ipset%e5%92%8ciptables%e5%8a%9f%e8%83%bd%e4%be%86%e9%a0%90%e5%85%88%e9%81%8e%e6%bf%be%e6%8e%89%e4%b8%80%e4%ba%9b%e5%b7%b2%e7%9f%a5%e7%9a%84%e6%83%a1%e6%84%8f","status":"publish","type":"post","link":"https:\/\/jir.idv.tw\/wordpress\/?p=3176","title":{"rendered":"[linux]\u5982\u4f55\u4f7f\u7528IPSET\u548cIPTABLES\u529f\u80fd\u4f86\u9810\u5148\u904e\u6ffe\u6389\u4e00\u4e9b\u5df2\u77e5\u7684\u60e1\u610fIP"},"content":{"rendered":"

LAST UPDATED: 2025.09.25 \u611f\u5606AI\u3001\u8b9a\u5606AI<\/strong>
\n\u8abf\u6574\u532f\u5165\u65b9\u5f0f\uff0c\u53d6\u6d88\u8ff4\u5708\u547c\u53eb\u4e00\u7b46\u4e00\u7b46ip\u63d2\u5165\u3002\u8b8a\u6210ipset restore\u4e00\u6b21\u532f\u5165\u3002<\/p>\n

\u96d6\u7136\u76e1\u53ef\u80fd\u5730\u6d88\u9664\u5c0d\u5916\u670d\u52d9\u958b\u653e\u7684PORT\uff0c\u4f46\u662f\u4e3b\u6a5f\u4ecd\u6703\u6709\u88abfail2ban\u76e3\u63a7\u5230\u4e00\u4e9b\u60e1\u610fIP\uff0c\u7528\u7a0b\u5f0f\u78bc\u6216\u65b9\u5f0f\u5728\u66b4\u529b\u62c6\u89e3TRY\u53ef\u4ee5\u767b\u5165\u7684\u5f31\u9ede\u6383\u63cf\u3002
\n\u9019\u500b\u5f88\u7169\u4eba\uff0c\u4f46\u56e0\u70baLOG\u6709\u4e9b\u6e2c\u8a66\u7684\u5167\u5bb9\u5f88\u6709\u5275\u610f\uff0c\u8166\u888b\u4e0d\u6e05\u6670\u6703\u8aa4\u4ee5\u70ba\u81ea\u5df1\u7684\u4e3b\u6a5f\u600e\u9ebc\u6703\u6709\u9019\u7a2e\u5e33\u865f\u3002<\/p>\n

\u5229\u7528\u6700\u8fd1\u5f88\u592f\u7684chatGPT\uff0c\u9b54\u6cd5\u6e9d\u901a\u5f8c\u76ee\u524d\u627e\u5230\u4e00\u500b\u61c9\u8a72\u662f\u6709\u6548\u7684\u65b9\u5f0f\u3002
\n\u7db2\u8def\u4e0a\u6709\u4e00\u4e9b\u5c08\u9580\u7dad\u8b77\u7684\u7d44\u7e54\u5718\u9ad4\uff0c\u6703\u56fa\u5b9a\u7dad\u8b77\u63d0\u4f9b\u5df2\u77e5\u7684\u60e1\u610fIP\u6e05\u55ae\u4e0b\u8f09\u3002
\n\u6709\u4e9b\u662f\u514d\u8cbb\u7684\u3001\u6709\u4e9b\u662f\u6536\u8cbb\u7684\u3002
\n\u4e0d\u904e\u5c31\u8ddfPi-Hole\u6216Adguard Home\u985e\u4f3c\u7684\u529f\u80fd\uff0c\u6211\u5011\u627e\u5230\u7684\u514d\u8cbbIP\u6e05\u55ae\u4f86\u5229\u7528\u4ea6\u53ef\u3002<\/p>\n

\u76ee\u524d\u900f\u904e\u7684\u514d\u8cbb\u65b9\u6848\u6709\u9019\u4e94\u500b\uff1a
\n1. https:\/\/www.abuseipdb.com\/<\/a> \u9019\u500bAbuseIPDB\u53ef\u4ee5\u514d\u8cbb\u8a3b\u518a\u62ff\u5230API\uff0c\u4f46\u662f\u6bcf\u5929\u6709\u66f4\u65b0\u9650\u5236\u6b21\u6578\u3002
\n2. Emerging Threats\u7684\u6e05\u55aehttps:\/\/rules.emergingthreats.net\/fwrules\/emerging-Block-IPs.txt
\n3. FireHOL\u7684\u6e05\u55aehttps:\/\/raw.githubusercontent.com\/firehol\/blocklist-ipsets\/master\/firehol_level1.netset
\n4. Blocklist.de\u7684\u6e05\u55aehttps:\/\/lists.blocklist.de\/lists\/all.txt
\n5. Spamhaus\u7684\u6e05\u55aehttps:\/\/www.spamhaus.org\/drop\/drop.txt
\n\u900f\u904e\u4e00\u500b\u7c21\u55ae\u7684script\u6307\u4ee4\u548c\u8a2d\u5b9a\u4f86\u5b9a\u6642\u4e0b\u8f09\u66f4\u65b0\u6a94\u6848\uff0c\u7136\u5f8c\u5408\u4f75\u8655\u7406\u79fb\u9664\u5f7c\u6b64\u91cd\u8907\u7684IP\u503c\u3002
\n\u6700\u5f8c\u5c31\u6703\u7522\u51fa\u4e00\u500bip.blacklist<\/strong>\u6a94\u6848\uff0c\u96a8\u6642\u53ef\u4ee5\u62ff\u4f86\u5229\u7528\u3002
\nPS. \u622a\u81f3\u76ee\u524d\u70ba\u6b62\uff0c\u5df2\u77e5\u7684IPV4\u60e1\u610fIP\u7d04\u5feb9\u842c\u500b\u3001IPV6\u7d04\u5feb3\u5343\u500b\u3002<\/p>\n

\u4e5f\u8a31\u6709\u4eba\u662f\u7d14\u7528iptables\uff0c\u6216\u8005firewalld\u5ef6\u4f38\u61c9\u7528\u3002
\n\u63a5\u4e0b\u4f86script\u7684\u7bc4\u4f8b\u6a94\u6848\uff0c\u662f\u76ee\u524d\u6e2c\u8a66\u51fa\u4f86\u7684\u53ef\u4ee5\u7528\u7684\u505a\u6cd5\u3002
\n\u9996\u5148\uff0c\u8981\u5148\u78ba\u8a8d\u662f\u4e0d\u662f\u90fd\u6709\u5b89\u88dd\u5230\u9019\u4e9b\u5957\u4ef6\uff1a
\nsudo apt install ipset iptables netfilter-persistent ipset-persistent iptables-persistent<\/code><\/p>\n

sudo nano banIPlist-jir.sh<\/code>
\n
\n\u64b0\u5beb\u4e0b\u9762\u7684\u5167\u5bb9(\u4e0b\u8f09<\/a>)\uff1a
\n
\n#!\/bin\/bash
\n### 250925 tuning restore speed with IPset mode to block mass IPs.
\n# \u8a2d\u5b9a\u9ed1\u540d\u55ae\u6a94\u6848\u8def\u5f91
\nBLACKLIST_FILE=\"\/etc\/fail2ban\/ip.blacklist\"
\nTEMP_FILE=\"\/etc\/fail2ban\/ip.blacklist.tmp\"
\n# \u65e5\u8a8c\u6a94\u6848\u7684\u8def\u5f91
\nLOG_FILE=\"\/var\/log\/iptables_blacklist_jir.log\"
\nNOTIFY_EMAIL=\"jir\"
\n# ipset \u540d\u7a31
\nSET_NAME=\"blacklist_jir\"
\nSET_NAME_IPV6=\"blacklist_jir_ipv6\"<\/p>\n

echo \"$(date '+%Y-%m-%d %H:%M:%S') starting... \/etc\/fail2ban\/banIPlist-jir.sh ...\" | tee -a $LOG_FILE<\/p>\n

# \u6aa2\u67e5\u662f\u5426\u5e36\u5165 --apply-ipset \u53c3\u6578
\nif [[ \"$1\" == \"--apply-ipset\" ]]; then
\n echo \"$(date '+%Y-%m-%d %H:%M:%S') : run with --apply-ipset\" | tee -a $LOG_FILE
\n echo \"\u53ea\u57f7\u884c ipset \u898f\u5247\u61c9\u7528\u5230 iptables...\" | tee -a $LOG_FILE<\/p>\n

# \u522a\u9664\u820a\u7684 IPSET \u898f\u5247\uff08\u5982\u679c\u5b58\u5728iptables)
\n for i in $(sudo iptables -L INPUT -n --line-numbers | grep $SET_NAME | awk '{print $1}' | sort -nr); do
\n sudo iptables -w -D INPUT $i | tee -a $LOG_FILE
\n done
\n for i in $(sudo ip6tables -L INPUT -n --line-numbers | grep $SET_NAME_IPV6 | awk '{print $1}' | sort -nr); do
\n sudo ip6tables -w -D INPUT $i | tee -a $LOG_FILE
\n done<\/p>\n

# \u5957\u7528 ipset \u5230 iptables \u548c ip6tables
\n sudo iptables -w -I INPUT -m set --match-set $SET_NAME src -j DROP | tee -a $LOG_FILE
\n echo \"IPV4 blacklist member count: $(sudo ipset list $SET_NAME | grep \"Number of entries\" | awk '{print $4}')\" | tee -a $LOG_FILE
\n sudo ip6tables -w -I INPUT -m set --match-set $SET_NAME_IPV6 src -j DROP | tee -a $LOG_FILE
\n echo \"IPV6 blacklist member count: $(sudo ipset list $SET_NAME_IPV6 | grep \"Number of entries\" | awk '{print $4}')\" | tee -a $LOG_FILE
\n echo \"\u5b8c\u6210 ipset \u898f\u5247\u61c9\u7528\u3002\" | tee -a $LOG_FILE<\/p>\n

echo \"\u53ea\u57f7\u884c \u5c01\u9396webmin port: 10000 \u898f\u5247\u61c9\u7528\u5230 iptables...\" | tee -a $LOG_FILE
\n # \u522a\u9664\u820a\u7684 \u5c01\u9396webmin \u898f\u5247
\n for i in $(sudo iptables -L INPUT -n --line-numbers | grep 'tcp dpt:10000' | awk '{print $1}' | sort -nr); do
\n sudo iptables -w -D INPUT $i | tee -a $LOG_FILE
\n done
\n for i in $(sudo ip6tables -L INPUT -n --line-numbers | grep 'tcp dpt:10000' | awk '{print $1}' | sort -nr); do
\n sudo ip6tables -w -D INPUT $i | tee -a $LOG_FILE
\n done<\/p>\n

# \u5957\u7528 \u5c01\u9396webmin \u672c\u6a5f\u4ee5\u5916\u7684\u9023\u7dda
\n sudo iptables -w -A INPUT -p tcp -s 127.0.0.1 --dport 10000 -j ACCEPT | tee -a $LOG_FILE
\n sudo iptables -w -A INPUT -p tcp --dport 10000 -j REJECT | tee -a $LOG_FILE
\n sudo ip6tables -A INPUT -p tcp -s ::1 --dport 10000 -j ACCEPT | tee -a $LOG_FILE
\n sudo ip6tables -w -A INPUT -p tcp --dport 10000 -j REJECT | tee -a $LOG_FILE
\n echo \"\u5b8c\u6210 \u5c01\u9396webmin port: 10000 \u898f\u5247\u61c9\u7528\u3002\" | tee -a $LOG_FILE<\/p>\n

exit 0
\nfi<\/p>\n

# \u7372\u53d6\u7576\u524d\u5916\u90e8\u6d6e\u52d5IP (IPv4 and IPv6)
\nCURRENT_IP=$(curl -s4 ifconfig.me)
\nCURRENT_IPv6=$(curl -s6 ifconfig.me)
\n# \u9a57\u8b49IP\u5730\u5740\u7372\u53d6\u662f\u5426\u6210\u529f
\nif [ -z \"$CURRENT_IP\" ] && [ -z \"$CURRENT_IPv6\" ]; then
\n echo \"$(date '+%Y-%m-%d %H:%M:%S') \u932f\u8aa4\uff1a\u7121\u6cd5\u7372\u53d6\u7576\u524dIP\u5730\u5740\" | tee -a $LOG_FILE
\n exit 1
\nfi<\/p>\n

# \u6aa2\u67e5\u7576\u524dIP\u662f\u5426\u5728\u9ed1\u540d\u55ae\u4e2d
\nif grep -q \"^$CURRENT_IP$\" $BLACKLIST_FILE; then
\n SUBJECT=\"\u8b66\u544a: \u5916\u90e8IP $CURRENT_IP \u5728\u9ed1\u540d\u55ae\u4e2d detected\"
\n BODY=\"\u60a8\u7684\u5916\u90e8IP\u5730\u5740 $CURRENT_IP \u88ab\u5217\u5165\u9ed1\u540d\u55ae\u3002\u8acb\u6aa2\u67e5\u4e26\u8655\u7406\u3002\\n\\n\u72c0\u614b: \u5217\u5165\u9ed1\u540d\u55ae\"
\n echo -e \"$BODY\" | mail -s \"$SUBJECT\" \"$NOTIFY_EMAIL\"<\/p>\n

# \u79fb\u9664\u7576\u524dIP\u5730\u5740
\n echo \"$(date '+%Y-%m-%d %H:%M:%S') handle...\u5916\u90e8IP $CURRENT_IP \u5728\u9ed1\u540d\u55ae\u4e2d detected\" | tee -a $LOG_FILE
\n grep -v \"^$CURRENT_IP$\" $BLACKLIST_FILE > $TEMP_FILE && mv $TEMP_FILE $BLACKLIST_FILE
\nfi<\/p>\n

# \u6aa2\u67e5\u7576\u524dIPv6\u662f\u5426\u5728\u9ed1\u540d\u55ae\u4e2d
\nif grep -q \"^$CURRENT_IPv6$\" $BLACKLIST_FILE; then
\n SUBJECT=\"\u8b66\u544a: \u5916\u90e8IPv6 $CURRENT_IPv6 \u5728\u9ed1\u540d\u55ae\u4e2d detected\"
\n BODY=\"\u60a8\u7684\u5916\u90e8IPv6\u5730\u5740 $CURRENT_IPv6 \u88ab\u5217\u5165\u9ed1\u540d\u55ae\u3002\u8acb\u6aa2\u67e5\u4e26\u8655\u7406\u3002\\n\\n\u72c0\u614b: \u5217\u5165\u9ed1\u540d\u55ae\"
\n echo -e \"$BODY\" | mail -s \"$SUBJECT\" \"$NOTIFY_EMAIL\"<\/p>\n

# \u79fb\u9664\u7576\u524dIPv6\u5730\u5740
\n echo \"$(date '+%Y-%m-%d %H:%M:%S') handle...\u5916\u90e8IPv6 $CURRENT_IPv6 \u5728\u9ed1\u540d\u55ae\u4e2d detected\" | tee -a $LOG_FILE
\n grep -v \"^$CURRENT_IPv6$\" $BLACKLIST_FILE > $TEMP_FILE && mv $TEMP_FILE $BLACKLIST_FILE
\nfi<\/p>\n

# \u6e05\u9664\u820a\u898f\u5247\u548cipset\u96c6\u5408\uff08\u5982\u679c\u5b58\u5728\uff09
\necho \"$(date '+%Y-%m-%d %H:%M:%S') \u6e05\u9664\u820a\u7684 IPv4 \u548c IPv6 \u898f\u5247\u548c ipset \u96c6\u5408...\" | tee -a $LOG_FILE<\/p>\n

# \u522a\u9664 iptables \u898f\u5247
\nsudo iptables-save | grep \"$SET_NAME\" | sed 's\/^-A\/sudo iptables -D\/' | bash
\nsudo ip6tables-save | grep \"$SET_NAME_IPV6\" | sed 's\/^-A\/sudo ip6tables -D\/' | bash
\n# \u522a\u9664 firewalld \u898f\u5247
\nsudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -m set --match-set $SET_NAME src -j DROP 2>\/dev\/null
\nsudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -m set --match-set $SET_NAME_IPV6 src -j DROP 2>\/dev\/null
\n# \u6aa2\u67e5\u4e26\u522a\u9664\u5df2\u5b58\u5728\u7684 ipset \u96c6\u5408
\necho \"$(date '+%Y-%m-%d %H:%M:%S') \u6aa2\u67e5\u4e26\u522a\u9664\u5df2\u5b58\u5728\u7684 ipset \u96c6\u5408...\" | tee -a $LOG_FILE
\nsudo ipset destroy $SET_NAME 2>\/dev\/null | tee -a $LOG_FILE
\nsudo ipset destroy $SET_NAME_IPV6 2>\/dev\/null | tee -a $LOG_FILE<\/p>\n

# \u5275\u5efa\u65b0\u7684 ipset \u96c6\u5408\u4f86\u8655\u7406\u5c01\u9396
\necho \"$(date '+%Y-%m-%d %H:%M:%S') \u5275\u5efa\u65b0\u7684 IPv4 \u548c IPv6 ipset \u96c6\u5408...\" | tee -a $LOG_FILE
\nsudo ipset create $SET_NAME hash:ip hashsize 262144 maxelem 300000 | tee -a $LOG_FILE
\nsudo ipset create $SET_NAME_IPV6 hash:ip family inet6 hashsize 32768 maxelem 300000 | tee -a $LOG_FILE<\/p>\n

# \u6279\u91cf\u8f09\u5165 IP \u5730\u5740\u5230 ipset \u96c6\u5408
\necho \"$(date '+%Y-%m-%d %H:%M:%S') \u958b\u59cb\u6279\u91cf\u6dfb\u52a0 IP \u5730\u5740\u5230 ipset \u96c6\u5408...\" | tee -a $LOG_FILE
\n{
\n grep -v ':' \"$BLACKLIST_FILE\" | sed 's\/^\/add '$SET_NAME' \/'
\n grep ':' \"$BLACKLIST_FILE\" | sed 's\/^\/add '$SET_NAME_IPV6' \/'
\n} | sudo ipset restore | tee -a $LOG_FILE<\/p>\n

# \u5c07 ipset \u96c6\u5408\u61c9\u7528\u5230 iptables \u548c ip6tables
\necho \"\u5c07 ipset \u96c6\u5408\u61c9\u7528\u5230 iptables \u548c ip6tables...\" | tee -a $LOG_FILE
\nsudo iptables -w -I INPUT -m set --match-set $SET_NAME src -j DROP | tee -a $LOG_FILE
\nsudo ip6tables -w -I INPUT -m set --match-set $SET_NAME_IPV6 src -j DROP | tee -a $LOG_FILE<\/p>\n

# \u5c07 ipset \u96c6\u5408\u61c9\u7528\u5230 firewalld
\necho \"\u5c07 ipset \u96c6\u5408\u61c9\u7528\u5230 firewalld ...\" | tee -a $LOG_FILE
\nsudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m set --match-set $SET_NAME src -j DROP 2>\/dev\/null
\nsudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -m set --match-set $SET_NAME_IPV6 src -j DROP 2>\/dev\/null<\/p>\n

# \u986f\u793a\u6700\u7d42\u72c0\u614b
\necho \"$(date '+%Y-%m-%d %H:%M:%S') \u986f\u793a\u6700\u7d42\u72c0\u614b...\" | tee -a $LOG_FILE
\necho \"IPV4 blacklist member count: $(sudo ipset list $SET_NAME | grep \"Number of entries\" | awk '{print $4}')\" | tee -a $LOG_FILE
\necho \"IPV6 blacklist member count: $(sudo ipset list $SET_NAME_IPV6 | grep \"Number of entries\" | awk '{print $4}')\" | tee -a $LOG_FILE<\/p>\n

sudo netfilter-persistent save
\n#sudo ipset-persistent save<\/p>\n

echo \"$(date '+%Y-%m-%d %H:%M:%S') Finished ... banIPlist-jir.sh ...\" | tee -a $LOG_FILE
\nexit 0
\n<\/code>
\n\u5b58\u6a94\u96e2\u958b\u3002<\/p>\n

#\u4fee\u6539\u53ef\u57f7\u884c
\nsudo chmod +x .\/banIPlist-jir.sh
\n#\u57f7\u884c\uff0c\u9019\u500b\u7b46\u6578\u8d8a\u5927\uff0c\u6574\u9ad4\u57f7\u884c\u6642\u9593\u6703\u8d8a\u4e45\u3002
\nsudo .\/banIPlist-jir.sh<\/code><\/p>\n

\u6700\u5f8c\uff0c\u4e0a\u9762\u7684\u6a94\u6848\u5982\u679c\u57f7\u884c\u5b8c\u6210\u3001\u4e5f\u6b63\u5e38\u904b\u4f5c\u3002
\n\u6211\u5011\u8b93\u5b83\u9047\u5230\u91cd\u958b\u6a5f\u6642\uff0c\u5148\u9810\u5148\u8f09\u5165\u5fa9\u539f\u9019\u500b\u9632\u8b77\u72c0\u614b\u3002\u8981\u57f7\u884c\u5099\u4efd\u548c\u529f\u80fd\u555f\u7528\u3002
\n#\u8a2d\u5b9a\u5b58\u6a94
\nsudo netfilter-persistent save
\nsudo ipset-persistent save
\n#\u6216\u8005\u9019\u6a23\u5b58\u6a94
\nsudo dpkg-reconfigure ipset-persistent
\nsudo dpkg-reconfigure iptables-persistent
\n#\u555f\u7528\u548c\u6aa2\u67e5
\nsudo systemctl enable netfilter-persistent
\nsudo systemctl start netfilter-persistent
\nsudo systemctl status netfilter-persistent<\/code><\/p>\n

\u7136\u5f8c\uff0c\u6709\u5fc5\u8981\u597d\u7528\u7684\u8a71\uff0c\u53ef\u4ee5\u5beb\u5230crontab\uff0c\u56fa\u5b9a\u9593\u9694\u5c31\u66f4\u65b0\u65b0\u7684\u9ed1\u540d\u55aeIP\u3002
\n\u53e6\u5916\uff0c\u6211\u6709\u5beb\u7279\u5225\u7684\u53c3\u6578\u503c\uff0c–apply-ipset\u662f\u8b93iptables\u8a2d\u5b9a\u503c\u610f\u5916\u6e05\u7a7a\u7684\u6642\u5019\uff0c\u53ef\u4ee5\u9810\u8f09\u56de\u4f86\u3002
\n\u53ef\u4ee5\u7528\u9019\u5169\u500b\u6307\u4ee4\u4f86\u67e5\u770b\uff1a
\nsudo iptables -L INPUT -v -n
\nsudo ip6tables -L INPUT -v -n<\/code><\/p>\n

\u5ef6\u4f38\u53c3\u8003REF\uff1a
\nhttps:\/\/dhtar.com\/make-ipset-and-iptables-configurations-persistent-in-debianubuntu.html<\/a>
\nhttps:\/\/ishm.idv.tw\/archives\/556 \u4f7f\u7528 ipset \u53ca firewalld \u505a\u9ed1\u540d\u55ae\u7ba1\u7406<\/a>
\nhttps:\/\/lyt0112.pixnet.net\/blog\/post\/218037040 \u5229\u7528 ipset \u5c01\u7981\u5927\u91cf IP <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

LAST UPDATED: 2025.09.25 \u611f\u5606AI\u3001\u8b9a\u5606AI \u8abf\u6574\u532f\u5165\u65b9\u5f0f\uff0c\u53d6\u6d88\u8ff4\u5708\u547c\u53eb\u4e00\u7b46\u4e00\u7b46ip\u63d2\u5165\u3002\u8b8a\u6210ipset restore\u4e00\u6b21\u532f\u5165\u3002 \u96d6\u7136\u76e1\u53ef\u80fd\u5730\u6d88\u9664\u5c0d\u5916\u670d\u52d9\u958b\u653e\u7684PORT\uff0c\u4f46\u662f\u4e3b\u6a5f\u4ecd\u6703\u6709\u88abfail2ban\u76e3\u63a7\u5230\u4e00\u4e9b\u60e1\u610fIP\uff0c\u7528\u7a0b\u5f0f\u78bc\u6216\u65b9\u5f0f\u5728\u66b4\u529b\u62c6\u89e3TRY\u53ef\u4ee5\u767b\u5165\u7684\u5f31\u9ede\u6383\u63cf\u3002 \u9019\u500b\u5f88\u7169\u4eba\uff0c\u4f46\u56e0\u70baLOG\u6709\u4e9b\u6e2c\u8a66\u7684\u5167\u5bb9\u5f88\u6709\u5275\u610f\uff0c\u8166\u888b\u4e0d\u6e05\u6670\u6703\u8aa4\u4ee5\u70ba\u81ea\u5df1\u7684\u4e3b\u6a5f\u600e\u9ebc\u6703\u6709\u9019\u7a2e\u5e33\u865f\u3002 \u5229\u7528\u6700\u8fd1\u5f88\u592f\u7684chatGPT\uff0c\u9b54\u6cd5\u6e9d\u901a\u5f8c\u76ee\u524d\u627e\u5230\u4e00\u500b\u61c9\u8a72\u662f\u6709\u6548\u7684\u65b9\u5f0f\u3002 \u7db2\u8def\u4e0a\u6709\u4e00\u4e9b\u5c08\u9580\u7dad\u8b77\u7684\u7d44\u7e54\u5718\u9ad4\uff0c\u6703\u56fa\u5b9a\u7dad\u8b77\u63d0\u4f9b\u5df2\u77e5\u7684\u60e1\u610fIP\u6e05\u55ae\u4e0b\u8f09\u3002 \u6709\u4e9b\u662f\u514d\u8cbb\u7684\u3001\u6709\u4e9b\u662f\u6536\u8cbb\u7684\u3002 \u4e0d\u904e\u5c31\u8ddfPi-Hole\u6216Adguard Home\u985e\u4f3c\u7684\u529f\u80fd\uff0c\u6211\u5011\u627e\u5230\u7684\u514d\u8cbbIP\u6e05\u55ae\u4f86\u5229\u7528\u4ea6\u53ef\u3002 \u76ee\u524d\u900f\u904e\u7684\u514d\u8cbb\u65b9\u6848\u6709\u9019\u4e94\u500b\uff1a 1. https:\/\/www.abuseipdb.com\/ \u9019\u500bAbuseIPDB\u53ef\u4ee5\u514d\u8cbb\u8a3b\u518a\u62ff\u5230API\uff0c\u4f46\u662f\u6bcf\u5929\u6709\u66f4\u65b0\u9650\u5236\u6b21\u6578\u3002 2. Emerging Threats\u7684\u6e05\u55aehttps:\/\/rules.emergingthreats.net\/fwrules\/emerging-Block-IPs.txt… Read more (\u5b8c\u6574\u6587\u7ae0\u5167\u5bb9)[linux]\u5982\u4f55\u4f7f\u7528IPSET\u548cIPTABLES\u529f\u80fd\u4f86\u9810\u5148\u904e\u6ffe\u6389\u4e00\u4e9b\u5df2\u77e5\u7684\u60e1\u610fIP<\/span><\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3176","post","type-post","status-publish","format-standard","hentry","category-4","content-layout-excerpt-thumb"],"jetpack_featured_media_url":"","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3176","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3176"}],"version-history":[{"count":8,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3176\/revisions"}],"predecessor-version":[{"id":3276,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/3176\/revisions\/3276"}],"wp:attachment":[{"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3176"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3176"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jir.idv.tw\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3176"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}