我使用MaxMind的Geolite。我的真正任务是通过特定IP确定系统中的CityID。在MaxMind中,我可以通过IP找到位置,然后使用LocID和我们的CityID之间的手工制作的交叉表。但是这个跨桌子尚未完成。我从MaxMind找到了良好的本地化文件,每个位置映射到Geonames ID。Geonames ID对我有好处,但是此文件未完成。例如,此文件中没有伯明翰。那么,有人这样的问题吗?如果有什么方法可以决定?
maxmind的geolite2数据库返回geonames ids。
这是一个三个分区,可为您提供所需的输出。由您包装它,但提供了所有城市信息。通过反向查找LON LAT和IPRANGE。
它为1个IP查找的Python GeoIP示例。然后剥离IP范围。查找每个范围。然后标记其城市/LON LAT。这并不是每个城市中的每个IP。但这将为您提供主要提供商,即使不是完全准确地估计它们所在的城市或附近。
1)
#!/usr/bin/python
import GeoIP
gi = GeoIP.open("/bin/script/tbl/state/GeoLiteCity.dat",GeoIP.GEOIP_STANDARD)
with open ("city.txt", "r") as myfile:
data=myfile.read().replace('n', '')
gir = gi.record_by_addr(data)
if gir != None:
print gir['city']
print gir['region']
print gir['region_name']
print gir['latitude']
print gir['longitude']
2)
#!/bin/bash
cd /bin/script/tbl/state
for state in $(cat state.abrv); do
state=$(echo $state)
cat outputfile | grep $state | cut -f1 -d"," > SB
output=sb.csv
echo "ip,country" > $output
for i in $( cat SB );
do echo "$i,"$( geoiplookup -f GeoLiteCity.dat $i -i | cut -d' ' -f4-99 )"" >> $output
done
echo "a" > sb1.csv && echo "a" >> sb1.csv && echo "a" >> sb1.csv
cat sb.csv >> sb1.csv
awk 'NR == 1 || NR % 7 == 0' sb1.csv | tr -d ' ' | tr '-' '/' > sb.csv
tail -n +2 "sb.csv" > $state
rm SB sb.csv sb1.csv
done
然后,您可以像这样生成iptables的快速加载脚本。这会创建一个新的链条,因此您可以首先放下捕获量。Python将将它们加载到链的顶部。然后,您可以继续设置主链,而不必等待30分钟才能加载。(当然取决于您的计算机)
#IPT=/sbin/iptables
#ACT=/bin/script/tbl/state/active.txt
#Py=/usr/bin/python
#suba='p=subprocess.Popen(["'
#subb='"],?stdout?=?subprocess.PIPE)'
#sub2='output?,?err?=?p.communicate()'
#sub3='print?output'
#
#### Any Changes?
#if diff 'active.txt' 'active.old' > /dev/null; then
# echo 'Loading Group Interests'
# /bin/bash state.bash
# $Py state.py
# exit
#else
# echo 'Modifying Rules For'
# echo $(diff active.txt active.old | head -50 | tail -49 | cut -f2 -d'0')
#fi
#
### Then lets go
# echo '#!/bin/bash' > state.bash
# echo '#!/usr/bin/python' > state.py
# echo 'import?subprocess' >> state.py
#
#for state in $(cat $ACT)
#do
# echo $IPT' -N '$state >> state.bash
# echo $IPT' -A '$state' -j DROP' >> state.bash
#done
#/bin/bash state.bash
#
#for state in $(cat $ACT)
#do
# BADIPS=$(egrep -v -E "^#|^$" $state | sed 's/[A-Za-z]*//g' | tr -d ":")
# for ip in $BADIPS
# do
# echo $ip | cut -f1 -d'/' > city.txt
# $Py city.py | head -4 | tail -1 > lon.ip
# $Py city.py | head -5 | tail -1 > lat.ip
# city=$(cat city.ip | tr ' ' '_')
# lon=$(cat lon.ip)
# lat=$(cat lat.ip)
# echo $suba'iptables -A INPUT -s '$ip' -j '$state$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# echo $suba'iptables -A FORWARD -s '$ip' -j '$state$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# echo $suba'iptables -A OUTPUT -d '$ip' -j '$state$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# echo $suba"iptables -A "$state" -s "$ip" -j LOG --log-prefix
#'STATE_,"$ip","$state","$city","$lon":"$lat",_OUT_:'"$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# echo $suba"iptables -A "$state" -d "$ip" -j LOG --log-prefix
#'STATE_,"$ip","$state","$city","$lon":"$lat",_IN_:'"$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# echo $suba"iptables -A "$state" -s "$ip" -j LOG --log-prefix
'STATE_,"$ip","$state","$city","$lon":"$lat",_OUT_:'"$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# echo $suba"iptables -A "$state" -d "$ip" -j LOG --log-prefix #'STATE_,"$ip","$state","$city","$lon":"$lat",_IN_:'"$subb >> state.py
# echo $sub2 >> state.py
# echo $sub3 >> state.py
# done
#done
### MAGIC
sed 's/ /"','"/g' state.py > state1.py
cat state1.py | tr '?' ' ' > state.py
sleep 3
python state.py
cat active.txt > active.old
### adapting this to ASN or country is way easier.
### your welcome
### last time I post anything on this webpage. There is NOTHING wrong with my formatting. go cry about it
我无法匹配maxmind数据库中的country for geoname_id and注册_country_geoname_id geolite2,直到我找到了这一点:
https://www.kaggle.com/geonames/geonames-database?select=geonames.csv