LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25411 Commits
1 Branch
46 MiB
Tree: 2c1fd3e5e2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2c1fd3e5e2'
${ noResults }
openwrt-packages-dist/net/banip/files/banip.dns

67 lines
3.1 KiB
Raw Normal View History

banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: update to 0.7.5-2 * refine the new dns resolving process * add a caching mechanism for the resolved IPs, the detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. * update the readme Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: update to 0.7.5-2 * refine the new dns resolving process * add a caching mechanism for the resolved IPs, the detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. * update the readme Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update to 0.7.5-2 * refine the new dns resolving process * add a caching mechanism for the resolved IPs, the detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. * update the readme Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: bump to 0.7.5 * black- and whitelist now supporting domain names as well - the corresponding IPs (IPv4 & IPv6) will be resolved in a detached background process and added to the IPsets Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update to 0.7.5-2 * refine the new dns resolving process * add a caching mechanism for the resolved IPs, the detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. * update the readme Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: update to 0.7.5-2 * refine the new dns resolving process * add a caching mechanism for the resolved IPs, the detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. * update the readme Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
banip: update 0.7.10 * switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org>
3 years ago
banip: update to 0.7.5-2 * refine the new dns resolving process * add a caching mechanism for the resolved IPs, the detached name lookup takes place only during 'restart' or 'reload' action, 'start' and 'refresh' actions are using an auto-generated backup instead. * update the readme Signed-off-by: Dirk Brenken <dev@brenken.org>
4 years ago
 
  1. #!/bin/sh
  2. # helper script to resolve domains for adding to banIP-related IPSets
  3. # Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
  4. # This is free software, licensed under the GNU General Public License v3.
  5. 

  6. # (s)hellcheck exceptions
  7. # shellcheck disable=1091,3040
  8. 

  9. export LC_ALL=C
  10. export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
  11. set -o pipefail
  12. 

  13. . "/lib/functions.sh"
  14. 

  15. ban_action="${1}"
  16. ban_src_name="${2}"
  17. ban_src_file="${3}"
  18. ban_tmpbase="$(uci_get banip global ban_tmpbase "/tmp")"
  19. ban_backupdir="$(uci_get banip global ban_backupdir "${ban_tmpbase}/banIP-Backup")"
  20. ban_proto4_enabled="$(uci_get banip global ban_proto4_enabled "0")"
  21. ban_proto6_enabled="$(uci_get banip global ban_proto6_enabled "0")"
  22. ban_ipset_cmd="$(command -v ipset)"
  23. ban_lookup_cmd="$(command -v nslookup)"
  24. ban_logger_cmd="$(command -v logger)"
  25. 

  26. if [ "${ban_action}" = "start" ] || [ "${ban_action}" = "refresh" ]; then
  27. 	for proto in "4" "6"; do
  28. 		if { [ "${proto}" = "4" ] && [ "${ban_proto4_enabled}" = "1" ]; } ||
  29. 			{ [ "${proto}" = "6" ] && [ "${ban_proto6_enabled}" = "1" ]; }; then
  30. 			gzip -df "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}.gz" 2>/dev/null
  31. 		fi
  32. 	done
  33. fi
  34. 

  35. if { [ "${ban_proto4_enabled}" = "1" ] && [ ! -s "${ban_backupdir}/banIP.${ban_src_name}_addon_4" ]; } ||
  36. 	{ [ "${ban_proto6_enabled}" = "1" ] && [ ! -s "${ban_backupdir}/banIP.${ban_src_name}_addon_6" ]; }; then
  37. 	[ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_4" ] && : > "${ban_backupdir}/banIP.${ban_src_name}_addon_4"
  38. 	[ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_6" ] && : > "${ban_backupdir}/banIP.${ban_src_name}_addon_6"
  39. 	while read -r domain; do
  40. 		result="$(
  41. 			"${ban_lookup_cmd}" "${domain}" 2>/dev/null
  42. 			printf "%s" "${?}"
  43. 		)"
  44. 		if [ "$(printf "%s" "${result}" | tail -1)" = "0" ]; then
  45. 			ips="$(printf "%s" "${result}" | awk '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
  46. 			for ip in ${ips}; do
  47. 				for proto in "4" "6"; do
  48. 					if { [ "${proto}" = "4" ] && [ "${ban_proto4_enabled}" = "1" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] &&
  49. 						[ -n "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; } ||
  50. 						{ [ "${proto}" = "6" ] && [ "${ban_proto6_enabled}" = "1" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] &&
  51. 							[ -n "$(printf "%s" "${ip}" | awk '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print $1}')" ]; }; then
  52. 						printf "%s\n" "add ${ban_src_name}_${proto} ${ip}" >>"${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
  53. 					fi
  54. 				done
  55. 			done
  56. 		fi
  57. 	done <"${ban_src_file}"
  58. fi
  59. 

  60. for proto in "4" "6"; do
  61. 	if [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && [ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}" ]; then
  62. 		"${ban_ipset_cmd}" -q -! restore <"${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
  63. 		gzip -f "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
  64. 	fi
  65. done
  66. "${ban_logger_cmd}" -p "info" -t "banIP-resolve [${$}]" "banIP domain import for source '${ban_src_name}' has been finished" 2>/dev/null
  67. rm -f "${ban_src_file}"