LILiK
/
openwrt-packages-dist

#!/bin/sh# helper script to resolve domains for adding to banIP-related IPSets# written by Dirk Brenken (dev@brenken.org)## This is free software, licensed under the GNU General Public License v3.## (s)hellcheck exceptions# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
export LC_ALL=Cexport PATH="/usr/sbin:/usr/bin:/sbin:/bin"set -o pipefail
if [ -r "/lib/functions.sh" ]then	. "/lib/functions.sh"	ban_debug="$(uci_get banip global ban_debug "0")"	ban_tmpbase="$(uci_get banip global ban_tmpbase "/tmp")"	ban_backupdir="$(uci_get banip global ban_backupdir "${ban_tmpbase}/banIP-Backup")"	ban_proto4_enabled="$(uci_get banip global ban_proto4_enabled "0")"	ban_proto6_enabled="$(uci_get banip global ban_proto6_enabled "0")"else	exit 1fiban_ver="${1}"ban_action="${2}"ban_src_name="${3}"ban_src_file="${4}"ban_ipset_cmd="$(command -v ipset)"ban_lookup_cmd="$(command -v nslookup)"ban_logger_cmd="$(command -v logger)"ban_rc=1
f_log(){	local class="${1}" log_msg="${2}"
	if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" = "1" ]; }	then		if [ -x "${ban_logger_cmd}" ]		then			"${ban_logger_cmd}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"		else			printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"		fi	fi}
if [ "${ban_action}" = "start" ] || [ "${ban_action}" = "refresh" ]then	for proto in "4" "6"	do		if [ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}.gz" ]		then			gzip -df "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}.gz"			if [ "${?}" = "0" ]			then				ban_rc=0			else				ban_rc=1				break			fi		fi	donefi
if [ "${ban_rc}" = "1" ]then	> "${ban_backupdir}/banIP.${ban_src_name}_addon_4"	> "${ban_backupdir}/banIP.${ban_src_name}_addon_6"	while read -r domain	do		update_ips=""		result="$("${ban_lookup_cmd}" "${domain}" 2>/dev/null; printf "%s" "${?}")"		if [ "$(printf "%s" "${result}" | tail -1)" = "0" ]		then			ips="$(printf "%s" "${result}" | awk '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"			for ip in ${ips}			do				for proto in "4" "6"				do					if { [ "${proto}" = "4" ] && [ "${ban_proto4_enabled}" = "1" ] && \						[ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && \						[ -n "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; } || \						{ [ "${proto}" = "6" ] && [ "${ban_proto6_enabled}" = "1" ] && \						[ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && \						[ -z "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; }					then						printf "%s\n" "add ${ban_src_name}_${proto} ${ip}" >> "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"						if [ -z "${update_ips}" ]						then							update_ips="${ip}"						else							update_ips="${update_ips}, ${ip}"						fi					fi				done			done			if [ -n "${update_ips}" ]			then				ban_rc=0				f_log "debug" "dns_imp ::: source '${ban_src_name}' supplemented by '${domain}' (${update_ips})"			fi		fi	done < "${ban_src_file}"fi
if [ "${ban_rc}" = "0" ]then	for proto in "4" "6"	do		if [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && [ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}" ]		then			"${ban_ipset_cmd}" -q -! restore < "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"			gzip -f "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"		fi		rm -f "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"	donefif_log "info" "banIP domain import for source '${ban_src_name}' has been finished with rc '${ban_rc}'"rm -f "${ban_src_file}"exit "${ban_rc}"