LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

Merge pull request #9259 from dibdot/banIP 

banip: update 0.1.4
lilik-openwrt-22.03
Dirk Brenken 5 years ago
committed by GitHub
parent
08ab75d88b f8f539e21c
commit
8517cb1493
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 25 additions and 20 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      net/banip/Makefile
  2. +1
    -1
      net/banip/files/banip.conf
  3. +1
    -1
      net/banip/files/banip.init
  4. +22
    -17
      net/banip/files/banip.sh

+ 1
- 1
net/banip/Makefile View File

@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.1.3
PKG_VERSION:=0.1.4
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>


+ 1
- 1
net/banip/files/banip.conf View File

@ -103,7 +103,7 @@ config source 'zeus'
config source 'sslbl'
option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'
option ban_src_rset 'BEGIN{FS=\",\"}/^(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$1}'
option ban_src_rset 'BEGIN{FS=\",\"}/(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$2}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'


+ 1
- 1
net/banip/files/banip.init View File

@ -84,5 +84,5 @@ service_triggers()
do
procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" start
done
procd_add_reload_trigger "banip" "firewall"
procd_add_reload_trigger "banip"
}

+ 22
- 17
net/banip/files/banip.sh View File

@ -10,7 +10,7 @@
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
ban_ver="0.1.3"
ban_ver="0.1.4"
ban_sysver="unknown"
ban_enabled=0
ban_automatic="1"
@ -326,9 +326,9 @@ f_iptadd()
done
fi
else
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
then
"${ban_ipset}" destroy "${src_name}"
"${ban_ipset}" -q destroy "${src_name}"
fi
fi
}
@ -408,27 +408,28 @@ f_ipset()
if [ "${cnt}" -gt 0 ]
then
if [ -x "${ban_ipset}" ] && [ -z "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -z "$("${ban_ipset}" -q -n list "${src_name}")" ]
then
"${ban_ipset}" create "${src_name}" hash:"${src_settype}" hashsize "${size}" maxelem 262144 family "${src_setipv}" counters
"${ban_ipset}" -q create "${src_name}" hash:"${src_settype}" hashsize "${size}" maxelem 262144 family "${src_setipv}" counters
else
"${ban_ipset}" flush "${src_name}"
"${ban_ipset}" -q flush "${src_name}"
fi
"${ban_ipset}" -! restore < "${tmp_file}"
printf "%s\n" "1" > "${tmp_set}"
printf "%s\n" "${cnt}" > "${tmp_cnt}"
fi
f_iptadd
end_ts="$(date +%s)"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time(s): $((end_ts-start_ts))"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time: $((end_ts-start_ts))"
;;
refresh)
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
ban_rc=4
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
then
"${ban_ipset}" save "${src_name}" > "${tmp_file}"
"${ban_ipset}" -q save "${src_name}" > "${tmp_file}"
if [ -s "${tmp_file}" ]
then
ban_rc=0
cnt="$(($(wc -l 2>/dev/null < "${tmp_file}")-1))"
cnt_cidr="$(grep -cF "/" "${tmp_file}")"
cnt_ip="$((cnt-cnt_cidr))"
@ -438,15 +439,15 @@ f_ipset()
f_iptadd
fi
end_ts="$(date +%s)"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time(s): $((end_ts-start_ts))"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time: $((end_ts-start_ts)), rc: ${ban_rc}"
;;
flush)
f_iptadd "remove"
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
then
"${ban_ipset}" flush "${src_name}"
"${ban_ipset}" destroy "${src_name}"
"${ban_ipset}" -q flush "${src_name}"
"${ban_ipset}" -q destroy "${src_name}"
fi
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}"
;;
@ -469,9 +470,9 @@ f_ipset()
for source in ${ban_sources}
do
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${source}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${source}")" ]
then
"${ban_ipset}" destroy "${source}"
"${ban_ipset}" -q destroy "${source}"
fi
done
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}"
@ -572,8 +573,12 @@ f_main()
continue
elif [ "${ban_action}" = "refresh" ]
then
start_ts="$(date +%s)"
f_ipset refresh
continue
if [ ${ban_rc} -eq 0 ]
then
continue
fi
fi
# download queue processing


Write Preview
Loading…
Cancel
Save