Browse Source

Merge pull request #9669 from dibdot/banIP

banip: update 0.1.5
lilik-openwrt-22.03
Daniel Engberg 5 years ago
committed by GitHub
parent
commit
d7c3f15b4b
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 14 additions and 17 deletions
  1. +1
    -1
      net/banip/Makefile
  2. +5
    -3
      net/banip/files/README.md
  3. +0
    -10
      net/banip/files/banip.conf
  4. +0
    -1
      net/banip/files/banip.init
  5. +8
    -2
      net/banip/files/banip.sh

+ 1
- 1
net/banip/Makefile View File

@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=banip PKG_NAME:=banip
PKG_VERSION:=0.1.4
PKG_VERSION:=0.1.5
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+ PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>


+ 5
- 3
net/banip/files/README.md View File

@ -14,8 +14,8 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* supports blocking by ASN numbers * supports blocking by ASN numbers
* supports blocking by iso country codes * supports blocking by iso country codes
* supports local white & blacklist (IPv4, IPv6 & CIDR notation), located by default in /etc/banip/banip.whitelist and /etc/banip/banip.blacklist * supports local white & blacklist (IPv4, IPv6 & CIDR notation), located by default in /etc/banip/banip.whitelist and /etc/banip/banip.blacklist
* auto-add unsuccessful ssh login attempts to local blacklist
* auto-add the uplink subnet to local whitelist
* auto-add unsuccessful ssh login attempts to local blacklist (see 'ban_autoblacklist' option)
* auto-add the uplink subnet to local whitelist (see 'ban_autowhitelist' option)
* per source configuration of SRC (incoming) and DST (outgoing) * per source configuration of SRC (incoming) and DST (outgoing)
* integrated IPSet-Lookup * integrated IPSet-Lookup
* integrated RIPE-Lookup * integrated RIPE-Lookup
@ -54,7 +54,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* ban\_iface => space separated list of WAN network interface(s)/device(s) used by banIP (default: automatically set by banIP ('ban_automatic')) * ban\_iface => space separated list of WAN network interface(s)/device(s) used by banIP (default: automatically set by banIP ('ban_automatic'))
* the following options apply to the 'extra' config section: * the following options apply to the 'extra' config section:
* ban\_debug => enable/disable banIP debug output (default: '0', disabled)
* ban\_debug => enable/disable banIP debug output (bool/default: '0', disabled)
* ban\_nice => set the nice level of the banIP process and all sub-processes (int/default: '0', standard priority) * ban\_nice => set the nice level of the banIP process and all sub-processes (int/default: '0', standard priority)
* ban\_triggerdelay => additional trigger delay in seconds before banIP processing begins (int/default: '2') * ban\_triggerdelay => additional trigger delay in seconds before banIP processing begins (int/default: '2')
* ban\_backup => create compressed blocklist backups, they will be used in case of download errors or during startup in 'backup mode' (bool/default: '0', disabled) * ban\_backup => create compressed blocklist backups, they will be used in case of download errors or during startup in 'backup mode' (bool/default: '0', disabled)
@ -62,6 +62,8 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* ban\_backupboot => do not automatically update blocklists during startup, use their backups instead (bool/default: '0', disabled) * ban\_backupboot => do not automatically update blocklists during startup, use their backups instead (bool/default: '0', disabled)
* ban\_maxqueue => size of the download queue to handle downloads & IPSet processing in parallel (int/default: '8') * ban\_maxqueue => size of the download queue to handle downloads & IPSet processing in parallel (int/default: '8')
* ban\_fetchparm => special config options for the download utility (default: not set) * ban\_fetchparm => special config options for the download utility (default: not set)
* ban\_autoblacklist => store auto-addons temporary in ipset and permanently in local blacklist as well (bool/default: '1', enabled)
* ban\_autowhitelist => store auto-addons temporary in ipset and permanently in local whitelist as well (bool/default: '1', enabled)
## Examples ## Examples
**receive banIP runtime information:** **receive banIP runtime information:**


+ 0
- 10
net/banip/files/banip.conf View File

@ -1,5 +1,3 @@
# banIP configuration, for further information
# see 'https://github.com/openwrt/packages/blob/master/net/banip/files/README.md'
config banip 'global' config banip 'global'
option ban_enabled '0' option ban_enabled '0'
@ -92,14 +90,6 @@ config source 'yoyo'
option ban_src_ruletype 'src' option ban_src_ruletype 'src'
option ban_src_on '0' option ban_src_on '0'
config source 'zeus'
option ban_src 'https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist'
option ban_src_desc 'Zeus Tracker by abuse.ch (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add zeus \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'sslbl' config source 'sslbl'
option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv' option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)' option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'


+ 0
- 1
net/banip/files/banip.init View File

@ -50,7 +50,6 @@ reload_service()
stop_service() stop_service()
{ {
rc_procd "${ban_script}" stop rc_procd "${ban_script}" stop
rc_procd start_service
} }
status() status()


+ 8
- 2
net/banip/files/banip.sh View File

@ -10,7 +10,7 @@
# #
LC_ALL=C LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin" PATH="/usr/sbin:/usr/bin:/sbin:/bin"
ban_ver="0.1.4"
ban_ver="0.1.5"
ban_sysver="unknown" ban_sysver="unknown"
ban_enabled=0 ban_enabled=0
ban_automatic="1" ban_automatic="1"
@ -21,6 +21,8 @@ ban_backup=0
ban_backupboot=0 ban_backupboot=0
ban_backupdir="/mnt" ban_backupdir="/mnt"
ban_maxqueue=4 ban_maxqueue=4
ban_autoblacklist=1
ban_autowhitelist=1
ban_fetchutil="uclient-fetch" ban_fetchutil="uclient-fetch"
ban_ip="$(command -v ip)" ban_ip="$(command -v ip)"
ban_ipt="$(command -v iptables)" ban_ipt="$(command -v iptables)"
@ -623,7 +625,11 @@ f_main()
if [ -z "$(grep -F "${ip}" "${src_url}")" ] if [ -z "$(grep -F "${ip}" "${src_url}")" ]
then then
printf '%s\n' "${ip}" >> "${tmp_load}" printf '%s\n' "${ip}" >> "${tmp_load}"
printf '%s\n' "${ip}" >> "${src_url}"
if { [ "${src_name//_*/}" = "blacklist" ] && [ "${ban_autoblacklist}" -eq 1 ]; } || \
{ [ "${src_name//_*/}" = "whitelist" ] && [ "${ban_autowhitelist}" -eq 1 ]; }
then
printf '%s\n' "${ip}" >> "${src_url}"
fi
fi fi
done done
elif [ -n "${src_cat}" ] elif [ -n "${src_cat}" ]


Loading…
Cancel
Save