LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Browse Source

banip: update 0.1.4 

* refine 'refresh' mode, add normal processing/download as fallback
* remove needless reload trigger
* fix various ipset warnings
* fix timer in 'refresh' mode
* adapt ssbl regex to new source list format

Signed-off-by: Dirk Brenken <dev@brenken.org>
lilik-openwrt-22.03
Dirk Brenken 6 years ago
parent
f5de0439c1
commit
f8f539e21c
No known key found for this signature in database GPG Key ID: 9D71CD547BFAE684
4 changed files with 25 additions and 20 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -1
      net/banip/Makefile
  2. +1
    -1
      net/banip/files/banip.conf
  3. +1
    -1
      net/banip/files/banip.init
  4. +22
    -17
      net/banip/files/banip.sh

+ 1
- 1
net/banip/Makefile View File

@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=banip PKG_NAME:=banip
PKG_VERSION:=0.1.3
PKG_VERSION:=0.1.4
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+ PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>


+ 1
- 1
net/banip/files/banip.conf View File

@ -103,7 +103,7 @@ config source 'zeus'
config source 'sslbl' config source 'sslbl'
option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv' option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)' option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'
option ban_src_rset 'BEGIN{FS=\",\"}/^(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$1}'
option ban_src_rset 'BEGIN{FS=\",\"}/(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$2}'
option ban_src_settype 'ip' option ban_src_settype 'ip'
option ban_src_ruletype 'src' option ban_src_ruletype 'src'
option ban_src_on '0' option ban_src_on '0'


+ 1
- 1
net/banip/files/banip.init View File

@ -84,5 +84,5 @@ service_triggers()
do do
procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" start procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" start
done done
procd_add_reload_trigger "banip" "firewall"
procd_add_reload_trigger "banip"
} }

+ 22
- 17
net/banip/files/banip.sh View File

@ -10,7 +10,7 @@
# #
LC_ALL=C LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin" PATH="/usr/sbin:/usr/bin:/sbin:/bin"
ban_ver="0.1.3"
ban_ver="0.1.4"
ban_sysver="unknown" ban_sysver="unknown"
ban_enabled=0 ban_enabled=0
ban_automatic="1" ban_automatic="1"
@ -326,9 +326,9 @@ f_iptadd()
done done
fi fi
else else
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
then then
"${ban_ipset}" destroy "${src_name}"
"${ban_ipset}" -q destroy "${src_name}"
fi fi
fi fi
} }
@ -408,27 +408,28 @@ f_ipset()
if [ "${cnt}" -gt 0 ] if [ "${cnt}" -gt 0 ]
then then
if [ -x "${ban_ipset}" ] && [ -z "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -z "$("${ban_ipset}" -q -n list "${src_name}")" ]
then then
"${ban_ipset}" create "${src_name}" hash:"${src_settype}" hashsize "${size}" maxelem 262144 family "${src_setipv}" counters
"${ban_ipset}" -q create "${src_name}" hash:"${src_settype}" hashsize "${size}" maxelem 262144 family "${src_setipv}" counters
else else
"${ban_ipset}" flush "${src_name}"
"${ban_ipset}" -q flush "${src_name}"
fi fi
"${ban_ipset}" -! restore < "${tmp_file}" "${ban_ipset}" -! restore < "${tmp_file}"
printf "%s\n" "1" > "${tmp_set}" printf "%s\n" "1" > "${tmp_set}"
printf "%s\n" "${cnt}" > "${tmp_cnt}" printf "%s\n" "${cnt}" > "${tmp_cnt}"
fi fi
f_iptadd f_iptadd
end_ts="$(date +%s)" end_ts="$(date +%s)"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time(s): $((end_ts-start_ts))"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time: $((end_ts-start_ts))"
;; ;;
refresh) refresh)
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
ban_rc=4
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
then then
"${ban_ipset}" save "${src_name}" > "${tmp_file}"
"${ban_ipset}" -q save "${src_name}" > "${tmp_file}"
if [ -s "${tmp_file}" ] if [ -s "${tmp_file}" ]
then then
ban_rc=0
cnt="$(($(wc -l 2>/dev/null < "${tmp_file}")-1))" cnt="$(($(wc -l 2>/dev/null < "${tmp_file}")-1))"
cnt_cidr="$(grep -cF "/" "${tmp_file}")" cnt_cidr="$(grep -cF "/" "${tmp_file}")"
cnt_ip="$((cnt-cnt_cidr))" cnt_ip="$((cnt-cnt_cidr))"
@ -438,15 +439,15 @@ f_ipset()
f_iptadd f_iptadd
fi fi
end_ts="$(date +%s)" end_ts="$(date +%s)"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time(s): $((end_ts-start_ts))"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time: $((end_ts-start_ts)), rc: ${ban_rc}"
;; ;;
flush) flush)
f_iptadd "remove" f_iptadd "remove"
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ]
then then
"${ban_ipset}" flush "${src_name}"
"${ban_ipset}" destroy "${src_name}"
"${ban_ipset}" -q flush "${src_name}"
"${ban_ipset}" -q destroy "${src_name}"
fi fi
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}" f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}"
;; ;;
@ -469,9 +470,9 @@ f_ipset()
for source in ${ban_sources} for source in ${ban_sources}
do do
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${source}" 2>/dev/null)" ]
if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${source}")" ]
then then
"${ban_ipset}" destroy "${source}"
"${ban_ipset}" -q destroy "${source}"
fi fi
done done
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}" f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}"
@ -572,8 +573,12 @@ f_main()
continue continue
elif [ "${ban_action}" = "refresh" ] elif [ "${ban_action}" = "refresh" ]
then then
start_ts="$(date +%s)"
f_ipset refresh f_ipset refresh
continue
if [ ${ban_rc} -eq 0 ]
then
continue
fi
fi fi
# download queue processing # download queue processing


Write Preview
Loading…
Cancel
Save