diff options
| author | Dirk Brenken <dev@brenken.org> | 2024-05-01 15:02:44 +0200 |
|---|---|---|
| committer | Dirk Brenken <dev@brenken.org> | 2024-05-01 15:03:13 +0200 |
| commit | 4d7c38c7708110cb1d0290f50ef48129192dd76a (patch) | |
| tree | f9b6c552796c433af6a5c790c502100491d0fc53 /net | |
| parent | 8c2ec5746274534a7e6db029a9e2e519224d32b1 (diff) | |
banip: update 0.9.5-4
* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed
Signed-off-by: Dirk Brenken <dev@brenken.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/banip/Makefile | 2 | ||||
| -rw-r--r-- | net/banip/files/README.md | 1 | ||||
| -rw-r--r-- | net/banip/files/banip-functions.sh | 11 | ||||
| -rw-r--r-- | net/banip/files/banip.feeds | 5 |
4 files changed, 12 insertions, 7 deletions
diff --git a/net/banip/Makefile b/net/banip/Makefile index 41f01195a..43bf050f1 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip PKG_VERSION:=0.9.5 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> diff --git a/net/banip/files/README.md b/net/banip/files/README.md index a29375bbf..4f4300a01 100644 --- a/net/banip/files/README.md +++ b/net/banip/files/README.md @@ -37,6 +37,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre | greensnow | suspicious server IPs | x | x | | | [Link](https://greensnow.co) | | iblockads | Advertising IPs | | | x | tcp: 80, 443 | [Link](https://www.iblocklist.com) | | iblockspy | Malicious spyware IPs | | | x | tcp: 80, 443 | [Link](https://www.iblocklist.com) | +| ipblackhole | blackhole IPs | x | x | | | [Link](https://github.com/BlackHoleMonster/IP-BlackHole) | | ipsum | malicious IPs | x | x | | | [Link](https://github.com/stamparm/ipsum) | | ipthreat | hacker and botnet TPs | x | x | | | [Link](https://ipthreat.net) | | myip | real-time IP blocklist | x | x | | | [Link](https://myip.ms) | diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh index b5c9b4774..e9cf87367 100644 --- a/net/banip/files/banip-functions.sh +++ b/net/banip/files/banip-functions.sh @@ -1354,6 +1354,7 @@ f_report() { local report_jsn report_txt tmp_val ruleset_raw item table_sets set_cnt set_input set_forwardwan set_forwardlan set_cntinput set_cntforwardwan set_cntforwardlan set_proto set_dport set_details local expr detail jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan local sum_synflood sum_udpflood sum_icmpflood sum_ctinvalid sum_tcpinvalid output="${1}" + [ -z "${ban_dev}" ] && f_conf f_mkdir "${ban_reportdir}" report_jsn="${ban_reportdir}/ban_report.jsn" @@ -1549,7 +1550,7 @@ f_report() { [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail ;; esac - rm -f "${report_txt}" + : >"${report_txt}" } # Set search @@ -1682,6 +1683,9 @@ f_monitor() { log_raw="$(eval ${loglimit_cmd})" log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")" if [ "${log_count}" -ge "${ban_logcount}" ]; then + if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" { ${ip} ${nft_expiry} } >/dev/null 2>&1; then + f_log "info" "add IP '${ip}' (expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set" + fi if [ "${ban_autoblocksubnet}" = "1" ]; then rdap_log="$("${ban_fetchcmd}" ${ban_rdapparm} "${ban_rdapfile}" "${ban_rdapurl}${ip}" 2>&1)" rdap_rc="${?}" @@ -1700,11 +1704,6 @@ f_monitor() { f_log "info" "rdap request failed (rc: ${rdap_rc:-"-"}/log: ${rdap_log})" fi fi - if [ "${ban_autoblocksubnet}" = "0" ] || [ "${rdap_rc}" != "0" ] || [ ! -s "${ban_rdapfile}" ] || [ -z "${rdap_prefix}" ] || [ -z "${rdap_length}" ]; then - if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" { ${ip} ${nft_expiry} } >/dev/null 2>&1; then - f_log "info" "add IP '${ip}' (expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set" - fi - fi if [ -z "${ban_nftexpiry}" ] && [ "${ban_autoblocklist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; then printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}" f_log "info" "add IP '${ip}' to local blocklist" diff --git a/net/banip/files/banip.feeds b/net/banip/files/banip.feeds index 90eaf62ad..a614b3394 100644 --- a/net/banip/files/banip.feeds +++ b/net/banip/files/banip.feeds @@ -154,6 +154,11 @@ "descr": "malicious spyware IPs", "flag": "gz tcp 80 443" }, + "ipblackhole":{ + "url_4": "https://blackhole.s-e-r-v-e-r.pw/blackhole-today", + "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}", + "descr": "blackhole IP blocklist" + }, "ipsum":{ "url_4": "https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}", |