diff options
| author | Dirk Brenken <dev@brenken.org> | 2019-10-09 14:07:05 +0200 |
|---|---|---|
| committer | Dirk Brenken <dev@brenken.org> | 2019-10-09 14:07:05 +0200 |
| commit | 70ab67649b6a96e7581048ec9c1a7a4debce005d (patch) | |
| tree | 4543a06ce3e507fc63c6bd72a179de3f599f64be /net | |
| parent | ff8b853a6dc91434a5bae1b58934a6d35472dafc (diff) | |
banip: update 0.3.1
* the WAN auto detection now supports multiple interfaces, too
* no longer filter out possible LAN devices
* add a new DoH (DNS over HTTPS) blocklist source with public
DoH DNS server addresses, to effectively block client side DoH
communication, e.g. via Firefox or Chrome
Signed-off-by: Dirk Brenken <dev@brenken.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/banip/Makefile | 2 | ||||
| -rw-r--r-- | net/banip/files/banip.conf | 11 | ||||
| -rwxr-xr-x | net/banip/files/banip.sh | 35 |
3 files changed, 36 insertions, 12 deletions
diff --git a/net/banip/Makefile b/net/banip/Makefile index 897ecd8a7..a9aaf7abe 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.3.0 +PKG_VERSION:=0.3.1 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> diff --git a/net/banip/files/banip.conf b/net/banip/files/banip.conf index 04f5cee8d..68a48aad4 100644 --- a/net/banip/files/banip.conf +++ b/net/banip/files/banip.conf @@ -42,6 +42,17 @@ config source 'bogon' option ban_src_on '0' option ban_src_on_6 '0' +config source 'DoH' + option ban_src 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt' + option ban_src_6 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt' + option ban_src_desc 'List of public DoH providers (DNS over HTTPS) (IPv4/IPv6)' + option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add DoH \"\$1}' + option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add DoH_6 \"\$1}' + option ban_src_settype 'net' + option ban_src_ruletype 'src+dst' + option ban_src_on '0' + option ban_src_on_6 '0' + config source 'tor' option ban_src 'https://check.torproject.org/exit-addresses' option ban_src_desc 'List of Tor Exit Nodes (IPv4)' diff --git a/net/banip/files/banip.sh b/net/banip/files/banip.sh index 8634b19df..bf322444d 100755 --- a/net/banip/files/banip.sh +++ b/net/banip/files/banip.sh @@ -13,7 +13,7 @@ # LC_ALL=C PATH="/usr/sbin:/usr/bin:/sbin:/bin" -ban_ver="0.3.0" +ban_ver="0.3.1" ban_basever="" ban_enabled=0 ban_automatic="1" @@ -127,7 +127,7 @@ f_envload() # f_envcheck() { - local util utils packages tmp cnt=0 + local util utils packages iface tmp cnt=0 cnt_max=0 # check backup directory # @@ -189,12 +189,25 @@ f_envcheck() then while [ "${cnt}" -le 30 ] do - network_find_wan ban_iface - if [ -z "${ban_iface}" ] + network_find_wan iface + if [ -n "${iface}" ] && [ -z "$(printf "%s\\n" "${ban_iface}" | grep -F "${iface}")" ] then - network_find_wan6 ban_iface + ban_iface="${ban_iface} ${iface}" + if [ "${cnt_max}" -eq 0 ] + then + cnt_max=$((cnt+5)) + fi + fi + network_find_wan6 iface + if [ -n "${iface}" ] && [ -z "$(printf "%s\\n" "${ban_iface}" | grep -F "${iface}")" ] + then + ban_iface="${ban_iface} ${iface}" + if [ "${cnt_max}" -eq 0 ] + then + cnt_max=$((cnt+5)) + fi fi - if [ -z "${ban_iface}" ] + if [ -z "${ban_iface}" ] || [ "${cnt}" -le "${cnt_max}" ] then network_flush_cache cnt=$((cnt+1)) @@ -208,23 +221,23 @@ f_envcheck() for iface in ${ban_iface} do network_get_device tmp "${iface}" - if [ -n "${tmp}" ] + if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_dev}" | grep -F "${tmp}")" ] then ban_dev="${ban_dev} ${tmp}" else network_get_physdev tmp "${iface}" - if [ -n "${tmp}" ] + if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_dev}" | grep -F "${tmp}")" ] then ban_dev="${ban_dev} ${tmp}" fi fi network_get_subnets tmp "${iface}" - if [ -n "${tmp}" ] + if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_subnets}" | grep -F "${tmp}")" ] then ban_subnets="${ban_subnets} ${tmp}" fi network_get_subnets6 tmp "${iface}" - if [ -n "${tmp}" ] + if [ -n "${tmp}" ] && [ -z "$(printf "%s\\n" "${ban_subnets6}" | grep -F "${tmp}")" ] then ban_subnets6="${ban_subnets6} ${tmp}" fi @@ -234,7 +247,7 @@ f_envcheck() then f_log "err" "wan interface(s)/device(s) (${ban_iface:-"-"}/${ban_dev:-"-"}) not found, please please check your configuration" else - ban_dev_all="$(${ban_ip} link show | awk 'BEGIN{FS="[@: ]"}/^[0-9:]/{if(($3!="lo")&&($3!="br-lan")){print $3}}')" + ban_dev_all="$(${ban_ip} link show | awk 'BEGIN{FS="[@: ]"}/^[0-9:]/{if($3!="lo"){print $3}}')" f_jsnup "running" f_log "info" "start banIP processing (${ban_action})" fi |