diff options
| author | Dirk Brenken <dev@brenken.org> | 2019-06-19 11:57:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-06-19 11:57:51 +0200 |
| commit | 8517cb149376096976fd3737c22c94136b6d8ee8 (patch) | |
| tree | d3e39509cd04b7df341f47acb18ef6474e22ecc6 /net | |
| parent | 08ab75d88b3e2f3a1038715695c334407bffb154 (diff) | |
| parent | f8f539e21c49848174a3347c7c6c5f7bfe0f61b9 (diff) | |
Merge pull request #9259 from dibdot/banIP
banip: update 0.1.4
Diffstat (limited to 'net')
| -rw-r--r-- | net/banip/Makefile | 2 | ||||
| -rw-r--r-- | net/banip/files/banip.conf | 2 | ||||
| -rwxr-xr-x | net/banip/files/banip.init | 2 | ||||
| -rwxr-xr-x | net/banip/files/banip.sh | 39 |
4 files changed, 25 insertions, 20 deletions
diff --git a/net/banip/Makefile b/net/banip/Makefile index b553b6336..fbc23ef29 100644 --- a/net/banip/Makefile +++ b/net/banip/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=banip -PKG_VERSION:=0.1.3 +PKG_VERSION:=0.1.4 PKG_RELEASE:=1 PKG_LICENSE:=GPL-3.0+ PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> diff --git a/net/banip/files/banip.conf b/net/banip/files/banip.conf index f658c445b..4843fc2b0 100644 --- a/net/banip/files/banip.conf +++ b/net/banip/files/banip.conf @@ -103,7 +103,7 @@ config source 'zeus' config source 'sslbl' option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv' option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)' - option ban_src_rset 'BEGIN{FS=\",\"}/^(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$1}' + option ban_src_rset 'BEGIN{FS=\",\"}/(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$2}' option ban_src_settype 'ip' option ban_src_ruletype 'src' option ban_src_on '0' diff --git a/net/banip/files/banip.init b/net/banip/files/banip.init index a0b583668..9356c4df0 100755 --- a/net/banip/files/banip.init +++ b/net/banip/files/banip.init @@ -84,5 +84,5 @@ service_triggers() do procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" start done - procd_add_reload_trigger "banip" "firewall" + procd_add_reload_trigger "banip" } diff --git a/net/banip/files/banip.sh b/net/banip/files/banip.sh index c86f74d70..8d1ae1e2a 100755 --- a/net/banip/files/banip.sh +++ b/net/banip/files/banip.sh @@ -10,7 +10,7 @@ # LC_ALL=C PATH="/usr/sbin:/usr/bin:/sbin:/bin" -ban_ver="0.1.3" +ban_ver="0.1.4" ban_sysver="unknown" ban_enabled=0 ban_automatic="1" @@ -326,9 +326,9 @@ f_iptadd() done fi else - if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ] + if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ] then - "${ban_ipset}" destroy "${src_name}" + "${ban_ipset}" -q destroy "${src_name}" fi fi } @@ -408,27 +408,28 @@ f_ipset() if [ "${cnt}" -gt 0 ] then - if [ -x "${ban_ipset}" ] && [ -z "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ] + if [ -x "${ban_ipset}" ] && [ -z "$("${ban_ipset}" -q -n list "${src_name}")" ] then - "${ban_ipset}" create "${src_name}" hash:"${src_settype}" hashsize "${size}" maxelem 262144 family "${src_setipv}" counters + "${ban_ipset}" -q create "${src_name}" hash:"${src_settype}" hashsize "${size}" maxelem 262144 family "${src_setipv}" counters else - "${ban_ipset}" flush "${src_name}" + "${ban_ipset}" -q flush "${src_name}" fi - "${ban_ipset}" -! restore < "${tmp_file}" printf "%s\n" "1" > "${tmp_set}" printf "%s\n" "${cnt}" > "${tmp_cnt}" fi f_iptadd end_ts="$(date +%s)" - f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time(s): $((end_ts-start_ts))" + f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, settype: ${src_settype:-"-"}, setipv: ${src_setipv:-"-"}, ruletype: ${src_ruletype:-"-"}, count(sum/ip/cidr): ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time: $((end_ts-start_ts))" ;; refresh) - if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ] + ban_rc=4 + if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ] then - "${ban_ipset}" save "${src_name}" > "${tmp_file}" + "${ban_ipset}" -q save "${src_name}" > "${tmp_file}" if [ -s "${tmp_file}" ] then + ban_rc=0 cnt="$(($(wc -l 2>/dev/null < "${tmp_file}")-1))" cnt_cidr="$(grep -cF "/" "${tmp_file}")" cnt_ip="$((cnt-cnt_cidr))" @@ -438,15 +439,15 @@ f_ipset() f_iptadd fi end_ts="$(date +%s)" - f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time(s): $((end_ts-start_ts))" + f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, count: ${cnt:-0}/${cnt_ip:-0}/${cnt_cidr:-0}, time: $((end_ts-start_ts)), rc: ${ban_rc}" ;; flush) f_iptadd "remove" - if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ] + if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${src_name}")" ] then - "${ban_ipset}" flush "${src_name}" - "${ban_ipset}" destroy "${src_name}" + "${ban_ipset}" -q flush "${src_name}" + "${ban_ipset}" -q destroy "${src_name}" fi f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}" ;; @@ -469,9 +470,9 @@ f_ipset() for source in ${ban_sources} do - if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -n list "${source}" 2>/dev/null)" ] + if [ -x "${ban_ipset}" ] && [ -n "$("${ban_ipset}" -q -n list "${source}")" ] then - "${ban_ipset}" destroy "${source}" + "${ban_ipset}" -q destroy "${source}" fi done f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}" @@ -572,8 +573,12 @@ f_main() continue elif [ "${ban_action}" = "refresh" ] then + start_ts="$(date +%s)" f_ipset refresh - continue + if [ ${ban_rc} -eq 0 ] + then + continue + fi fi # download queue processing |