1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
#!/bin/sh
# helper script to resolve domains for adding to banIP-related IPSets
# written by Dirk Brenken (dev@brenken.org)
#
# This is free software, licensed under the GNU General Public License v3.
#
# (s)hellcheck exceptions
# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
if [ -r "/lib/functions.sh" ]
then
. "/lib/functions.sh"
ban_debug="$(uci_get banip global ban_debug "0")"
fi
ban_ver="${1}"
ban_src_name="${2}"
ban_src_file="${3}"
ban_ipset_cmd="$(command -v ipset)"
ban_lookup_cmd="$(command -v nslookup)"
ban_logger_cmd="$(command -v logger)"
ban_rc=1
f_log()
{
local class="${1}" log_msg="${2}"
if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" = "1" ]; }
then
if [ -x "${ban_logger_cmd}" ]
then
"${ban_logger_cmd}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
else
printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
fi
fi
}
while read -r domain
do
update_ips=""
result="$("${ban_lookup_cmd}" "${domain}" 2>/dev/null; printf "%s" "${?}")"
if [ "$(printf "%s" "${result}" | tail -1)" = "0" ]
then
ips="$(printf "%s" "${result}" | awk '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
for ip in ${ips}
do
for proto in "4" "6"
do
if { [ "${proto}" = "4" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && [ -n "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; } || \
{ [ "${proto}" = "6" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && [ -z "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; }
then
"${ban_ipset_cmd}" add "${ban_src_name}_${proto}" "${ip}" 2>/dev/null
if [ "${?}" = "0" ]
then
if [ -z "${update_ips}" ]
then
update_ips="${ip}"
else
update_ips="${update_ips}, ${ip}"
fi
fi
break
fi
done
done
if [ -n "${update_ips}" ]
then
ban_rc=0
f_log "debug" "dns_imp ::: source '${ban_src_name}' supplemented by '${domain}' (${update_ips})"
fi
fi
done < "${ban_src_file}"
rm -f "${ban_src_file}"
f_log "info" "banIP domain import for source '${ban_src_name}' has been finished with rc '${ban_rc}'"
exit ${ban_rc}
|