ipban

2024-12-02 14:40:52 +03:00 · 2016-03-04 12:03:34 +03:00 · 2016-03-04 12:03:34 +03:00 · 3ee83662ec
commit 3ee83662ec
parent 3d08e29fe6
7 changed files with 40 additions and 8 deletions
--- a/changes.txt
+++ b/changes.txt
@ -42,3 +42,8 @@ tpws : added ability to insert "." after Host: name
 v8

 openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user
+
+v9
+
+ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt
+	these IPs must be soxified for both http and https
--- a/ipset/create_ipset.sh
+++ b/ipset/create_ipset.sh
@ -6,20 +6,27 @@ EXEDIR=$(dirname $SCRIPT)

 . "$EXEDIR/def.sh"

-TEMPIPSET=/tmp/ipset.$ZIPSET.tmp

-ipset flush $ZIPSET || ipset create $ZIPSET hash:ip
+create_ipset()
+{
+ipset flush $1 2>/dev/null || ipset create $1 hash:ip

-for f in "$ZIPLIST" "$ZIPLIST_USER"
+local TEMPIPSET=/tmp/ipset.$1.tmp
+
+for f in "$2" "$3"
 do
 [ -f $TEMPIPSET ] && rm -f $TEMPIPSET
- [ -n "$f" ] && {
-  echo Adding $f
+ [ -f "$f" ] && {
+  echo Adding to ipset "$1" : $f
  sort $f | uniq | while read ip;
  do
-   echo add $ZIPSET $ip >>$TEMPIPSET
+   echo add $1 $ip >>$TEMPIPSET
  done
  ipset -! restore <$TEMPIPSET 2>&1
  rm -f $TEMPIPSET
 }
 done
+}
+
+create_ipset $ZIPSET $ZIPLIST $ZIPLIST_USER
+create_ipset $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN
--- a/ipset/def.sh
+++ b/ipset/def.sh
@ -1,4 +1,9 @@
+ZIPSET=zapret
 ZIPLIST=$EXEDIR/zapret-ip.txt
 ZIPLIST_USER=$EXEDIR/zapret-ip-user.txt
-ZIPSET=zapret
 ZUSERLIST=$EXEDIR/zapret-hosts-user.txt
+
+ZIPSET_IPBAN=ipban
+ZIPLIST_IPBAN=$EXEDIR/zapret-ip-ipban.txt
+ZIPLIST_USER_IPBAN=$EXEDIR/zapret-ip-user-ipban.txt
+ZUSERLIST_IPBAN=$EXEDIR/zapret-hosts-user-ipban.txt
--- a/ipset/get_user.sh
+++ b/ipset/get_user.sh
@ -6,6 +6,8 @@ EXEDIR=$(dirname $SCRIPT)

 . "$EXEDIR/def.sh"

+$EXEDIR/get_user_ipban.sh
+
 [ -f $ZUSERLIST ] && {
 dig A +short +time=8 +tries=2 -f $ZUSERLIST | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER
 }
--- a/ipset/get_user_ipban.sh
+++ b/ipset/get_user_ipban.sh
@ -0,0 +1,11 @@
+#!/bin/sh
+# resolve user host list
+
+SCRIPT=$(readlink -f $0)
+EXEDIR=$(dirname $SCRIPT)
+
+. "$EXEDIR/def.sh"
+
+[ -f $ZUSERLIST_IPBAN ] && {
+ dig A +short +time=8 +tries=2 -f $ZUSERLIST_IPBAN | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER_IPBAN
+}
--- a/ipset/zapret-hosts-user-ipban.txt
+++ b/ipset/zapret-hosts-user-ipban.txt
@ -0,0 +1,2 @@
+kinozal.tv
+rutracker.org
--- a/readme.txt
+++ b/readme.txt
@ -1,4 +1,4 @@
-zapret v.8
+zapret v.9

 Для чего это надо
 -----------------