From 3ee83662eceb3befffe978721d4183e187cdf4a4 Mon Sep 17 00:00:00 2001 From: bolvan Date: Fri, 4 Mar 2016 12:03:34 +0300 Subject: [PATCH] ipban --- changes.txt | 5 +++++ ipset/create_ipset.sh | 19 +++++++++++++------ ipset/def.sh | 7 ++++++- ipset/get_user.sh | 2 ++ ipset/get_user_ipban.sh | 11 +++++++++++ ipset/zapret-hosts-user-ipban.txt | 2 ++ readme.txt | 2 +- 7 files changed, 40 insertions(+), 8 deletions(-) create mode 100755 ipset/get_user_ipban.sh create mode 100644 ipset/zapret-hosts-user-ipban.txt diff --git a/changes.txt b/changes.txt index 05a49b2..9b3ce66 100644 --- a/changes.txt +++ b/changes.txt @@ -42,3 +42,8 @@ tpws : added ability to insert "." after Host: name v8 openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user + +v9 + +ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt + these IPs must be soxified for both http and https diff --git a/ipset/create_ipset.sh b/ipset/create_ipset.sh index c309930..83fe580 100755 --- a/ipset/create_ipset.sh +++ b/ipset/create_ipset.sh @@ -6,20 +6,27 @@ EXEDIR=$(dirname $SCRIPT) . "$EXEDIR/def.sh" -TEMPIPSET=/tmp/ipset.$ZIPSET.tmp -ipset flush $ZIPSET || ipset create $ZIPSET hash:ip +create_ipset() +{ +ipset flush $1 2>/dev/null || ipset create $1 hash:ip -for f in "$ZIPLIST" "$ZIPLIST_USER" +local TEMPIPSET=/tmp/ipset.$1.tmp + +for f in "$2" "$3" do [ -f $TEMPIPSET ] && rm -f $TEMPIPSET - [ -n "$f" ] && { - echo Adding $f + [ -f "$f" ] && { + echo Adding to ipset "$1" : $f sort $f | uniq | while read ip; do - echo add $ZIPSET $ip >>$TEMPIPSET + echo add $1 $ip >>$TEMPIPSET done ipset -! restore <$TEMPIPSET 2>&1 rm -f $TEMPIPSET } done +} + +create_ipset $ZIPSET $ZIPLIST $ZIPLIST_USER +create_ipset $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN diff --git a/ipset/def.sh b/ipset/def.sh index b90f2b0..42c85d5 100755 --- a/ipset/def.sh +++ b/ipset/def.sh @@ -1,4 +1,9 @@ +ZIPSET=zapret ZIPLIST=$EXEDIR/zapret-ip.txt ZIPLIST_USER=$EXEDIR/zapret-ip-user.txt -ZIPSET=zapret ZUSERLIST=$EXEDIR/zapret-hosts-user.txt + +ZIPSET_IPBAN=ipban +ZIPLIST_IPBAN=$EXEDIR/zapret-ip-ipban.txt +ZIPLIST_USER_IPBAN=$EXEDIR/zapret-ip-user-ipban.txt +ZUSERLIST_IPBAN=$EXEDIR/zapret-hosts-user-ipban.txt diff --git a/ipset/get_user.sh b/ipset/get_user.sh index afd8fe6..6276fde 100755 --- a/ipset/get_user.sh +++ b/ipset/get_user.sh @@ -6,6 +6,8 @@ EXEDIR=$(dirname $SCRIPT) . "$EXEDIR/def.sh" +$EXEDIR/get_user_ipban.sh + [ -f $ZUSERLIST ] && { dig A +short +time=8 +tries=2 -f $ZUSERLIST | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER } diff --git a/ipset/get_user_ipban.sh b/ipset/get_user_ipban.sh new file mode 100755 index 0000000..0ba8fa2 --- /dev/null +++ b/ipset/get_user_ipban.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# resolve user host list + +SCRIPT=$(readlink -f $0) +EXEDIR=$(dirname $SCRIPT) + +. "$EXEDIR/def.sh" + +[ -f $ZUSERLIST_IPBAN ] && { + dig A +short +time=8 +tries=2 -f $ZUSERLIST_IPBAN | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER_IPBAN +} diff --git a/ipset/zapret-hosts-user-ipban.txt b/ipset/zapret-hosts-user-ipban.txt new file mode 100644 index 0000000..a2049ed --- /dev/null +++ b/ipset/zapret-hosts-user-ipban.txt @@ -0,0 +1,2 @@ +kinozal.tv +rutracker.org diff --git a/readme.txt b/readme.txt index 34340bc..08f8ecf 100644 --- a/readme.txt +++ b/readme.txt @@ -1,4 +1,4 @@ -zapret v.8 +zapret v.9 Для чего это надо -----------------