This commit is contained in:
bolvan 2016-03-04 12:03:34 +03:00
parent 3d08e29fe6
commit 3ee83662ec
7 changed files with 40 additions and 8 deletions

View File

@ -42,3 +42,8 @@ tpws : added ability to insert "." after Host: name
v8 v8
openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user openwrt init : removed hotplug.d/firewall because of race conditions. now only use /etc/firewall.user
v9
ipban : added ipban ipset. place domains banned by ip to zapret-hosts-user-ipban.txt
these IPs must be soxified for both http and https

View File

@ -6,20 +6,27 @@ EXEDIR=$(dirname $SCRIPT)
. "$EXEDIR/def.sh" . "$EXEDIR/def.sh"
TEMPIPSET=/tmp/ipset.$ZIPSET.tmp
ipset flush $ZIPSET || ipset create $ZIPSET hash:ip create_ipset()
{
ipset flush $1 2>/dev/null || ipset create $1 hash:ip
for f in "$ZIPLIST" "$ZIPLIST_USER" local TEMPIPSET=/tmp/ipset.$1.tmp
for f in "$2" "$3"
do do
[ -f $TEMPIPSET ] && rm -f $TEMPIPSET [ -f $TEMPIPSET ] && rm -f $TEMPIPSET
[ -n "$f" ] && { [ -f "$f" ] && {
echo Adding $f echo Adding to ipset "$1" : $f
sort $f | uniq | while read ip; sort $f | uniq | while read ip;
do do
echo add $ZIPSET $ip >>$TEMPIPSET echo add $1 $ip >>$TEMPIPSET
done done
ipset -! restore <$TEMPIPSET 2>&1 ipset -! restore <$TEMPIPSET 2>&1
rm -f $TEMPIPSET rm -f $TEMPIPSET
} }
done done
}
create_ipset $ZIPSET $ZIPLIST $ZIPLIST_USER
create_ipset $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN

View File

@ -1,4 +1,9 @@
ZIPSET=zapret
ZIPLIST=$EXEDIR/zapret-ip.txt ZIPLIST=$EXEDIR/zapret-ip.txt
ZIPLIST_USER=$EXEDIR/zapret-ip-user.txt ZIPLIST_USER=$EXEDIR/zapret-ip-user.txt
ZIPSET=zapret
ZUSERLIST=$EXEDIR/zapret-hosts-user.txt ZUSERLIST=$EXEDIR/zapret-hosts-user.txt
ZIPSET_IPBAN=ipban
ZIPLIST_IPBAN=$EXEDIR/zapret-ip-ipban.txt
ZIPLIST_USER_IPBAN=$EXEDIR/zapret-ip-user-ipban.txt
ZUSERLIST_IPBAN=$EXEDIR/zapret-hosts-user-ipban.txt

View File

@ -6,6 +6,8 @@ EXEDIR=$(dirname $SCRIPT)
. "$EXEDIR/def.sh" . "$EXEDIR/def.sh"
$EXEDIR/get_user_ipban.sh
[ -f $ZUSERLIST ] && { [ -f $ZUSERLIST ] && {
dig A +short +time=8 +tries=2 -f $ZUSERLIST | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER dig A +short +time=8 +tries=2 -f $ZUSERLIST | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER
} }

11
ipset/get_user_ipban.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# resolve user host list
SCRIPT=$(readlink -f $0)
EXEDIR=$(dirname $SCRIPT)
. "$EXEDIR/def.sh"
[ -f $ZUSERLIST_IPBAN ] && {
dig A +short +time=8 +tries=2 -f $ZUSERLIST_IPBAN | grep -E '^[^;].*[^.]$' | grep -vE '^192.168.[0-9]*.[0-9]*$' | grep -vE '^127.[0-9]*.[0-9]*.[0-9]*$' | grep -vE '^10.[0-9]*.[0-9]*.[0-9]*$' | sort | uniq >$ZIPLIST_USER_IPBAN
}

View File

@ -0,0 +1,2 @@
kinozal.tv
rutracker.org

View File

@ -1,4 +1,4 @@
zapret v.8 zapret v.9
Для чего это надо Для чего это надо
----------------- -----------------