From da52d4f4ca4de51be65ad662718d3b8efa876b57 Mon Sep 17 00:00:00 2001 From: bolvan Date: Tue, 17 Apr 2018 09:27:04 +0300 Subject: [PATCH] support subnet and IP bans in get_combined.sh --- ipset/create_ipset.sh | 14 +++++++------- ipset/get_combined.sh | 5 +++-- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/ipset/create_ipset.sh b/ipset/create_ipset.sh index d16fe80..5416925 100755 --- a/ipset/create_ipset.sh +++ b/ipset/create_ipset.sh @@ -8,20 +8,20 @@ EXEDIR=$(dirname $SCRIPT) create_ipset() { -ipset flush $1 2>/dev/null || ipset create $1 hash:ip maxelem 262144 -for f in "$2" "$3" +ipset flush $2 2>/dev/null || ipset create $2 $1 maxelem 262144 +for f in "$3" "$4" do [ -f "$f" ] && { - echo Adding to ipset $1 : $f + echo Adding to ipset $2 \($1\) : $f if [ -f "$ZIPLIST_EXCLUDE" ] ; then - grep -vxFf $ZIPLIST_EXCLUDE "$f" | sort -u | sed -nre "s/^.*$/add $1 &/p" | ipset -! restore + grep -vxFf $ZIPLIST_EXCLUDE "$f" | sort -u | sed -nre "s/^.*$/add $2 &/p" | ipset -! restore else - sort -u "$f" | sed -nre "s/^.*$/add $1 &/p" | ipset -! restore + sort -u "$f" | sed -nre "s/^.*$/add $2 &/p" | ipset -! restore fi } done return 0 } -create_ipset $ZIPSET $ZIPLIST $ZIPLIST_USER -create_ipset $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN +create_ipset hash:ip $ZIPSET $ZIPLIST $ZIPLIST_USER +create_ipset hash:net $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN diff --git a/ipset/get_combined.sh b/ipset/get_combined.sh index e4f49fd..7f670fc 100755 --- a/ipset/get_combined.sh +++ b/ipset/get_combined.sh @@ -21,8 +21,9 @@ if test $dlsize -lt 1048576; then exit 2 fi sed -i 's/\\n/\r\n/g' $ZREESTR -grep "https://" $ZREESTR | - grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | +# find entries with https or without domain name - they should be banned by IP +(grep "https://" $ZREESTR ; grep -vE ";[a-z|*|_|0-9|\-]+\.[a-z|*|_|0-9|\-]+" $ZREESTR ) | + grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]+)?' | cut_local | sort -u >$ZIPLIST_IPBAN