support subnet and IP bans in get_combined.sh

2025-04-19 13:32:58 +03:00 · 2018-04-17 09:27:04 +03:00 · 2018-04-17 09:27:04 +03:00 · da52d4f4ca
commit da52d4f4ca
parent e106a0c668
2 changed files with 10 additions and 9 deletions
--- a/ipset/create_ipset.sh
+++ b/ipset/create_ipset.sh
@ -8,20 +8,20 @@ EXEDIR=$(dirname $SCRIPT)
 create_ipset()
 {
-ipset flush $1 2>/dev/null || ipset create $1 hash:ip maxelem 262144
+ipset flush $2 2>/dev/null || ipset create $2 $1 maxelem 262144
-for f in "$2" "$3"
+for f in "$3" "$4"
 do
 [ -f "$f" ] && {
-  echo Adding to ipset $1 : $f
+  echo Adding to ipset $2 \($1\) : $f
  if [ -f "$ZIPLIST_EXCLUDE" ] ; then
-   grep -vxFf $ZIPLIST_EXCLUDE "$f" | sort -u | sed -nre "s/^.*$/add $1 &/p" | ipset -! restore
+   grep -vxFf $ZIPLIST_EXCLUDE "$f" | sort -u | sed -nre "s/^.*$/add $2 &/p" | ipset -! restore
  else
-   sort -u "$f" | sed -nre "s/^.*$/add $1 &/p" | ipset -! restore
+   sort -u "$f" | sed -nre "s/^.*$/add $2 &/p" | ipset -! restore
  fi
 }
 done
 return 0
 }
-create_ipset $ZIPSET $ZIPLIST $ZIPLIST_USER
+create_ipset hash:ip $ZIPSET $ZIPLIST $ZIPLIST_USER
-create_ipset $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN
+create_ipset hash:net $ZIPSET_IPBAN $ZIPLIST_IPBAN $ZIPLIST_USER_IPBAN
--- a/ipset/get_combined.sh
+++ b/ipset/get_combined.sh
@ -21,8 +21,9 @@ if test $dlsize -lt 1048576; then
 exit 2
 fi
 sed -i 's/\\n/\r\n/g' $ZREESTR
-grep "https://" $ZREESTR |
+# find entries with https or without domain name - they should be banned by IP
- grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' |
+(grep "https://" $ZREESTR ; grep -vE ";[a-z|*|_|0-9|\-]+\.[a-z|*|_|0-9|\-]+" $ZREESTR ) |
 grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(/[0-9]+)?' |
 cut_local |
 sort -u >$ZIPLIST_IPBAN