include $(TOPDIR)/rules.mk
PKG_NAME:=banip
-PKG_VERSION:=1.5.3
-PKG_RELEASE:=3
+PKG_VERSION:=1.5.5
+PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
| Feed | Focus | Inbound | Outbound | Proto/Port | Information |
| :------------------ | :----------------------------- | :-----: | :------: | :---------------: | :----------------------------------------------------------- |
-| adaway | adaway IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| adguard | adguard IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| adguardtrackers | adguardtracker IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| antipopads | antipopads IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| asn | ASN segments | x | | | [Link](https://asn.ipinfo.app) |
| backscatterer | backscatterer IPs | x | | | [Link](https://www.uceprotect.net/en/index.php) |
| becyber | malicious attacker IPs | x | | | [Link](https://github.com/duggytuxy/malicious_ip_addresses) |
| ipthreat | hacker and botnet TPs | x | | | [Link](https://ipthreat.net) |
| myip | real-time IP blocklist | x | | | [Link](https://myip.ms) |
| nixspam | iX spam protection | x | | | [Link](http://www.nixspam.org) |
-| oisdbig | OISD-big IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| oisdnsfw | OISD-nsfw IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| oisdsmall | OISD-small IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| pallebone | curated IP blocklist | x | | | [Link](https://github.com/pallebone/StrictBlockPAllebone) |
| proxy | open proxies | x | | | [Link](https://iplists.firehol.org/?ipset=proxylists) |
-| stevenblack | stevenblack IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| threat | emerging threats | x | | | [Link](https://rules.emergingthreats.net) |
| threatview | malicious IPs | x | | | [Link](https://threatview.io) |
| tor | tor exit nodes | x | | | [Link](https://www.dan.me.uk) |
| voip | VoIP fraud blocklist | x | | | [Link](https://voipbl.org) |
| vpn | vpn IPs | x | | | [Link](https://github.com/X4BNet/lists_vpn) |
| vpndc | vpn datacenter IPs | x | | | [Link](https://github.com/X4BNet/lists_vpn) |
-| yoyo | yoyo IPs | | x | tcp, udp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
* Zero-conf like automatic installation & setup, usually no manual changes needed
* All Sets are handled in a separate nft table/namespace 'banIP'
* Fast feed processing as they are handled in parallel as background jobs (on capable multi-core hardware)
* Per feed it can be defined whether the inbound chain (wan-input, wan-forward) or the outbound chain (lan-forward) should be blocked
* Automatic blocklist backup & restore, the backups will be used in case of download errors or during startup
-* Automatically selects one of the following download utilities with ssl support: aria2c, curl, uclient-fetch or full wget
+* Automatically selects one of the following download utilities with ssl support: curl, uclient-fetch or full wget
* Provides HTTP ETag support to download only ressources that have been updated on the server side, to speed up banIP reloads and to save bandwith
* Supports an 'allowlist only' mode, this option restricts the internet access only to specific, explicitly allowed IP segments
* Supports external allowlist URLs to reference additional IPv4/IPv6 feeds
* Optionally always allow certain protocols/destination ports in the inbound chain
* Deduplicate IPs accross all Sets (single IPs only, no intervals)
* Provides comprehensive runtime information
-* Provides a detailed Set report
+* Provides a detailed Set report, incl. a map that shows the geolocation of your own uplink addresses (in green) and the location of potential attackers (in red)
* Provides a Set search engine for certain IPs
* Feed parsing by fast & flexible regex rulesets
* Minimal status & error logging to syslog, enable debug logging to receive more output
-* Procd based init system support (start/stop/restart/reload/status/report/search/survey)
+* Procd based init system support (start/stop/restart/reload/status/report/search/content)
* Procd network interface trigger support
* Add new or edit existing banIP feeds on your own with the LuCI integrated custom feed editor
* Supports destination port & protocol limitations for external feeds (see the feed list above). To change the default assignments just use the custom feed editor
<a id="prerequisites"></a>
## Prerequisites
* **[OpenWrt](https://openwrt.org)**, latest stable release 24.x or a development snapshot with nft/firewall 4 support
-* A download utility with SSL support: 'aria2c', 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header
+* A download utility with SSL support: 'curl', full 'wget' or 'uclient-fetch' with one of the 'libustream-*' SSL libraries, the latter one doesn't provide support for ETag HTTP header
* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
* For E-Mail notifications you need to install and setup the additional 'msmtp' package
enabled Check if service is started on boot
report [text|json|mail] Print banIP related Set statistics
search [<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP Set
- survey [<Set name>] List all elements of a given banIP Set
+ content [<Set name>] List all elements of a given banIP Set
running Check if service is running
status Service status
trace Start with syscall trace
| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
| ban_nftretry | option | 5 | number of Set load attempts in case of an error |
| ban_nftcount | option | 0 | enable nft counter for every Set element |
+| ban_map | option | 0 | enable a GeoIP Map with suspicious Set elements |
| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
| ban_asnsplit | option | - | the selected ASNs are stored in separate Sets |
| ban_feedinout | list | - | set the selected feeds to the inbound and outbound chain (lan-forward) |
| ban_feedreset | list | - | override the default feed configuration and remove existing port/protocol limitations |
| ban_feedcomplete | list | - | opt out the selected feeds from the deduplication process |
-| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
+| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget' or 'curl' |
| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
| ban_fetchretry | option | 5 | number of download attempts in case of an error (not supported by uclient-fetch) |
| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
~# /etc/init.d/banip status
::: banIP runtime information
+ status : active (nft: ✔, monitor: ✔)
- + version : 1.5.3-r3
- + element_count : 91 763 (chains: 7, sets: 18, rules: 46)
- + active_feeds : allowlist.v4MAC, allowlist.v6MAC, allowlist.v4, allowlist.v6, cinsscore.v4, debl.v4, debl.v6, doh.v6, doh.v4, threat.v4, turris.v4, country.v4, turris.v6, country.v6, blocklist.v4MAC, blocklist.v6MAC, blocklist.v4, blocklist.v6
+ + version : 1.5.5-r1
+ + element_count : 92 615 (chains: 7, sets: 18, rules: 46)
+ + active_feeds : allowlist.v4MAC, allowlist.v6MAC, allowlist.v4, allowlist.v6, cinsscore.v4, debl.v4, country.v6, debl.v6, doh.v4, doh.v6, threat.v4, turris.v4, turris.v6, blocklist.v4MAC, blocklist.v6MAC, blocklist.v4, blocklist.v6, country.v4
+ active_devices : wan: pppoe-wan / wan-if: wan, wan_6 / vlan-allow: - / vlan-block: -
+ active_uplink : 91.61.217.158, 2001:fc:37ff:f64:b513:16dd:6903:7710
+ nft_info : ver: 1.1.1-r1, priority: -100, policy: performance, loglevel: warn, expiry: 2h, limit (icmp/syn/udp): 25/10/100
+ run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report, error: /mnt/data/banIP/error
- + run_flags : auto: â\9c\94, proto (4/6): ✔/✔, log (pre/in/out): ✘/✘/✘, count: ✔, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
- + last_run : 2025-03-07 13:08:56, duration: 1m 12s, mode: reload, memory: 1325.18 MB available, 1.88 MB max. used
- + system_info : cores: 4, log: logread, fetch: curl, Bananapi BPI-R3, mediatek/filogic, OpenWrt SNAPSHOT r28926-9a7192c08e
+ + run_flags : auto: â\9c\98, proto (4/6): ✔/✔, log (pre/in/out): ✘/✘/✘, count: ✔, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
+ + last_run : 2025-03-27 21:54:29, mode: restart, duration: 0m 21s, memory: 1281.87 MB available, 2.00 MB max. used
+ + system_info : cores: 4, log: logread, fetch: curl, Bananapi BPI-R3, mediatek/filogic, OpenWrt SNAPSHOT r29070-8d1fe32c2c
```
**banIP search information**
IP found in Set 'doh.v4'
```
-**banIP survey information**
+**banIP Set content information**
```
-~# /etc/init.d/banip survey doh.v4
+~# /etc/init.d/banip content doh.v4
:::
-::: banIP Survey
+::: banIP Set Content
:::
- List of elements in the Set 'doh.v4' on 2025-01-13 22:35:57
+ List elements of the Set 'doh.v4' on 2025-01-13 22:35:57
---
{ "range": [ "1.0.0.1", "1.0.0.3" ] }
{ "range": [ "1.1.1.1", "1.1.1.3" ] }
* point 'ban_basedir', 'ban_reportdir', 'ban_backupdir' and 'ban_errordir' to an external usb drive or ssd
* set 'ban_cores' to '1' (only useful on a multicore system) to force sequential feed processing
* set 'ban_splitsize' e.g. to '1024' to split the load of an external Set after every 1024 lines/elements
-* set 'ban_nftcount' to '0' to deactivate the CPU-intensive creation of counter elements at Set level
+* set 'ban_nftcount' to '0' to deactivate the CPU- and memory-intensive creation of counter elements at Set level
**Sensible choice of blocklists**
The following feeds are just my personal recommendation as an initial setup:
C8:C2:9B:F7:80:12 => this will be populated to v6MAC-Set with the IP-wildcard ::/0
```
+**Set reporting, enable the GeoIP Map**
+In addition to a tabular overview banIP reporting includes a GeoIP map in a modal popup window/iframe that shows the geolocation of your own uplink addresses (in green) and the locations of potential attackers (in red). To enable the GeoIP Map set the following options (in "Feed/Set Settings" config tab):
+
+ * set 'ban_nftcount' to '1' to enable the nft counter for every Set element
+ * set 'ban_map' to '1' to include the external components listed below and activate the GeoIP map
+
+To make this work, banIP uses the following external components:
+* [Leaflet](https://leafletjs.com/) is a lightweight open-source JavaScript library for interactive maps
+* [OpenStreetMap](https://www.openstreetmap.org/) provides the map data under an open-source license
+* [CARTO basemap styles](https://github.com/CartoDB/basemap-styles) based on [OpenMapTiles](https://openmaptiles.org/schema)
+* The free and quite fast [IP Geolocation API](https://ip-api.com/) to resolve the required IP/geolocation information
+
**CGI interface to receive remote logging events**
banIP ships a basic cgi interface in '/www/cgi-bin/banip' to receive remote logging events (disabled by default). The cgi interface evaluates logging events via GET or POST request (see examples below). To enable the cgi interface set the following options:
By default banIP uses the following pre-configured download options:
```
- * aria2c: --timeout=20 --retry-wait=10 --max-tries=5 --max-file-not-found=5 --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o
* curl: --connect-timeout 20 --retry-delay 10 --retry 5 --retry-all-errors --fail --silent --show-error --location -o
* wget: --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=5 --retry-connrefused --max-redirect=0 -O
* uclient-fetch: --timeout=20 -O
```
[...]
- "stevenblack":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
+ "doh":{
+ "url_4": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt",
+ "url_6": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"chain": "out",
- "descr": "stevenblack IPs",
- "flag": "tcp 80 443"
+ "descr": "public DoH-Provider",
+ "flag": "tcp udp 80 443"
},
[...]
```
Typical symptoms:
* A feed blocks a legit IP: disable the entire feed or add this IP to your local allowlist and reload banIP
* A feed (e.g. doh) interrupts almost all client connections: check the feed table above for reference and reset the feed to the defaults in the "Feed/Set Settings" config tab section
-* The allowlist doesn't free a certain IP/MAC address: check the current content of the allowlist with the "Set Survey" under the "Set Reporting" tab to make sure that the desired IP/MAC is listed - if not, reload banIP
+* The allowlist doesn't free a certain IP/MAC address: check the current content of the allowlist with the "Set Content" under the "Set Reporting" tab to make sure that the desired IP/MAC is listed - if not, reload banIP
<a id="support"></a>
## Support
ban_rtfile="/var/run/banip_runtime.json"
ban_rdapfile="/var/run/banip_rdap.json"
ban_rdapurl="https://rdap.db.ripe.net/ip/"
+ban_geourl="http://ip-api.com/batch"
ban_lock="/var/run/banip.lock"
ban_logreadfile="/var/log/messages"
ban_logreadcmd=""
ban_nftexpiry=""
ban_nftretry="5"
ban_nftcount="0"
+ban_map="0"
ban_icmplimit="25"
ban_synlimit="10"
ban_udplimit="100"
ban_fetchretry="5"
ban_rdapparm=""
ban_etagparm=""
+ban_geoparm=""
ban_cores=""
ban_packages=""
ban_trigger=""
ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
if { [ "${ban_autodetect}" = "1" ] && [ -z "${ban_fetchcmd}" ]; } || [ ! -x "${ban_fetchcmd}" ]; then
- utils="aria2 curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
+ utils="curl wget-ssl libustream-openssl libustream-wolfssl libustream-mbedtls"
for util in ${utils}; do
if printf "%s" "${ban_packages}" | "${ban_jsoncmd}" -ql1 -e "@.packages[\"${util}\"]" >/dev/null 2>&1; then
case "${util}" in
- "aria2")
- util="aria2c"
- ;;
"wget-ssl")
util="wget"
;;
[ ! -x "${ban_fetchcmd}" ] && f_log "err" "download utility with SSL support not found, please set 'ban_fetchcmd' manually"
case "${ban_fetchcmd##*/}" in
- "aria2c")
- [ "${ban_fetchinsecure}" = "1" ] && insecure="--check-certificate=false"
- ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 --retry-wait=10 --max-tries=${ban_fetchretry} --max-file-not-found=${ban_fetchretry} --allow-overwrite=true --auto-file-renaming=false --log-level=warn --dir=/ -o"}"
- ban_rdapparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ -o"
- ban_etagparm="--timeout=5 --allow-overwrite=true --auto-file-renaming=false --dir=/ --dry-run --log -"
- ;;
"curl")
[ "${ban_fetchinsecure}" = "1" ] && insecure="--insecure"
ban_fetchparm="${ban_fetchparm:-"${insecure} --connect-timeout 20 --retry-delay 10 --retry ${ban_fetchretry} --retry-max-time $((ban_fetchretry * 20)) --retry-all-errors --fail --silent --show-error --location -o"}"
ban_rdapparm="--connect-timeout 5 --silent --location -o"
ban_etagparm="--connect-timeout 5 --silent --location --head"
+ ban_geoparm="--connect-timeout 5 --silent --location --data"
;;
"wget")
[ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate"
ban_fetchparm="${ban_fetchparm:-"${insecure} --no-cache --no-cookies --timeout=20 --waitretry=10 --tries=${ban_fetchretry} --retry-connrefused -O"}"
ban_rdapparm="--timeout=5 -O"
ban_etagparm="--timeout=5 --spider --server-response"
+ ban_geoparm="--timeout=5 --quiet -O- --post-data"
;;
"uclient-fetch")
[ "${ban_fetchinsecure}" = "1" ] && insecure="--no-check-certificate"
ban_fetchparm="${ban_fetchparm:-"${insecure} --timeout=20 -O"}"
ban_rdapparm="--timeout=5 -O"
+ ban_geoparm="--timeout=5 --quiet -O- --post-data"
;;
esac
- f_log "debug" "f_getfetch ::: auto: ${ban_autodetect}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}, etag_parm: ${ban_etagparm:-"-"}"
+ f_log "debug" "f_getfetch ::: auto: ${ban_autodetect}, cmd: ${ban_fetchcmd:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, rdap_parm: ${ban_rdapparm:-"-"}, etag_parm: ${ban_etagparm:-"-"}, , geo_parm: ${ban_geoparm:-"-"}"
}
# get wan interfaces
end_time="$(date "+%s")"
duration="$(((end_time - ban_starttime) / 60))m $(((end_time - ban_starttime) % 60))s"
fi
- runtime="$(date "+%Y-%m-%d %H:%M:%S"), duration: ${duration:-"-"}, mode: ${ban_action:-"-"}, memory: ${mem_free} MB available, ${mem_max} MB max. used"
+ runtime="$(date "+%Y-%m-%d %H:%M:%S"), mode: ${ban_action:-"-"}, duration: ${duration:-"-"}, memory: ${mem_free} MB available, ${mem_max} MB max. used"
fi
[ -s "${ban_customfeedfile}" ] && custom_feed="1"
[ "${ban_splitsize:-"0"}" -gt "0" ] && split="1"
f_report() {
local report_jsn report_txt tmp_val table_json item table_sets set_cnt set_inbound set_outbound set_cntinbound set_cntoutbound set_proto set_dport set_details
local expr detail jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinbound sum_setoutbound sum_cntelements sum_cntinbound sum_cntoutbound
- local chain set_elements set_json sum_setelements sum_synflood sum_udpflood sum_icmpflood sum_ctinvalid sum_tcpinvalid output="${1}"
+ local quantity chunk map_jsn chain set_elements set_json sum_setelements sum_synflood sum_udpflood sum_icmpflood sum_ctinvalid sum_tcpinvalid output="${1}"
- [ -z "${ban_dev}" ] && f_conf
+ f_conf
+ f_getfetch
f_mkdir "${ban_reportdir}"
report_jsn="${ban_reportdir}/ban_report.jsn"
report_txt="${ban_reportdir}/ban_report.txt"
+ map_jsn="${ban_reportdir}/ban_map.jsn"
# json output preparation
#
+ : >"${report_jsn}"
+ : >"${map_jsn}"
table_json="$("${ban_nftcmd}" -tj list table inet banIP 2>/dev/null)"
table_sets="$(printf "%s" "${table_json}" | "${ban_jsoncmd}" -qe '@.nftables[@.set.family="inet"].set.name')"
sum_sets="0"
sum_ctinvalid="$(printf "%s" "${table_json}" | "${ban_jsoncmd}" -qe '@.nftables[@.counter.name="cnt_ctinvalid"].*.packets')"
sum_tcpinvalid="$(printf "%s" "${table_json}" | "${ban_jsoncmd}" -qe '@.nftables[@.counter.name="cnt_tcpinvalid"].*.packets')"
timestamp="$(date "+%Y-%m-%d %H:%M:%S")"
- : >"${report_jsn}"
- {
- printf "%s\n" "{"
- printf "\t%s\n" '"sets":{'
- for item in ${table_sets}; do
+
+ cnt="1"
+ for item in ${table_sets}; do
+ (
set_json="$("${ban_nftcmd}" -j list set inet banIP "${item}" 2>/dev/null)"
set_cnt="$(printf "%s" "${set_json}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]' | "${ban_wccmd}" -l 2>/dev/null)"
- sum_cntelements="$((sum_cntelements + set_cnt))"
set_cntinbound=""
set_cntoutbound=""
+ set_inbound=""
+ set_outbound=""
set_proto=""
set_dport=""
+ set_elements=""
for chain in _inbound _outbound; do
for expr in 0 1 2; do
if [ "${chain}" = "_inbound" ] && [ -z "${set_cntinbound}" ]; then
done
done
if [ -n "${set_proto}" ] && [ -n "${set_dport}" ]; then
- sum_setports="$((sum_setports + 1))"
set_proto="${set_proto//[\{\}\":]/}"
set_proto="${set_proto#\[ *}"
set_proto="${set_proto%* \]}"
set_dport="${set_proto}: $(f_trim "${set_dport}")"
fi
if [ "${ban_nftcount}" = "1" ]; then
- set_elements="$(printf "%s" "${set_json}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' | "${ban_awkcmd}" '{ORS=" "; printf"%s, ",$1}')"
- set_elements="${set_elements//{*/} $(printf "%s" "${set_json}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val.range[0]' | "${ban_awkcmd}" '{ORS=" "; printf"%s(r), ",$1}')"
- set_elements="$(f_trim "${set_elements%%?}") $(printf "%s" "${set_json}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val.prefix.addr' | "${ban_awkcmd}" '{ORS=" "; printf"%s(p), ",$1}')"
- set_elements="$(f_trim "${set_elements%%??}")"
- sum_setelements="$((sum_setelements + $(printf "%s" "${set_elements}" | "${ban_wccmd}" -w)))"
+ set_elements="$(printf "%s" "${set_json}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*][@.counter.packets>0].val' |
+ "${ban_awkcmd}" -F '[ ,]' '{ORS=" ";if($2=="\"range\":")printf"%s, ",$4;else if($2=="\"prefix\":")printf"%s, ",$5;else printf"\"%s\", ",$1}')"
fi
if [ -n "${set_cntinbound}" ]; then
set_inbound="ON"
- sum_setinbound="$((sum_setinbound + 1))"
- sum_cntinbound="$((sum_cntinbound + set_cntinbound))"
else
set_inbound="-"
set_cntinbound=""
fi
if [ -n "${set_cntoutbound}" ]; then
set_outbound="ON"
- sum_setoutbound="$((sum_setoutbound + 1))"
- sum_cntoutbound="$((sum_cntoutbound + set_cntoutbound))"
else
set_outbound="-"
set_cntoutbound=""
fi
- [ "${sum_sets}" -gt "0" ] && printf "%s\n" ","
- printf "\t\t%s\n" "\"${item}\":{"
- printf "\t\t\t%s\n" "\"cnt_elements\": \"${set_cnt}\","
- printf "\t\t\t%s\n" "\"cnt_inbound\": \"${set_cntinbound}\","
- printf "\t\t\t%s\n" "\"inbound\": \"${set_inbound}\","
- printf "\t\t\t%s\n" "\"cnt_outbound\": \"${set_cntoutbound}\","
- printf "\t\t\t%s\n" "\"outbound\": \"${set_outbound}\"",
- printf "\t\t\t%s\n" "\"port\": \"${set_dport:-"-"}\"",
- printf "\t\t\t%s\n" "\"set_elements\": \"${set_elements:-"-"}\""
- printf "\t\t%s" "}"
- sum_sets="$((sum_sets + 1))"
- done
- printf "\n\t%s\n" "},"
- printf "\t%s\n" "\"timestamp\": \"${timestamp}\","
- printf "\t%s\n" "\"autoadd_allow\": \"$("${ban_grepcmd}" -c "added on ${timestamp% *}" "${ban_allowlist}")\","
- printf "\t%s\n" "\"autoadd_block\": \"$("${ban_grepcmd}" -c "added on ${timestamp% *}" "${ban_blocklist}")\","
- printf "\t%s\n" "\"sum_synflood\": \"${sum_synflood}\","
- printf "\t%s\n" "\"sum_udpflood\": \"${sum_udpflood}\","
- printf "\t%s\n" "\"sum_icmpflood\": \"${sum_icmpflood}\","
- printf "\t%s\n" "\"sum_ctinvalid\": \"${sum_ctinvalid}\","
- printf "\t%s\n" "\"sum_tcpinvalid\": \"${sum_tcpinvalid}\","
- printf "\t%s\n" "\"sum_sets\": \"${sum_sets}\","
- printf "\t%s\n" "\"sum_setinbound\": \"${sum_setinbound}\","
- printf "\t%s\n" "\"sum_setoutbound\": \"${sum_setoutbound}\","
- printf "\t%s\n" "\"sum_cntelements\": \"${sum_cntelements}\","
- printf "\t%s\n" "\"sum_cntinbound\": \"${sum_cntinbound}\","
- printf "\t%s\n" "\"sum_cntoutbound\": \"${sum_cntoutbound}\","
- printf "\t%s\n" "\"sum_setports\": \"${sum_setports}\","
- printf "\t%s\n" "\"sum_setelements\": \"${sum_setelements}\""
- printf "%s\n" "}"
- } >>"${report_jsn}"
+ if [ "${cnt}" = "1" ]; then
+ printf "%s\n" "{ \"sets\":{ \"${item}\":{ \"cnt_elements\": \"${set_cnt}\", \"cnt_inbound\": \"${set_cntinbound}\", \"inbound\": \"${set_inbound}\", \"cnt_outbound\": \"${set_cntoutbound}\", \"outbound\": \"${set_outbound}\", \"port\": \"${set_dport:-"-"}\", \"set_elements\": [ ${set_elements%%??} ] }" >>"${report_jsn}"
+ else
+ printf "%s\n" ", \"${item}\":{ \"cnt_elements\": \"${set_cnt}\", \"cnt_inbound\": \"${set_cntinbound}\", \"inbound\": \"${set_inbound}\", \"cnt_outbound\": \"${set_cntoutbound}\", \"outbound\": \"${set_outbound}\", \"port\": \"${set_dport:-"-"}\", \"set_elements\": [ ${set_elements%%??} ] }" >>"${report_jsn}"
+ fi
+ ) &
+ [ "${cnt}" -eq "1" ] || [ "${cnt}" -gt "${ban_cores}" ] && wait -n
+ cnt="$((cnt + 1))"
+ done
+ wait
+ printf "\n%s\n" "} }" >>"${report_jsn}"
+
+ # add sum statistics
+ #
+ json_init
+ if json_load_file "${report_jsn}" >/dev/null 2>&1; then
+ json_select "sets" >/dev/null 2>&1
+ json_get_keys table_sets >/dev/null 2>&1
+ if [ -n "${table_sets}" ]; then
+ for item in ${table_sets}; do
+ sum_sets="$((sum_sets + 1))"
+ json_select "${item}"
+ json_get_keys set_details
+ for detail in ${set_details}; do
+ case "${detail}" in
+ "cnt_elements")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
+ sum_cntelements="$((sum_cntelements + jsnval))"
+ ;;
+ "set_elements")
+ json_get_values jsnval "${detail}" >/dev/null 2>&1
+ if [ -n "${jsnval}" ]; then
+ jsnval="$(printf "%s" "${jsnval}" | "${ban_wccmd}" -w)"
+ sum_setelements="$((sum_setelements + jsnval))"
+ fi
+ ;;
+ "inbound")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
+ if [ "${jsnval}" = "ON" ]; then
+ sum_setinbound="$((sum_setinbound + 1))"
+ fi
+ ;;
+ "outbound")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
+ if [ "${jsnval}" = "ON" ]; then
+ sum_setoutbound="$((sum_setoutbound + 1))"
+ fi
+ ;;
+ "cnt_inbound")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
+ if [ -n "${jsnval}" ]; then
+ sum_cntinbound="$((sum_cntinbound + jsnval))"
+ fi
+ ;;
+ "cnt_outbound")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
+ if [ -n "${jsnval}" ]; then
+ sum_cntoutbound="$((sum_cntoutbound + jsnval))"
+ fi
+ ;;
+ "port")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
+ if [ "${jsnval}" != "-" ]; then
+ jsnval="${jsnval//[^0-9 ]/}"
+ jsnval="$(printf "%s" "${jsnval}" | "${ban_wccmd}" -w)"
+ sum_setports="$((sum_setports + jsnval))"
+ fi
+ ;;
+ esac
+ done
+ json_select ".."
+ done
+ "${ban_sedcmd}" -i ':a;$!N;1,1ba;P;$d;D' "${report_jsn}"
+ printf "%s\n" "}, \"timestamp\": \"${timestamp}\", \"autoadd_allow\": \"$("${ban_grepcmd}" -c "added on ${timestamp% *}" "${ban_allowlist}")\", \"autoadd_block\": \"$("${ban_grepcmd}" -c "added on ${timestamp% *}" "${ban_blocklist}")\", \"sum_synflood\": \"${sum_synflood}\", \"sum_udpflood\": \"${sum_udpflood}\", \"sum_icmpflood\": \"${sum_icmpflood}\", \"sum_ctinvalid\": \"${sum_ctinvalid}\", \"sum_tcpinvalid\": \"${sum_tcpinvalid}\", \"sum_sets\": \"${sum_sets}\", \"sum_setinbound\": \"${sum_setinbound}\", \"sum_setoutbound\": \"${sum_setoutbound}\", \"sum_cntelements\": \"${sum_cntelements}\", \"sum_cntinbound\": \"${sum_cntinbound}\", \"sum_cntoutbound\": \"${sum_cntoutbound}\", \"sum_setports\": \"${sum_setports}\", \"sum_setelements\": \"${sum_setelements}\" }" >>"${report_jsn}"
+ fi
+ fi
+
+ # retrieve/prepare map data
+ #
+ if [ "${ban_nftcount}" = "1" ] && [ "${ban_map}" = "1" ] && [ "${output}" = "json" ] && [ -s "${report_jsn}" ]; then
+ cnt="1"
+ json_init
+ if json_load_file "${ban_rtfile}" >/dev/null 2>&1; then
+ json_get_values jsnval "active_uplink" >/dev/null 2>&1
+ jsnval="${jsnval//\/[0-9][0-9]/}"
+ jsnval="${jsnval//\/[0-9]/}"
+ jsnval="\"${jsnval// /\", \"}\""
+ if [ "${jsnval}" != '""' ]; then
+ {
+ printf "%s" ",[{}"
+ "${ban_fetchcmd}" ${ban_geoparm} "[ ${jsnval} ]" "${ban_geourl}" 2>/dev/null |
+ "${ban_jsoncmd}" -qe '@[*&&@.status="success"]' | "${ban_awkcmd}" -v feed="homeIP" '{printf ",{\"%s\": %s}\n",feed,$0}'
+ } >>"${map_jsn}"
+ fi
+ fi
+ if [ -s "${map_jsn}" ] && [ "$("${ban_catcmd}" "${map_jsn}")" != ",[{}" ]; then
+ json_init
+ if json_load_file "${report_jsn}" >/dev/null 2>&1; then
+ json_select "sets" >/dev/null 2>&1
+ json_get_keys table_sets >/dev/null 2>&1
+ if [ -n "${table_sets}" ]; then
+ for item in ${table_sets}; do
+ json_select "${item}"
+ json_get_keys set_details
+ for detail in ${set_details}; do
+ if [ "${detail}"="set_elements" ]; then
+ json_get_values jsnval "${detail}" >/dev/null 2>&1
+ jsnval="\"${jsnval// /\", \"}\""
+ fi
+ done
+ if [ "${jsnval}" != '""' ]; then
+ quantity="0"
+ chunk=""
+ (
+ for ip in ${jsnval}; do
+ chunk="${chunk} ${ip}"
+ quantity="$((quantity + 1))"
+ if [ "${quantity}" -eq "100" ]; then
+ "${ban_fetchcmd}" ${ban_geoparm} "[ ${chunk%%?} ]" "${ban_geourl}" 2>/dev/null |
+ "${ban_jsoncmd}" -qe '@[*&&@.status="success"]' | "${ban_awkcmd}" -v feed="${item}" '{printf ",{\"%s\": %s}\n",feed,$0}' >>"${map_jsn}"
+ chunk=""
+ quantity="0"
+ fi
+ done
+ if [ "${quantity}" -gt "0" ]; then
+ "${ban_fetchcmd}" ${ban_geoparm} "[ ${chunk} ]" "${ban_geourl}" 2>/dev/null |
+ "${ban_jsoncmd}" -qe '@[*&&@.status="success"]' | "${ban_awkcmd}" -v feed="${item}" '{printf ",{\"%s\": %s}\n",feed,$0}' >>"${map_jsn}"
+ fi
+ ) &
+ [ "${cnt}" -gt "${ban_cores}" ] && wait -n
+ cnt="$((cnt + 1))"
+ fi
+ json_select ".."
+ done
+ wait
+ fi
+ fi
+ fi
+ fi
# text output preparation
#
if [ "${output}" != "json" ] && [ -s "${report_jsn}" ]; then
- : >"${report_txt}"
json_init
if json_load_file "${report_jsn}" >/dev/null 2>&1; then
json_get_var timestamp "timestamp" >/dev/null 2>&1
printf "%s\n\n" " auto-added IPs to blocklist: ${autoadd_block}"
json_select "sets" >/dev/null 2>&1
json_get_keys table_sets >/dev/null 2>&1
+ table_sets="$(printf "%s\n" ${table_sets} | "${ban_sortcmd}")"
if [ -n "${table_sets}" ]; then
printf "%-25s%-15s%-24s%-24s%-24s%-24s\n" " Set" "| Count " "| Inbound (packets)" "| Outbound (packets)" "| Port/Protocol " "| Elements "
printf "%s\n" " ---------------------+--------------+-----------------------+-----------------------+-----------------------+------------------------"
json_select "${item}"
json_get_keys set_details
for detail in ${set_details}; do
- json_get_var jsnval "${detail}" >/dev/null 2>&1
case "${detail}" in
"cnt_elements")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
printf "%-15s" "| ${jsnval}"
;;
"cnt_inbound" | "cnt_outbound")
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
[ -n "${jsnval}" ] && tmp_val=": ${jsnval}"
;;
"set_elements")
+ json_get_values jsnval "${detail}" >/dev/null 2>&1
+ jsnval="${jsnval// /, }"
printf "%-24s" "| ${jsnval:0:24}"
- jsnval="${jsnval:24}"
+ jsnval="${jsnval:24}"
while [ -n "${jsnval}" ]; do
printf "\n%-25s%-15s%-24s%-24s%-24s%-24s" "" "|" "|" "|" "|" "| ${jsnval:0:24}"
jsnval="${jsnval:24}"
done
;;
*)
+ json_get_var jsnval "${detail}" >/dev/null 2>&1
printf "%-24s" "| ${jsnval}${tmp_val}"
tmp_val=""
;;
case "${output}" in
"text")
[ -s "${report_txt}" ] && "${ban_catcmd}" "${report_txt}"
+ : >"${report_txt}"
;;
"json")
- [ -s "${report_jsn}" ] && "${ban_catcmd}" "${report_jsn}"
+ if [ "${ban_nftcount}" = "1" ] && [ "${ban_map}" = "1" ]; then
+ jsn="$("${ban_catcmd}" ${report_jsn} ${map_jsn})"
+ printf "[%s]]\n" "${jsn}"
+ else
+ jsn="$("${ban_catcmd}" ${report_jsn})"
+ printf "%s\n" "${jsn}"
+ fi
;;
"mail")
[ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
+ : >"${report_txt}"
;;
esac
- : >"${report_txt}"
}
# Set search
printf "%s " "${item}" >>"${result}"
fi
) &
- hold="$((cnt % ban_cores))"
- [ "${hold}" = "0" ] && wait -n
+ [ "${cnt}" -gt "${ban_cores}" ] && wait -n
cnt="$((cnt + 1))"
done
wait
fi
}
-# Set survey
+# Set content
#
-f_survey() {
- local set_elements input="${1}"
+f_content() {
+ local set_raw set_elements input="${1}"
if [ -z "${input}" ]; then
- printf "%s\n%s\n%s\n" ":::" "::: no valid survey input" ":::"
+ printf "%s\n%s\n%s\n" ":::" "::: no valid Set input" ":::"
return
fi
+ set_raw="$("${ban_nftcmd}" -j list set inet banIP "${input}" 2>/dev/null)"
if [ "$(uci_get banip global ban_nftcount)" = "1" ]; then
- set_elements="$("${ban_nftcmd}" -j list set inet banIP "${input}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*].elem.val')"
+ set_elements="$(printf "%s" "${set_raw}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*].elem.val')"
else
- set_elements="$("${ban_nftcmd}" -j list set inet banIP "${input}" 2>/dev/null | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]')"
+ set_elements="$(printf "%s" "${set_raw}" | "${ban_jsoncmd}" -qe '@.nftables[*].set.elem[*]')"
fi
- printf "%s\n%s\n%s\n" ":::" "::: banIP Survey" ":::"
- printf " %s\n" "List of elements in the Set '${input}' on $(date "+%Y-%m-%d %H:%M:%S")"
+ printf "%s\n%s\n%s\n" ":::" "::: banIP Set Content" ":::"
+ printf " %s\n" "List elements of the Set '${input}' on $(date "+%Y-%m-%d %H:%M:%S")"
printf " %s\n" "---"
[ -n "${set_elements}" ] && printf "%s\n" "${set_elements}" || printf " %s\n" "empty Set"
}
ban_ubuscmd="$(f_cmd ubus)"
ban_zcatcmd="$(f_cmd zcat)"
ban_gzipcmd="$(f_cmd gzip)"
+ban_sortcmd="$(f_cmd sort)"
ban_wccmd="$(f_cmd wc)"
f_system
#
if [ "${feed}" = "allowlist" ] || [ "${feed}" = "blocklist" ]; then
for proto in 4MAC 6MAC 4 6; do
- [ "${feed}" = "blocklist" ] && wait
f_down "${feed}" "${proto}" "-" "-" "inout"
done
continue
f_down "${feed}" "4" "${feed_url_4}" "${feed_rule_4}" "${feed_chain:-"in"}" "${feed_flag}"
else
(f_down "${feed}" "4" "${feed_url_4}" "${feed_rule_4}" "${feed_chain:-"in"}" "${feed_flag}") &
- hold="$((cnt % ban_cores))"
- [ "${hold}" = "0" ] && wait -n
+ [ "${cnt}" -gt "${ban_cores}" ] && wait -n
cnt="$((cnt + 1))"
fi
fi
done
else
(f_down "${feed}" "6" "${feed_url_6}" "${feed_rule_6}" "${feed_chain:-"in"}" "${feed_flag}") &
+ [ "${cnt}" -gt "${ban_cores}" ] && wait -n
cnt="$((cnt + 1))"
- hold="$((cnt % ban_cores))"
- [ "${hold}" = "0" ] && wait -n
fi
fi
done
+wait
f_rmset
f_rmdir "${ban_tmpdir}"
f_genstatus "active"
cnt="1"
for list in allowlist blocklist; do
(f_lookup "${list}") &
- hold="$((cnt % ban_cores))"
- [ "${hold}" = "0" ] && wait -n
+ [ "${cnt}" -gt "${ban_cores}" ] && wait -n
cnt="$((cnt + 1))"
done
wait
{
- "adaway":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adaway-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adaway-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "adaway IPs",
- "flag": "tcp udp 80 443"
- },
- "adguard":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguard-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguard-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "adguard IPs",
- "flag": "tcp udp 80 443"
- },
- "adguardtrackers":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguardtrackers-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguardtrackers-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "adguardtracker IPs",
- "flag": "tcp udp 80 443"
- },
- "antipopads":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/antipopads-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/antipopads-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "antipopads IPs",
- "flag": "tcp udp 80 443"
- },
"asn":{
"url_4": "https://asn.ipinfo.app/api/text/list/",
"url_6": "https://asn.ipinfo.app/api/text/list/",
"descr": "iX spam protection",
"flag": "gz"
},
- "oisdbig":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdbig-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdbig-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "OISD-big IPs",
- "flag": "tcp udp 80 443"
- },
- "oisdnsfw":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdnsfw-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdnsfw-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "OISD-nsfw IPs",
- "flag": "tcp udp 80 443"
- },
- "oisdsmall":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdsmall-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdsmall-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "OISD-small IPs",
- "flag": "tcp udp 80 443"
- },
"pallebone":{
"url_4": "https://raw.githubusercontent.com/pallebone/StrictBlockPAllebone/master/BlockIP.txt",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"chain": "in",
"descr": "open proxies"
},
- "stevenblack":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "stevenblack IPs",
- "flag": "tcp udp 80 443"
- },
"threat":{
"url_4": "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"chain": "in",
"descr": "malware related IPs"
- },
- "yoyo":{
- "url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/yoyo-ipv4.txt",
- "url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/yoyo-ipv6.txt",
- "rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
- "chain": "out",
- "descr": "yoyo IPs",
- "flag": "tcp udp 80 443"
}
}
extra_command "report" "[text|json|mail] Print banIP related Set statistics"
extra_command "search" "[<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP Set"
-extra_command "survey" "[<Set name>] List all elements of a given banIP Set"
+extra_command "content" "[<Set name>] List all elements of a given banIP Set"
ban_init="/etc/init.d/banip"
ban_service="/usr/bin/banip-service.sh"
if [ "${action}" = "boot" ] && "${ban_init}" running; then
exit 0
elif { [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] ||
- [ "${action}" = "survey" ] || [ "${action}" = "lookup" ]; } && ! "${ban_init}" running; then
+ [ "${action}" = "content" ] || [ "${action}" = "lookup" ]; } && ! "${ban_init}" running; then
exit 0
fi
if [ ! -d "${ban_lock}" ] &&
rm -rf "${ban_lock}"
}
-survey() {
- f_survey "${1}"
+content() {
+ f_content "${1}"
}
service_triggers() {
projects / feed / packages.git / commitdiff