| nixspam | iX spam protection | [Link](http://www.nixspam.org) |
| proxy | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists) |
| ssbl | SSL botnet IP blacklist | [Link](https://sslbl.abuse.ch) |
+| talos | Cisco Talos IP Blacklist | [Link](https://talosintelligence.com/reputation_center) |
| threat | Emerging Threats | [Link](https://rules.emergingthreats.net) |
| tor | Tor exit nodes | [Link](https://fissionrelays.net/lists) |
| uceprotect1 | Spam protection level 1 | [Link](http://www.uceprotect.net/en/index.php) |
* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest rolling snapshot releases. On turris devices it has been successfully tested with TurrisOS 5.2.x
<b>Please note:</b> Older OpenWrt releases like 18.06.x or 17.01.x are _not_ supported!
<b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!
+ <b>Please note:</b> If you're updating from former banIP 0.3x please manually remove your config (/etc/config/banip) before you start!
* A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
* Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
-ban_ver="0.7.2"
+ban_ver="0.7.3"
ban_enabled="0"
ban_mail_enabled="0"
ban_proto4_enabled="0"
#
if [ "${ban_enabled}" = "0" ]
then
+ f_bgsrv "stop"
f_ipset "destroy"
f_jsnup "disabled"
f_rmbckp
f_rmtmp
- f_bgsrv "stop"
f_log "info" "banIP is currently disabled, please set the config option 'ban_enabled' to '1' to use this service"
exit 0
fi
return "${out_rc}"
;;
"create")
- if [ "${src_name}" = "maclist" ] && [ -s "${tmp_file}" ] && [ -z "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
- then
- "${ban_ipset_cmd}" create "${src_name}" hash:mac maxelem 262144 counters timeout "${ban_maclist_timeout:-"0"}"
- out_rc="${?}"
- elif [ -s "${tmp_file}" ] && [ -z "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
+ if [ -s "${tmp_file}" ] && [ -z "$("${ban_ipset_cmd}" -q -n list "${src_name}")" ]
then
- if [ "${src_name%_*}" = "whitelist" ]
+ cnt="$(awk 'END{print NR}' "${tmp_file}" 2>/dev/null)"
+ cnt=$((cnt+262144))
+ if [ "${src_name}" = "maclist" ]
+ then
+ "${ban_ipset_cmd}" create "${src_name}" hash:mac hashsize 64 maxelem "${cnt}" counters timeout "${ban_maclist_timeout:-"0"}"
+ out_rc="${?}"
+ elif [ "${src_name%_*}" = "whitelist" ]
then
- "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem 262144 family "${src_ipver}" counters timeout "${ban_whitelist_timeout:-"0"}"
+ "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem "${cnt}" family "${src_ipver}" counters timeout "${ban_whitelist_timeout:-"0"}"
out_rc="${?}"
elif [ "${src_name%_*}" = "blacklist" ]
then
- "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem 262144 family "${src_ipver}" counters timeout "${ban_blacklist_timeout:-"0"}"
+ "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem "${cnt}" family "${src_ipver}" counters timeout "${ban_blacklist_timeout:-"0"}"
out_rc="${?}"
else
- "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem 262144 family "${src_ipver}" counters
+ "${ban_ipset_cmd}" create "${src_name}" hash:net hashsize 64 maxelem "${cnt}" family "${src_ipver}" counters
out_rc="${?}"
fi
else
f_log "debug" "f_ipset ::: name: ${src:-"-"}, mode: ${mode:-"-"}"
;;
"resume")
- "${ban_ipset_cmd}" -q -! restore < "${ban_backupdir}/${src_name}.file"
- out_rc="${?}"
- if [ "${out_rc}" = "0" ]
+ if [ -f "${ban_backupdir}/${src_name}.file" ]
then
- rm -f "${ban_backupdir}/${src_name}.file"
- src_list="$("${ban_ipset_cmd}" -q list "${src_name}")"
- cnt="$(printf "%s\n" "${src_list}" | awk '/^Number of entries:/{print $4}')"
- cnt_mac="$(printf "%s\n" "${src_list}" | grep -cE "^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets)")"
- cnt_cidr="$(printf "%s\n" "${src_list}" | grep -cE "(/[0-9]{1,3} packets)")"
- cnt_ip=$((cnt-cnt_cidr-cnt_mac))
- printf "%s\n" "${cnt}" > "${tmp_cnt}"
+ "${ban_ipset_cmd}" -q -! restore < "${ban_backupdir}/${src_name}.file"
+ out_rc="${?}"
+ if [ "${out_rc}" = "0" ]
+ then
+ rm -f "${ban_backupdir}/${src_name}.file"
+ src_list="$("${ban_ipset_cmd}" -q list "${src_name}")"
+ cnt="$(printf "%s\n" "${src_list}" | awk '/^Number of entries:/{print $4}')"
+ cnt_mac="$(printf "%s\n" "${src_list}" | grep -cE "^(([0-9A-Z][0-9A-Z]:){5}[0-9A-Z]{2} packets)")"
+ cnt_cidr="$(printf "%s\n" "${src_list}" | grep -cE "(/[0-9]{1,3} packets)")"
+ cnt_ip=$((cnt-cnt_cidr-cnt_mac))
+ printf "%s\n" "${cnt}" > "${tmp_cnt}"
+ fi
+ f_iptables
fi
- f_iptables
end_ts="$(date +%s)"
out_rc="${out_rc:-"${in_rc}"}"
f_log "debug" "f_ipset ::: name: ${src_name:-"-"}, mode: ${mode:-"-"}, ipver: ${src_ipver:-"-"}, settype: ${src_settype:-"-"}, count(sum/ip/cidr/mac): ${cnt}/${cnt_ip}/${cnt_cidr}/${cnt_mac}, time: $((end_ts-start_ts)), out_rc: ${out_rc}"
fi
if [ -n "$(printf "%s\n" "${ban_logterms}" | grep -F "nginx")" ]
then
- ban_search="${ban_search}nginx\[[0-9]+\]:.*\[error\].*open().*client: [[:alnum:].:]+"
+ ban_search="${ban_search}nginx\[[0-9]+\]:.*\[error\].*open().*client: [[:alnum:].:]+|"
fi
- ( "${ban_logservice}" "${ban_ver}" "${ban_search}" & )
+ ( "${ban_logservice}" "${ban_ver}" "${ban_search%?}" & )
elif [ "${action}" = "stop" ] && [ -n "${bg_pid}" ]
then
kill -HUP "${bg_pid}" 2>/dev/null
f_load
case "${ban_action}" in
"stop")
+ f_bgsrv "stop"
f_ipset "destroy"
f_jsnup "stopped"
f_rmbckp
- f_bgsrv "stop"
;;
"restart")
f_ipset "destroy"
"suspend")
if [ "${ban_status}" = "enabled" ]
then
+ f_bgsrv "stop"
f_jsnup "running"
f_ipset "suspend"
f_jsnup "paused"
- f_bgsrv "stop"
fi
f_rmtmp
;;
"focus": "SSL botnet IP blacklist",
"descurl": "https://sslbl.abuse.ch"
},
+ "talos": {
+ "url_4": "https://www.talosintelligence.com/documents/ip-blacklist",
+ "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add talos_4 \"$1}",
+ "focus": "Cisco Talos IP Blacklist",
+ "descurl": "https://talosintelligence.com/reputation_center"
+ },
"threat": {
"url_4": "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add threat_4 \"$1}",
projects / feed / packages.git / commitdiff