#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-ban_ver="0.0.5"
+ban_ver="0.0.6"
ban_sysver="unknown"
ban_enabled=0
ban_automatic="1"
ban_debug=0
ban_maxqueue=8
ban_fetchutil="uclient-fetch"
+ban_ip="$(command -v ip)"
ban_ipt="$(command -v iptables)"
ban_ipt_save="$(command -v iptables-save)"
ban_ipt_restore="$(command -v iptables-restore)"
#
f_envcheck()
{
- local ssl_lib
+ local ssl_lib tmp
# check fetch utility
#
network_find_wan6 ban_iface
fi
fi
- network_get_device ban_dev "${ban_iface}"
- network_get_subnets ban_subnets "${ban_iface}"
- network_get_subnets6 ban_subnets6 "${ban_iface}"
+
+ for iface in ${ban_iface}
+ do
+ network_get_physdev tmp "${iface}"
+ if [ -n "${tmp}" ]
+ then
+ ban_dev="${ban_dev} ${tmp}"
+ fi
+ network_get_subnets tmp "${iface}"
+ if [ -n "${tmp}" ]
+ then
+ ban_subnets="${ban_subnets} ${tmp}"
+ fi
+ network_get_subnets6 tmp "${iface}"
+ if [ -n "${tmp}" ]
+ then
+ ban_subnets6="${ban_subnets6} ${tmp}"
+ fi
+ done
if [ -z "${ban_iface}" ] || [ -z "${ban_dev}" ]
then
- f_log "err" "wan interface/device (${ban_iface:-"-"}/${ban_dev:-"-"}) not found, please please check your configuration"
+ f_log "err" "wan interface(s)/device(s) (${ban_iface:-"-"}/${ban_dev:-"-"}) not found, please please check your configuration"
fi
+ ban_dev_all="$(${ban_ip} link show | awk 'BEGIN{FS="[@: ]"}/^[0-9:]/{if(($3!="lo")&&($3!="br-lan")){print $3}}')"
uci_set banip global ban_iface "${ban_iface}"
uci_commit banip
#
f_iptadd()
{
- local rm="${1}"
+ local rm="${1}" dev
- f_iptrule "-D" "${ban_chain} -i ${ban_dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${target_src}"
- f_iptrule "-D" "${ban_chain} -o ${ban_dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${target_dst}"
+ for dev in ${ban_dev_all}
+ do
+ f_iptrule "-D" "${ban_chain} -i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${target_src}"
+ f_iptrule "-D" "${ban_chain} -o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${target_dst}"
+ done
if [ -z "${rm}" ] && [ ${cnt} -gt 0 ]
then
fi
f_iptrule "-A" "${wan_input} -j ${ban_chain}"
f_iptrule "-A" "${wan_forward} -j ${ban_chain}"
- f_iptrule "${action:-"-A"}" "${ban_chain} -i ${ban_dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${target_src}"
+ for dev in ${ban_dev}
+ do
+ f_iptrule "${action:-"-A"}" "${ban_chain} -i ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} src -j ${target_src}"
+ done
fi
if [ "${src_ruletype}" != "src" ]
then
fi
f_iptrule "-A" "${lan_input} -j ${ban_chain}"
f_iptrule "-A" "${lan_forward} -j ${ban_chain}"
- f_iptrule "${action:-"-A"}" "${ban_chain} -o ${ban_dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${target_dst}"
+ for dev in ${ban_dev}
+ do
+ f_iptrule "${action:-"-A"}" "${ban_chain} -o ${dev} -m conntrack --ctstate NEW -m set --match-set ${src_name} dst -j ${target_dst}"
+ done
fi
else
if [ -n "$("${ban_ipset}" -n list "${src_name}" 2>/dev/null)" ]
mem_total="$(awk '/^MemTotal/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
mem_free="$(awk '/^MemFree/ {print int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
- f_log "debug" "f_main ::: fetch_util: ${ban_fetchinfo:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, iface: ${ban_iface:-"-"}, dev: ${ban_dev:-"-"}, mem_total: ${mem_total:-0}, mem_free: ${mem_free:-0}, max_queue: ${ban_maxqueue}"
+ f_log "debug" "f_main ::: fetch_util: ${ban_fetchinfo:-"-"}, fetch_parm: ${ban_fetchparm:-"-"}, interface(s): ${ban_iface:-"-"}, device(s): ${ban_dev:-"-"}, all_devices: ${ban_dev_all:-"-"}, mem_total: ${mem_total:-0}, mem_free: ${mem_free:-0}, max_queue: ${ban_maxqueue}"
f_ipset initial
then
f_ipset flush
continue
+ elif [ "${ban_action}" = "refresh" ]
+ then
+ f_ipset refresh
+ continue
fi
# download queue processing
f_ipset destroy
f_rmtemp
;;
- start|restart|reload)
+ start|restart|reload|refresh)
f_envcheck
f_main
;;
projects / feed / packages.git / commitdiff