openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-21 23:34:31 +04:00
Code Issues Packages Projects Releases Wiki Activity

banip: update 0.9.5-4

Browse Source 
* optimized adding suspicious IPs to Sets in the log monitor
* re-added ipblackhole feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken
2024-05-01 15:02:44 +02:00
parent 8c2ec57462
commit 4d7c38c770
4 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
net/banip/Makefile
View File

@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip PKG_NAME:=banip
PKG_VERSION:=0.9.5 PKG_VERSION:=0.9.5
PKG_RELEASE:=3 PKG_RELEASE:=4
PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org> PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

1
net/banip/files/README.md
View File

@@ -37,6 +37,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
| greensnow | suspicious server IPs | x | x | | | [Link](https://greensnow.co) | | greensnow | suspicious server IPs | x | x | | | [Link](https://greensnow.co) |
| iblockads | Advertising IPs | | | x | tcp: 80, 443 | [Link](https://www.iblocklist.com) | | iblockads | Advertising IPs | | | x | tcp: 80, 443 | [Link](https://www.iblocklist.com) |
| iblockspy | Malicious spyware IPs | | | x | tcp: 80, 443 | [Link](https://www.iblocklist.com) | | iblockspy | Malicious spyware IPs | | | x | tcp: 80, 443 | [Link](https://www.iblocklist.com) |
| ipblackhole | blackhole IPs | x | x | | | [Link](https://github.com/BlackHoleMonster/IP-BlackHole) |
| ipsum | malicious IPs | x | x | | | [Link](https://github.com/stamparm/ipsum) | | ipsum | malicious IPs | x | x | | | [Link](https://github.com/stamparm/ipsum) |
| ipthreat | hacker and botnet TPs | x | x | | | [Link](https://ipthreat.net) | | ipthreat | hacker and botnet TPs | x | x | | | [Link](https://ipthreat.net) |
| myip | real-time IP blocklist | x | x | | | [Link](https://myip.ms) | | myip | real-time IP blocklist | x | x | | | [Link](https://myip.ms) |

11
net/banip/files/banip-functions.sh
View File

@@ -1354,6 +1354,7 @@ f_report() {
local report_jsn report_txt tmp_val ruleset_raw item table_sets set_cnt set_input set_forwardwan set_forwardlan set_cntinput set_cntforwardwan set_cntforwardlan set_proto set_dport set_details local report_jsn report_txt tmp_val ruleset_raw item table_sets set_cnt set_input set_forwardwan set_forwardlan set_cntinput set_cntforwardwan set_cntforwardlan set_proto set_dport set_details
local expr detail jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan local expr detail jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan
local sum_synflood sum_udpflood sum_icmpflood sum_ctinvalid sum_tcpinvalid output="${1}" local sum_synflood sum_udpflood sum_icmpflood sum_ctinvalid sum_tcpinvalid output="${1}"
[ -z "${ban_dev}" ] && f_conf [ -z "${ban_dev}" ] && f_conf
f_mkdir "${ban_reportdir}" f_mkdir "${ban_reportdir}"
report_jsn="${ban_reportdir}/ban_report.jsn" report_jsn="${ban_reportdir}/ban_report.jsn"
@@ -1549,7 +1550,7 @@ f_report() {
[ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
;; ;;
esac esac
rm -f "${report_txt}" : >"${report_txt}"
} }
# Set search # Set search
@@ -1682,6 +1683,9 @@ f_monitor() {
log_raw="$(eval ${loglimit_cmd})" log_raw="$(eval ${loglimit_cmd})"
log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")" log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP '${ip}'")"
if [ "${log_count}" -ge "${ban_logcount}" ]; then if [ "${log_count}" -ge "${ban_logcount}" ]; then
if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" { ${ip} ${nft_expiry} } >/dev/null 2>&1; then
f_log "info" "add IP '${ip}' (expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set"
fi
if [ "${ban_autoblocksubnet}" = "1" ]; then if [ "${ban_autoblocksubnet}" = "1" ]; then
rdap_log="$("${ban_fetchcmd}" ${ban_rdapparm} "${ban_rdapfile}" "${ban_rdapurl}${ip}" 2>&1)" rdap_log="$("${ban_fetchcmd}" ${ban_rdapparm} "${ban_rdapfile}" "${ban_rdapurl}${ip}" 2>&1)"
rdap_rc="${?}" rdap_rc="${?}"
@@ -1700,11 +1704,6 @@ f_monitor() {
f_log "info" "rdap request failed (rc: ${rdap_rc:-"-"}/log: ${rdap_log})" f_log "info" "rdap request failed (rc: ${rdap_rc:-"-"}/log: ${rdap_log})"
fi fi
fi fi
if [ "${ban_autoblocksubnet}" = "0" ] || [ "${rdap_rc}" != "0" ] || [ ! -s "${ban_rdapfile}" ] || [ -z "${rdap_prefix}" ] || [ -z "${rdap_length}" ]; then
if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" { ${ip} ${nft_expiry} } >/dev/null 2>&1; then
f_log "info" "add IP '${ip}' (expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set"
fi
fi
if [ -z "${ban_nftexpiry}" ] && [ "${ban_autoblocklist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; then if [ -z "${ban_nftexpiry}" ] && [ "${ban_autoblocklist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; then
printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}" printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
f_log "info" "add IP '${ip}' to local blocklist" f_log "info" "add IP '${ip}' to local blocklist"

5
net/banip/files/banip.feeds
View File

@@ -154,6 +154,11 @@
"descr": "malicious spyware IPs", "descr": "malicious spyware IPs",
"flag": "gz tcp 80 443" "flag": "gz tcp 80 443"
}, },
"ipblackhole":{
"url_4": "https://blackhole.s-e-r-v-e-r.pw/blackhole-today",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"descr": "blackhole IP blocklist"
},
"ipsum":{ "ipsum":{
"url_4": "https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt", "url_4": "https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}", "rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}",