banip: update 0.8.4-2
* fix domain lookup function (parse banIP config vars) * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken
parent
130e63931f
commit
16acda2262
|
|
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=banip
|
||||
PKG_VERSION:=0.8.4
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
|
||||
|
||||
|
|
|
|||
|
|
@ -124,57 +124,57 @@ Available commands:
|
|||
|
||||
## banIP config options
|
||||
|
||||
| Option | Type | Default | Description |
|
||||
| :---------------------- | :----- | :---------------------------- | :-------------------------------------------------------------------------------------------- |
|
||||
| ban_enabled | option | 0 | enable the banIP service |
|
||||
| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
|
||||
| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
|
||||
| ban_loglimit | option | 100 | scan only the last n log entries permanently. Set it to '0' to disable the monitor |
|
||||
| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
|
||||
| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
|
||||
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
|
||||
| ban_debug | option | 0 | enable banIP related debug logging |
|
||||
| ban_loginput | option | 1 | log drops in the wan-input chain |
|
||||
| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
|
||||
| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
|
||||
| ban_autoallowlist | option | 1 | add wan IPs/subnets automatically to the local allowlist |
|
||||
| ban_autoblocklist | option | 1 | add suspicious attacker IPs automatically to the local blocklist |
|
||||
| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
|
||||
| ban_basedir | option | /tmp | base working directory while banIP processing |
|
||||
| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
|
||||
| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
|
||||
| ban_protov4 | option | - / autodetect | enable IPv4 support |
|
||||
| ban_protov6 | option | - / autodetect | enable IPv4 support |
|
||||
| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
|
||||
| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
|
||||
| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
|
||||
| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
|
||||
| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
|
||||
| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
|
||||
| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
|
||||
| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
|
||||
| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
|
||||
| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
|
||||
| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
|
||||
| ban_nftpolicy | option | memory | nft policy for banIP-related sets, values: memory, performance |
|
||||
| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
|
||||
| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
|
||||
| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
|
||||
| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
|
||||
| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
|
||||
| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
|
||||
| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
|
||||
| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
|
||||
| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
|
||||
| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
|
||||
| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
|
||||
| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
|
||||
| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
|
||||
| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
|
||||
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
|
||||
| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
|
||||
| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
|
||||
| ban_resolver | option | - | external resolver used for DNS lookups |
|
||||
| Option | Type | Default | Description |
|
||||
| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- |
|
||||
| ban_enabled | option | 0 | enable the banIP service |
|
||||
| ban_nicelimit | option | 0 | ulimit nice level of the banIP service (range 0-19) |
|
||||
| ban_filelimit | option | 1024 | ulimit max open/number of files (range 1024-4096) |
|
||||
| ban_loglimit | option | 100 | scan only the last n log entries permanently. Set it to '0' to disable the monitor |
|
||||
| ban_logcount | option | 1 | how many times the IP must appear in the log to be considered as suspicious |
|
||||
| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
|
||||
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
|
||||
| ban_debug | option | 0 | enable banIP related debug logging |
|
||||
| ban_loginput | option | 1 | log drops in the wan-input chain |
|
||||
| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
|
||||
| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
|
||||
| ban_autoallowlist | option | 1 | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets) |
|
||||
| ban_autoblocklist | option | 1 | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
|
||||
| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
|
||||
| ban_basedir | option | /tmp | base working directory while banIP processing |
|
||||
| ban_reportdir | option | /tmp/banIP-report | directory where banIP stores the report files |
|
||||
| ban_backupdir | option | /tmp/banIP-backup | directory where banIP stores the compressed backup files |
|
||||
| ban_protov4 | option | - / autodetect | enable IPv4 support |
|
||||
| ban_protov6 | option | - / autodetect | enable IPv4 support |
|
||||
| ban_ifv4 | list | - / autodetect | logical wan IPv4 interfaces, e.g. 'wan' |
|
||||
| ban_ifv6 | list | - / autodetect | logical wan IPv6 interfaces, e.g. 'wan6' |
|
||||
| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
|
||||
| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
|
||||
| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
|
||||
| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
|
||||
| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
|
||||
| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
|
||||
| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
|
||||
| ban_nftloglevel | option | warn | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug |
|
||||
| ban_nftpriority | option | -200 | nft priority for the banIP table (default is the prerouting table priority) |
|
||||
| ban_nftpolicy | option | memory | nft policy for banIP-related sets, values: memory, performance |
|
||||
| ban_nftexpiry | option | - | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d' |
|
||||
| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
|
||||
| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
|
||||
| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
|
||||
| ban_blockpolicy | option | - | limit the default block policy to a certain chain, e.g. 'input', 'forwardwan' or 'forwardlan' |
|
||||
| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
|
||||
| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
|
||||
| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
|
||||
| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
|
||||
| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
|
||||
| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
|
||||
| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
|
||||
| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
|
||||
| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
|
||||
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
|
||||
| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
|
||||
| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
|
||||
| ban_resolver | option | - | external resolver used for DNS lookups |
|
||||
|
||||
## Examples
|
||||
**banIP report information**
|
||||
|
|
|
|||
|
|
@ -1018,6 +1018,7 @@ f_getstatus() {
|
|||
f_lookup() {
|
||||
local cnt list domain lookup ip elementsv4 elementsv6 start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}"
|
||||
|
||||
[ -z "${ban_dev}" ] && f_conf
|
||||
start_time="$(date "+%s")"
|
||||
if [ "${feed}" = "allowlist" ]; then
|
||||
list="$("${ban_awkcmd}" '/^([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+([[:space:]]|$)/{printf "%s ",tolower($1)}' "${ban_allowlist}" 2>/dev/null)"
|
||||
|
|
|
|||
Loading…
Reference in New Issue