Compare commits
4 Commits
353e25a2ff
...
f77f846ddf
Author | SHA1 | Date |
---|---|---|
hev | f77f846ddf | |
Dirk Brenken | 2c6d5adac0 | |
Josef Schlehofer | 9d49df0dab | |
Ray Wang | 4cfdd426df |
|
@ -1,8 +1,8 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=syslog-ng
|
||||
PKG_VERSION:=4.6.0
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=4.7.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
|
||||
PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
|
||||
|
@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
|
|||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
|
||||
PKG_HASH:=b69e3360dfb96a754a4e1cbead4daef37128b1152a23572356db4ab64a475d4f
|
||||
PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_INSTALL:=1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Collect all local logs into a single file /var/log/messages.
|
||||
# See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
|
||||
|
||||
@version: 4.6
|
||||
@version: 4.7
|
||||
@include "scl.conf"
|
||||
|
||||
options {
|
||||
|
|
|
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=banip
|
||||
PKG_VERSION:=0.9.5
|
||||
PKG_RELEASE:=2
|
||||
PKG_RELEASE:=3
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
|
|||
| adguard | adguard IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
|
||||
| adguardtrackers | adguardtracker IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
|
||||
| antipopads | antipopads IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
|
||||
| asn | ASN segments | | | x | tcp: 80, 443 | [Link](https://asn.ipinfo.app) |
|
||||
| asn | ASN segments | x | x | x | | [Link](https://asn.ipinfo.app) |
|
||||
| backscatterer | backscatterer IPs | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
|
||||
| becyber | malicious attacker IPs | x | x | | | [Link](https://github.com/duggytuxy/malicious_ip_addresses) |
|
||||
| binarydefense | binary defense banlist | x | x | | | [Link](https://iplists.firehol.org/?ipset=bds_atif) |
|
||||
|
@ -114,7 +114,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
|
|||
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
|
||||
* If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
|
||||
* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
|
||||
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
|
||||
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs, see the options reference table below
|
||||
|
||||
## banIP CLI interface
|
||||
* All important banIP functions are accessible via CLI.
|
||||
|
@ -428,12 +428,12 @@ A valid JSON source object contains the following information, e.g.:
|
|||
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
|
||||
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
|
||||
"descr": "tor exit nodes",
|
||||
"flag": "tcp 80-89 443"
|
||||
"flag": "gz tcp 80-88 udp 50000"
|
||||
},
|
||||
[...]
|
||||
```
|
||||
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
|
||||
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations.
|
||||
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
|
||||
|
||||
## Support
|
||||
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
|
||||
|
|
|
@ -595,24 +595,30 @@ f_etag() {
|
|||
# build initial nft file with base table, chains and rules
|
||||
#
|
||||
f_nftinit() {
|
||||
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc allow_proto allow_dport flag file="${1}"
|
||||
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc flag tmp_proto tmp_port allow_dport file="${1}"
|
||||
|
||||
wan_dev="$(printf "%s" "${ban_dev}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
|
||||
[ -n "${ban_vlanallow}" ] && vlan_allow="$(printf "%s" "${ban_vlanallow%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
|
||||
[ -n "${ban_vlanblock}" ] && vlan_block="$(printf "%s" "${ban_vlanblock%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
|
||||
|
||||
for flag in ${ban_allowflag}; do
|
||||
if [ -z "${allow_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
|
||||
allow_proto="${flag}"
|
||||
elif [ -n "${allow_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${allow_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
if [ -z "${allow_dport}" ]; then
|
||||
allow_dport="${flag}"
|
||||
else
|
||||
allow_dport="${allow_dport}, ${flag}"
|
||||
if [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
|
||||
if [ -z "${tmp_proto}" ]; then
|
||||
tmp_proto="${flag}"
|
||||
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
tmp_proto="${tmp_proto}, ${flag}"
|
||||
fi
|
||||
elif [ -n "${flag//[![:digit]-]/}" ]; then
|
||||
if [ -z "${tmp_port}" ]; then
|
||||
tmp_port="${flag}"
|
||||
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
tmp_port="${tmp_port}, ${flag}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
[ -n "${allow_dport}" ] && allow_dport="${allow_proto} dport { ${allow_dport} }"
|
||||
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
|
||||
allow_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
|
||||
fi
|
||||
|
||||
if [ "${ban_logprerouting}" = "1" ]; then
|
||||
log_icmp="log level ${ban_nftloglevel} prefix \"banIP/pre-icmp/drop: \""
|
||||
|
@ -697,7 +703,7 @@ f_nftinit() {
|
|||
#
|
||||
f_down() {
|
||||
local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc
|
||||
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_proto feed_dport feed_target
|
||||
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_target feed_dport tmp_proto tmp_port flag
|
||||
local feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"
|
||||
|
||||
start_ts="$(date +%s)"
|
||||
|
@ -756,19 +762,25 @@ f_down() {
|
|||
# prepare feed flags
|
||||
#
|
||||
for flag in ${feed_flag}; do
|
||||
if [ "${flag}" = "gz" ] && ! printf "%s" "${feed_comp}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
if [ "${flag}" = "gz" ]; then
|
||||
feed_comp="${flag}"
|
||||
elif [ -z "${feed_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
|
||||
feed_proto="${flag}"
|
||||
elif [ -n "${feed_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${feed_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
if [ -z "${feed_dport}" ]; then
|
||||
feed_dport="${flag}"
|
||||
else
|
||||
feed_dport="${feed_dport}, ${flag}"
|
||||
elif [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
|
||||
if [ -z "${tmp_proto}" ]; then
|
||||
tmp_proto="${flag}"
|
||||
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
tmp_proto="${tmp_proto}, ${flag}"
|
||||
fi
|
||||
elif [ -n "${flag//[![:digit]-]/}" ]; then
|
||||
if [ -z "${tmp_port}" ]; then
|
||||
tmp_port="${flag}"
|
||||
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
|
||||
tmp_port="${tmp_port}, ${flag}"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
[ -n "${feed_dport}" ] && feed_dport="${feed_proto} dport { ${feed_dport} }"
|
||||
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
|
||||
feed_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
|
||||
fi
|
||||
|
||||
# chain/rule maintenance
|
||||
#
|
||||
|
|
|
@ -36,8 +36,7 @@
|
|||
"url_6": "https://asn.ipinfo.app/api/text/list/",
|
||||
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
|
||||
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
|
||||
"descr": "ASN IP segments",
|
||||
"flag": "tcp 80 443"
|
||||
"descr": "ASN IP segments"
|
||||
},
|
||||
"backscatterer":{
|
||||
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=hev-socks5-server
|
||||
PKG_VERSION:=2.6.5
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://github.com/heiher/hev-socks5-server/releases/download/$(PKG_VERSION)
|
||||
PKG_HASH:=07d3297483cc624464eec424f7dd27f2028f4f56c70c2c9d0b6902e181a32ccb
|
||||
|
||||
PKG_MAINTAINER:=Ray Wang <r@hev.cc>
|
||||
PKG_LICENSE:=GPL-3.0-only
|
||||
PKG_LICENSE_FILES:=License
|
||||
|
||||
PKG_BUILD_FLAGS:=no-mips16
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/hev-socks5-server
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
TITLE:=A high-performance socks5 server for Unix
|
||||
URL:=https://github.com/heiher/hev-socks5-server
|
||||
endef
|
||||
|
||||
MAKE_FLAGS += REV_ID="$(PKG_VERSION)"
|
||||
|
||||
define Package/hev-socks5-server/conffiles
|
||||
/etc/config/hev-socks5-server
|
||||
/etc/hev-socks5-server/
|
||||
endef
|
||||
|
||||
define Package/hev-socks5-server/install
|
||||
$(INSTALL_DIR) $(1)/usr/bin
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/hev-socks5-server $(1)/usr/bin/
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/hev-socks5-server/
|
||||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/main.yml $(1)/etc/hev-socks5-server/main.yml
|
||||
$(INSTALL_CONF) $(PKG_BUILD_DIR)/conf/auth.txt $(1)/etc/hev-socks5-server/auth.txt
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/config/
|
||||
$(INSTALL_CONF) ./files/hev-socks5-server.config $(1)/etc/config/hev-socks5-server
|
||||
|
||||
$(INSTALL_DIR) $(1)/etc/init.d/
|
||||
$(INSTALL_BIN) ./files/hev-socks5-server.init $(1)/etc/init.d/hev-socks5-server
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,hev-socks5-server))
|
|
@ -0,0 +1,3 @@
|
|||
config hev-socks5-server 'config'
|
||||
option enabled '0'
|
||||
option conffile '/etc/hev-socks5-server/main.yml'
|
|
@ -0,0 +1,34 @@
|
|||
#!/bin/sh /etc/rc.common
|
||||
|
||||
USE_PROCD=1
|
||||
START=99
|
||||
|
||||
CONF="hev-socks5-server"
|
||||
PROG="/usr/bin/hev-socks5-server"
|
||||
|
||||
start_service() {
|
||||
config_load "$CONF"
|
||||
|
||||
local enabled
|
||||
config_get_bool enabled "config" "enabled" "0"
|
||||
[ "$enabled" -eq "1" ] || return 1
|
||||
|
||||
local conffile
|
||||
config_get conffile "config" "conffile"
|
||||
|
||||
procd_open_instance "$CONF"
|
||||
procd_set_param command "$PROG" "$conffile"
|
||||
procd_set_param file "$conffile"
|
||||
|
||||
procd_set_param limits core="unlimited"
|
||||
procd_set_param limits nofile="1000000 1000000"
|
||||
procd_set_param stdout 1
|
||||
procd_set_param stderr 1
|
||||
procd_set_param respawn
|
||||
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
service_triggers() {
|
||||
procd_add_reload_trigger "$CONF"
|
||||
}
|
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
"$1" 2>&1 | grep "$2"
|
Loading…
Reference in New Issue