Last active
January 9, 2018 15:49
-
-
Save delfer/0d39b218269bcaa8e003af6d1c196ee0 to your computer and use it in GitHub Desktop.
Add all blocked IPs to ipset
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # to enable this script uncomment the case loop at the bottom | |
| # to report mwan status on interface hotplug ifup/ifdown events modify the lines in the send_alert function | |
| send_alert() | |
| { | |
| # variable "$1" stores the MWAN status information | |
| # insert your code here to send the contents of "$1" | |
| echo "$1" | |
| } | |
| gather_event_info() | |
| { | |
| # create event information message | |
| local EVENT_INFO="Interface [ "$INTERFACE" ($DEVICE) ] on router [ "$(uci -p /var/state get system.@system[0].hostname)" ] has triggered a hotplug [ "$ACTION" ] event on "$(date +"%a %b %d %Y %T %Z")"" | |
| # get current interface, policy and rule status | |
| local CURRENT_STATUS="$(/usr/sbin/mwan3 status)" | |
| # get last 50 MWAN systemlog messages | |
| local MWAN_LOG="$(echo -e "Last 50 MWAN systemlog entries. Newest entries sorted at the top:\n$(logread | grep mwan3 | tail -n 50 | sed 'x;1!H;$!d;x')")" | |
| # pass event info to send_alert function | |
| send_alert "$(echo -e "$EVENT_INFO\n\n$CURRENT_STATUS\n\n$MWAN_LOG")" | |
| } | |
| #case "$ACTION" in | |
| # ifup) | |
| # gather_event_info | |
| # ;; | |
| # | |
| # ifdown) | |
| # gather_event_info | |
| # ;; | |
| #esac | |
| if [ "$INTERFACE" = "quadhost_vpn" ]; then | |
| case "$ACTION" in | |
| ifup) | |
| ipset create rkn hash:ip || ipset flush rkn | |
| ipset create rkn2 hash:ip || ipset flush rkn2 | |
| IPLIST=$(wget -qO - http://reestr.rublacklist.net/api/ips | sed 's/\"//g') | |
| export IFS=";" | |
| for IP in $IPLIST; do | |
| ipset add rkn $IP || ipset add rkn2 $IP | |
| done | |
| ;; | |
| ifdown) | |
| ipset destroy rkn || ipset flush rkn | |
| ipset destroy rkn2 || ipset flush rkn2 | |
| ;; | |
| esac | |
| fi; | |
| exit 0 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config interface 'wan' | |
| option enabled '1' | |
| list track_ip '77.88.8.1' | |
| list track_ip '77.88.8.8' | |
| list track_ip '8.8.8.8' | |
| list track_ip '8.8.4.4' | |
| option reliability '1' | |
| option count '1' | |
| option timeout '2' | |
| option interval '60' | |
| option down '3' | |
| option up '3' | |
| config interface 'quadhost_vpn' | |
| option enabled '1' | |
| list track_ip '77.88.8.1' | |
| list track_ip '77.88.8.8' | |
| list track_ip '8.8.8.8' | |
| list track_ip '8.8.4.4' | |
| option reliability '1' | |
| option count '1' | |
| option timeout '2' | |
| option interval '60' | |
| option down '3' | |
| option up '3' | |
| config member 'main' | |
| option interface 'wan' | |
| option weight '1000' | |
| option metric '1' | |
| config member 'vpn' | |
| option interface 'quadhost_vpn' | |
| option weight '1' | |
| option metric '20' | |
| config policy 'vpn_for_rkn' | |
| list use_member 'vpn' | |
| option last_resort 'default' | |
| config policy 'default_no_vpn' | |
| option last_resort 'default' | |
| list use_member 'main' | |
| list use_member 'vpn' | |
| config rule 'rkn_over_vpn' | |
| option proto 'all' | |
| option sticky '0' | |
| option ipset 'rkn' | |
| option use_policy 'vpn_for_rkn' | |
| config rule 'rkn2_over_vpn' | |
| option proto 'all' | |
| option sticky '0' | |
| option ipset 'rkn2' | |
| option use_policy 'vpn_for_rkn' | |
| config rule 'default' | |
| option proto 'all' | |
| option sticky '0' | |
| option use_policy 'default_no_vpn' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| config interface 'loopback' | |
| option ifname 'lo' | |
| option proto 'static' | |
| option ipaddr '127.0.0.1' | |
| option netmask '255.0.0.0' | |
| config globals 'globals' | |
| option ula_prefix 'fde6:363c:e0d8::/48' | |
| config interface 'lan' | |
| option ifname 'eth1' | |
| option force_link '1' | |
| option type 'bridge' | |
| option proto 'static' | |
| option netmask '255.255.255.0' | |
| option ip6assign '60' | |
| option ipaddr '10.236.200.1' | |
| config interface 'wan' | |
| option ifname 'eth0' | |
| option proto 'dhcp' | |
| option peerdns '0' | |
| option dns '77.88.8.1 77.88.8.8 8.8.4.4 8.8.8.8' | |
| option metric '1' | |
| config interface 'wan6' | |
| option ifname 'eth0' | |
| option proto 'dhcpv6' | |
| config switch | |
| option name 'switch0' | |
| option reset '1' | |
| option enable_vlan '1' | |
| config switch_vlan | |
| option device 'switch0' | |
| option vlan '1' | |
| option ports '0 2 3 4 5' | |
| config switch_vlan | |
| option device 'switch0' | |
| option vlan '2' | |
| option ports '1 6' | |
| config interface 'quadhost_vpn' | |
| option proto 'none' | |
| option ifname 'tun0' | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ipset destroy rkn | |
| ipset create rkn hash:ip | |
| ipset destroy rkn2 | |
| ipset create rkn2 hash:ip | |
| IPLIST=$(wget -qO - http://reestr.rublacklist.net/api/ips | sed 's/\"//g') | |
| export IFS=";" | |
| i=0 | |
| for IP in $IPLIST; do | |
| ipset add rkn $IP || ipset add rkn2 $IP | |
| i=$((i+1)) | |
| done | |
| echo $i |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment