add update_z-i6.sh

910bed71 · System Administrator · ec1c8155 · 910bed71
Commit 910bed71 authored Feb 13, 2026 by System Administrator
Hide whitespace changes
Inline Side-by-side

Showing with 122 additions and 0 deletions

update_z-i6.sh router/update_z-i6.sh +122 -0

No files found.
--- a/router/update_z-i6.sh
+++ b/router/update_z-i6.sh
+#!/bin/sh
+
+#exit
+# Usage: --show|--force
+
+cd $(dirname "$(realpath "$0")") || exit #"
+
+SETNAME=rkz-ipv6
+TMPNAME=rkz.ntmp
+MAXELEM=5000000
+IFACE=vmbr0
+# hash:ip
+IPSTYPE="hash:net family inet6"
+NBTABLE=prometey
+#NBTABLE=openroute
+NBGW=85.235.192.189
+
+check_bgp_peer()
+{
+    birdc show protocols | grep -q "bgp$1.*master.*up.*Established"
+}
+
+
+set_rules()
+{
+
+# initial
+if ! ip6tables -L -t mangle | grep -q $SETNAME ; then
+	ip6tables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark 5 || exit
+fi
+
+#if ! sysctl net.ipv4.conf.tun0.rp_filter | grep -q " = 2" ; then
+#	sysctl -w net.ipv4.conf.tun0.rp_filter=2
+#fi
+
+# see /etc/net/ifaces/ether3/ipv4route
+#if ! ip route show table $NBTABLE | grep -q "default" ; then
+#	ip route replace default table $NBTABLE via $NBGW || exit
+#fi
+
+if ! check_bgp_peer AS35000 ; then
+    NBTABLE=openroute
+fi
+
+# force egw
+NBTABLE=openroute
+
+if ! ip -6 rule | grep -q "fwmark 0x5 lookup $NBTABLE" ; then
+	ip -6 rule del fwmark 5
+	ip -6 rule add fwmark 5 table $NBTABLE pref 3000 || exit
+fi
+
+# check for
+# -A POSTROUTING -o tun0 -j MASQUERADE
+
+}
+
+if [ "$1" = "--show" ] ; then
+	echo "Example:"
+	echo "# ip6tables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark 5"
+	echo "ipset list size: $(ipset list $SETNAME | wc -l)"
+	exit
+fi
+
+if [ "$1" = "--set-rules" ] ; then
+	set_rules
+	exit
+fi
+
+# download new list
+./get_ip6s_z-i.sh > $0.list || exit
+
+if [ ! -s "$0.list" ] ; then
+    echo "$0.list is empty"
+    exit 1
+fi
+
+FIRSTRUN=''
+ipset list -n | grep -q "^$SETNAME$" || FIRSTRUN='1'
+
+if [ -s "$0.list.old" ] ; then
+    # just return if there are no changes
+    diff -u $0.list.old $0.list >$0.list.changes.tmp && [ "$FIRSTRUN" != '1' ] && [ "$1" != "--force" ] && exit
+    echo >>$0.list.changes
+    date >>$0.list.changes
+    cat $0.list.changes.tmp | grep "^[+-]" >>$0.list.changes
+fi
+
+#ip rule show | grep "lookup openroute" | sed -e "s|.*:||g" | sed -e "s|lookup|table|g" | while read str ; do
+#done
+
+ipset -exist create $SETNAME $IPSTYPE maxelem $MAXELEM
+
+
+
+# Obsoleted element by element
+#ipset create $SETNAME.tmp hash:ip maxelem $MAXELEM || exit
+## fill new ipset
+#./get_ips_z-i.sh | sort -u | while read ip ; do
+#	ipset add $SETNAME.tmp $ip
+#done
+
+# clean before use
+ipset destroy $TMPNAME 2>/dev/null
+
+# Use single ipset run (see https://bugs.etersoft.ru/show_bug.cgi?id=12353)
+( echo "create $TMPNAME $IPSTYPE hashsize 65536 maxelem $MAXELEM" ; \
+	cat $0.list | grep -v "^#" | grep -v "^$" | grep -v ":" | sed -e "s|^|add $TMPNAME |" ) | ipset -exist restore
+
+# remove skipped ip
+#cat a_no_egw.list | grep -v "^ *#" | while read ip ; do
+#    ipset del $TMPNAME $ip
+#done
+
+ipset list $TMPNAME >$0.ipv6
+ipset list $TMPNAME | wc -l >$0.count
+ipset list $TMPNAME | grep "/" >$0.subnet
+cat $0.list | grep "\." >$0.skipped.ipv4
+ipset swap $TMPNAME $SETNAME || echo "Can't update to new ipset list!" >&2
+mv $0.list $0.list.old
+
+set_rules