Skip to content

E
etersoft-admin-essentials
Commit c28d9429 authored by Vitaly Lipatov's avatar Vitaly Lipatov
Browse files
Options

update_z-i: rewrite

parent 3927adcd
Show whitespace changes
Inline Side-by-side
Showing with 26 additions and 9 deletions
router/get_ips_z-i.sh
View file @ c28d9429
...@@ -3,5 +3,6 @@ ...@@ -3,5 +3,6 @@
#git pull >/dev/null #git pull >/dev/null
#cat dump.csv |cut -f1 -d';'|tr '|' '\n'| tr -d ' '|sort -u #cat dump.csv |cut -f1 -d';'|tr '|' '\n'| tr -d ' '|sort -u
#cat dump.csv |cut -f1 -d';'|tr '|' '\n'| tr -d ' '|sed '1d'|sort -u #cat dump.csv |cut -f1 -d';'|tr '|' '\n'| tr -d ' '|sed '1d'|sort -u
curl --silent https://reestr.rublacklist.net/api/ips | sed -e 's|"||g' | sed -e 's|;|\n|g' #curl --silent https://reestr.rublacklist.net/api/ips | sed -e 's|"||g' | sed -e 's|;|\n|g'
curl --silent https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv | cut -d";" -f1 | tr '|' '\n' | tr -d ' ' | grep -v Updated
cat a_manual.list | grep -v "^#" cat a_manual.list | grep -v "^#"
router/update_z-i.sh
View file @ c28d9429
#!/bin/sh #!/bin/sh
cd $(dirname "$(readlink "$0")") || exit #" cd $(dirname "$(realpath "$0")") || exit #"
SETNAME=rkz SETNAME=rkz
MAXELEM=300000 TMPNAME=rkz.ntmp
MAXELEM=200000
IFACE=breth0 IFACE=breth0
# hash:ip
IPSTYPE=hash:net
if [ "$1" = "--show" ] ; then if [ "$1" = "--show" ] ; then
echo "iptables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark 5" echo "iptables -t mangle -A PREROUTING -i $IFACE -m set --match-set $SETNAME dst -j MARK --set-mark 5"
exit exit
fi fi
# download new list
./get_ips_z-i.sh | grep -v HASH > $0.list
if [ -s "$0.list.old" ] ; then
# just return if there are no changes
diff -u $0.list.old $0.list >$0.list.changes.tmp && exit
echo >>$0.list.changes
date >>$0.list.changes
cat $0.list.changes.tmp | grep "^[+-]" >>$0.list.changes
fi
#ip rule show | grep "lookup openroute" | sed -e "s|.*:||g" | sed -e "s|lookup|table|g" | while read str ; do #ip rule show | grep "lookup openroute" | sed -e "s|.*:||g" | sed -e "s|lookup|table|g" | while read str ; do
#done #done
ipset -exist create $SETNAME hash:ip maxelem $MAXELEM ipset -exist create $SETNAME $IPSTYPE maxelem $MAXELEM
# something like clean # something like clean
ipset -exist destroy $SETNAME.tmp ipset -exist destroy $TMPNAME
# Obsoleted element by element # Obsoleted element by element
...@@ -28,11 +41,14 @@ ipset -exist destroy $SETNAME.tmp ...@@ -28,11 +41,14 @@ ipset -exist destroy $SETNAME.tmp
#done #done
# Use single ipset run (see https://bugs.etersoft.ru/show_bug.cgi?id=12353) # Use single ipset run (see https://bugs.etersoft.ru/show_bug.cgi?id=12353)
( echo "create $SETNAME.tmp hash:ip hashsize 65536 maxelem $MAXELEM" ; \ ( echo "create $TMPNAME $IPSTYPE hashsize 65536 maxelem $MAXELEM" ; \
./get_ips_z-i.sh | sed -e "s|^|add $SETNAME.tmp |" ) | ipset -exist restore cat $0.list | grep -v "^$" | sed -e "s|^|add $TMPNAME |" ) | ipset -exist restore
ipset list $SETNAME.tmp | wc -l >$0.count #ipset list $TMPNAME >$0.list
ipset swap $SETNAME.tmp $SETNAME ipset list $TMPNAME | wc -l >$0.count
ipset list $TMPNAME | grep "/" >$0.subnet
ipset swap $TMPNAME $SETNAME
mv $0.list $0.list.old
# initial # initial
if ! iptables -L -t mangle | grep -q $SETNAME ; then if ! iptables -L -t mangle | grep -q $SETNAME ; then
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment