banip: update 0.9.6-2
* fix regex for nixspam and sslbl feed * list the pre-routing limits in the banIP status * small fixes and log improvements Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
parent
37a6c5846f
commit
27e86ef42e
|
@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=banip
|
||||
PKG_VERSION:=0.9.6
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
PKG_LICENSE:=GPL-3.0-or-later
|
||||
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
|
||||
|
||||
|
|
|
@ -219,14 +219,14 @@ Available commands:
|
|||
:::
|
||||
Timestamp: 2024-04-17 23:02:15
|
||||
------------------------------
|
||||
blocked syn-flood packets in prerouting : 5
|
||||
blocked udp-flood packets in prerouting : 11
|
||||
blocked icmp-flood packets in prerouting : 6
|
||||
blocked invalid ct packets in prerouting : 277
|
||||
blocked invalid tcp packets in prerouting: 0
|
||||
----------
|
||||
auto-added IPs to allowlist today: 0
|
||||
auto-added IPs to blocklist today: 0
|
||||
blocked syn-flood packets : 5
|
||||
blocked udp-flood packets : 11
|
||||
blocked icmp-flood packets : 6
|
||||
blocked invalid ct packets : 277
|
||||
blocked invalid tcp packets: 0
|
||||
---
|
||||
auto-added IPs to allowlist: 0
|
||||
auto-added IPs to blocklist: 0
|
||||
|
||||
Set | Elements | WAN-Input (packets) | WAN-Forward (packets) | LAN-Forward (packets) | Port/Protocol Limit
|
||||
---------------------+--------------+-----------------------+-----------------------+-----------------------+------------------------
|
||||
|
@ -261,19 +261,18 @@ Available commands:
|
|||
|
||||
**banIP runtime information**
|
||||
```
|
||||
~# /etc/init.d/banip status
|
||||
::: banIP runtime information
|
||||
+ status : active (nft: ✔, monitor: ✔)
|
||||
+ version : 0.9.5-r1
|
||||
+ element_count : 335706
|
||||
+ active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, adguardtrackersv6, adguardtrackersv4, becyberv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dropv6, dohv4, dropv4, dohv6, threatv4, firehol1v4, ipthreatv4, firehol2v4, turrisv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6
|
||||
+ version : 0.9.6-r1
|
||||
+ element_count : 108036
|
||||
+ active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, turrisv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6
|
||||
+ active_devices : wan: pppoe-wan / wan-if: wan, wan_6 / vlan-allow: - / vlan-block: -
|
||||
+ active_uplink : 217.83.205.130, fe80::9cd6:12e9:c4df:75d3, 2003:ed:b5ff:43bd:9cd5:12e7:c3ef:75d8
|
||||
+ nft_info : priority: 0, policy: performance, loglevel: warn, expiry: 2h
|
||||
+ nft_info : priority: -100, policy: performance, loglevel: warn, expiry: 2h, limit (icmp/syn/udp): 10/10/100
|
||||
+ run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report
|
||||
+ run_flags : auto: ✔, proto (4/6): ✔/✔, log (pre/inp/fwd/lan): ✔/✘/✘/✘, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
|
||||
+ last_run : action: reload, log: logread, fetch: curl, duration: 2m 33s, date: 2024-04-17 05:57:56
|
||||
+ system_info : cores: 4, memory: 1573, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r25932-338b463e1e
|
||||
+ last_run : action: reload, log: logread, fetch: curl, duration: 1m 21s, date: 2024-05-27 05:56:29
|
||||
+ system_info : cores: 4, memory: 1661, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r26353-a96354bcfb
|
||||
```
|
||||
|
||||
**banIP search information**
|
||||
|
@ -300,16 +299,6 @@ Available commands:
|
|||
1.10.255.58
|
||||
1.11.67.53
|
||||
1.11.114.211
|
||||
1.11.208.29
|
||||
1.12.75.87
|
||||
1.12.231.227
|
||||
1.12.247.134
|
||||
1.12.251.141
|
||||
1.14.96.156
|
||||
1.14.250.37
|
||||
1.15.40.79
|
||||
1.15.71.140
|
||||
1.15.77.237
|
||||
[...]
|
||||
```
|
||||
**default regex for logfile parsing**
|
||||
|
@ -423,19 +412,22 @@ The banIP default blocklist feeds are stored in an external JSON file '/etc/bani
|
|||
A valid JSON source object contains the following information, e.g.:
|
||||
```
|
||||
[...]
|
||||
"tor":{
|
||||
"url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
|
||||
"url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
|
||||
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
|
||||
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
|
||||
"descr": "tor exit nodes",
|
||||
"flag": "gz tcp 80-88 udp 50000"
|
||||
"stevenblack":{
|
||||
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
|
||||
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
|
||||
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
|
||||
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
|
||||
"descr": "stevenblack IPs",
|
||||
"flag": "tcp 80 443"
|
||||
},
|
||||
[...]
|
||||
```
|
||||
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
|
||||
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
|
||||
|
||||
## FAQ
|
||||
TODO!
|
||||
|
||||
## Support
|
||||
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>
|
||||
|
||||
|
|
|
@ -97,7 +97,7 @@ f_system() {
|
|||
local cpu core
|
||||
|
||||
if [ -z "${ban_dev}" ]; then
|
||||
ban_debug="$(uci_get banip global ban_debug)"
|
||||
ban_debug="$(uci_get banip global ban_debug "0")"
|
||||
ban_cores="$(uci_get banip global ban_cores)"
|
||||
fi
|
||||
ban_packages="$("${ban_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
|
||||
|
@ -1258,7 +1258,7 @@ f_genstatus() {
|
|||
json_add_string "${object}" "${object}"
|
||||
done
|
||||
json_close_array
|
||||
json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}"
|
||||
json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}, limit (icmp/syn/udp): ${ban_icmplimit}/${ban_synlimit}/${ban_udplimit}"
|
||||
json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}"
|
||||
json_add_string "run_flags" "auto: $(f_char ${ban_autodetect}), proto (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (pre/inp/fwd/lan): $(f_char ${ban_logprerouting})/$(f_char ${ban_loginput})/$(f_char ${ban_logforwardwan})/$(f_char ${ban_logforwardlan}), dedup: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), custom feed: $(f_char ${custom_feed}), allowed only: $(f_char ${ban_allowlistonly})"
|
||||
json_add_string "last_run" "${runtime:-"-"}"
|
||||
|
@ -1354,7 +1354,7 @@ f_lookup() {
|
|||
end_time="$(date "+%s")"
|
||||
duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s"
|
||||
|
||||
f_log "debug" "f_lookup ::: feed: ${feed}, domains: ${cnt_domain}, IPs: ${cnt_ip}, duration: ${duration}"
|
||||
f_log "info" "domain lookup finished in ${duration} (${feed}, ${cnt_domain} domains, ${cnt_ip} IPs)"
|
||||
}
|
||||
|
||||
# table statistics
|
||||
|
@ -1509,7 +1509,7 @@ f_report() {
|
|||
printf "%s\n" " blocked icmp-flood packets : ${sum_icmpflood}"
|
||||
printf "%s\n" " blocked invalid ct packets : ${sum_ctinvalid}"
|
||||
printf "%s\n" " blocked invalid tcp packets: ${sum_tcpinvalid}"
|
||||
printf "%s\n" " ----------"
|
||||
printf "%s\n" " ---"
|
||||
printf "%s\n" " auto-added IPs to allowlist: ${autoadd_allow}"
|
||||
printf "%s\n\n" " auto-added IPs to blocklist: ${autoadd_block}"
|
||||
json_select "sets" >/dev/null 2>&1
|
||||
|
@ -1752,10 +1752,9 @@ ban_sedcmd="$(f_cmd sed)"
|
|||
ban_ubuscmd="$(f_cmd ubus)"
|
||||
ban_zcatcmd="$(f_cmd zcat)"
|
||||
|
||||
f_system
|
||||
if [ "${ban_action}" != "stop" ]; then
|
||||
[ ! -d "/etc/banip" ] && f_log "err" "no banIP config directory"
|
||||
[ ! -r "/etc/config/banip" ] && f_log "err" "no banIP config"
|
||||
[ "$(uci_get banip global ban_enabled)" = "0" ] && f_log "err" "banIP is disabled"
|
||||
fi
|
||||
|
||||
f_system
|
||||
|
|
|
@ -179,7 +179,7 @@
|
|||
},
|
||||
"nixspam":{
|
||||
"url_4": "https://www.nixspam.net/download/nixspam-ip.dump.gz",
|
||||
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
|
||||
"rule_4": "/127\\./{next}/(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
|
||||
"descr": "iX spam protection",
|
||||
"flag": "gz"
|
||||
},
|
||||
|
@ -219,7 +219,7 @@
|
|||
},
|
||||
"sslbl":{
|
||||
"url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
|
||||
"rule_4": "BEGIN{FS=\",\"}/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
|
||||
"rule_4": "BEGIN{FS=\",\"}/127\\./{next}/(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
|
||||
"descr": "SSL botnet IPs"
|
||||
},
|
||||
"stevenblack":{
|
||||
|
|
Loading…
Reference in New Issue