OpenWrt
/
packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

banip: update 0.9.6-2 

* fix regex for nixspam and sslbl feed
* list the pre-routing limits in the banIP status
* small fixes and log improvements

Signed-off-by: Dirk Brenken <dev@brenken.org>
This commit is contained in:
Dirk Brenken 2024-05-30 21:36:33 +02:00
parent 37a6c5846f
commit 27e86ef42e
No known key found for this signature in database
GPG Key ID: 9D71CD547BFAE684
4 changed files with 32 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/banip/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.9.6
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

56
net/banip/files/README.md
View File

@ -219,14 +219,14 @@ Available commands:
:::
Timestamp: 2024-04-17 23:02:15
------------------------------
blocked syn-flood packets in prerouting : 5
blocked udp-flood packets in prerouting : 11
blocked icmp-flood packets in prerouting : 6
blocked invalid ct packets in prerouting : 277
blocked invalid tcp packets in prerouting: 0
----------
auto-added IPs to allowlist today: 0
auto-added IPs to blocklist today: 0
blocked syn-flood packets : 5
blocked udp-flood packets : 11
blocked icmp-flood packets : 6
blocked invalid ct packets : 277
blocked invalid tcp packets: 0
---
auto-added IPs to allowlist: 0
auto-added IPs to blocklist: 0
Set | Elements | WAN-Input (packets) | WAN-Forward (packets) | LAN-Forward (packets) | Port/Protocol Limit
---------------------+--------------+-----------------------+-----------------------+-----------------------+------------------------
@ -261,19 +261,18 @@ Available commands:
**banIP runtime information**
```
~# /etc/init.d/banip status
::: banIP runtime information
+ status : active (nft: ✔, monitor: ✔)
+ version : 0.9.5-r1
+ element_count : 335706
+ active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, adguardtrackersv6, adguardtrackersv4, becyberv4, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dropv6, dohv4, dropv4, dohv6, threatv4, firehol1v4, ipthreatv4, firehol2v4, turrisv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6
+ version : 0.9.6-r1
+ element_count : 108036
+ active_feeds : allowlistv4MAC, allowlistv6MAC, allowlistv4, allowlistv6, cinsscorev4, deblv4, countryv6, countryv4, deblv6, dohv4, dohv6, turrisv4, blocklistv4MAC, blocklistv6MAC, blocklistv4, blocklistv6
+ active_devices : wan: pppoe-wan / wan-if: wan, wan_6 / vlan-allow: - / vlan-block: -
+ active_uplink : 217.83.205.130, fe80::9cd6:12e9:c4df:75d3, 2003:ed:b5ff:43bd:9cd5:12e7:c3ef:75d8
+ nft_info : priority: 0, policy: performance, loglevel: warn, expiry: 2h
+ nft_info : priority: -100, policy: performance, loglevel: warn, expiry: 2h, limit (icmp/syn/udp): 10/10/100
+ run_info : base: /mnt/data/banIP, backup: /mnt/data/banIP/backup, report: /mnt/data/banIP/report
+ run_flags : auto: ✔, proto (4/6): ✔/✔, log (pre/inp/fwd/lan): ✔/✘/✘/✘, dedup: ✔, split: ✘, custom feed: ✘, allowed only: ✘
+ last_run : action: reload, log: logread, fetch: curl, duration: 2m 33s, date: 2024-04-17 05:57:56
+ system_info : cores: 4, memory: 1573, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r25932-338b463e1e
+ last_run : action: reload, log: logread, fetch: curl, duration: 1m 21s, date: 2024-05-27 05:56:29
+ system_info : cores: 4, memory: 1661, device: Bananapi BPI-R3, OpenWrt SNAPSHOT r26353-a96354bcfb
```
**banIP search information**
@ -300,16 +299,6 @@ Available commands:
1.10.255.58
1.11.67.53
1.11.114.211
1.11.208.29
1.12.75.87
1.12.231.227
1.12.247.134
1.12.251.141
1.14.96.156
1.14.250.37
1.15.40.79
1.15.71.140
1.15.77.237
[...]
```
**default regex for logfile parsing**
@ -423,19 +412,22 @@ The banIP default blocklist feeds are stored in an external JSON file '/etc/bani
A valid JSON source object contains the following information, e.g.:
```
[...]
"tor":{
"url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
"url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "tor exit nodes",
"flag": "gz tcp 80-88 udp 50000"
"stevenblack":{
"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
"descr": "stevenblack IPs",
"flag": "tcp 80 443"
},
[...]
```
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
## FAQ
TODO!
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>

11
net/banip/files/banip-functions.sh
View File

@ -97,7 +97,7 @@ f_system() {
local cpu core
if [ -z "${ban_dev}" ]; then
ban_debug="$(uci_get banip global ban_debug)"
ban_debug="$(uci_get banip global ban_debug "0")"
ban_cores="$(uci_get banip global ban_cores)"
fi
ban_packages="$("${ban_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
@ -1258,7 +1258,7 @@ f_genstatus() {
json_add_string "${object}" "${object}"
done
json_close_array
json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}"
json_add_string "nft_info" "priority: ${ban_nftpriority}, policy: ${ban_nftpolicy}, loglevel: ${ban_nftloglevel}, expiry: ${ban_nftexpiry:-"-"}, limit (icmp/syn/udp): ${ban_icmplimit}/${ban_synlimit}/${ban_udplimit}"
json_add_string "run_info" "base: ${ban_basedir}, backup: ${ban_backupdir}, report: ${ban_reportdir}"
json_add_string "run_flags" "auto: $(f_char ${ban_autodetect}), proto (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (pre/inp/fwd/lan): $(f_char ${ban_logprerouting})/$(f_char ${ban_loginput})/$(f_char ${ban_logforwardwan})/$(f_char ${ban_logforwardlan}), dedup: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), custom feed: $(f_char ${custom_feed}), allowed only: $(f_char ${ban_allowlistonly})"
json_add_string "last_run" "${runtime:-"-"}"
@ -1354,7 +1354,7 @@ f_lookup() {
end_time="$(date "+%s")"
duration="$(((end_time - start_time) / 60))m $(((end_time - start_time) % 60))s"
f_log "debug" "f_lookup ::: feed: ${feed}, domains: ${cnt_domain}, IPs: ${cnt_ip}, duration: ${duration}"
f_log "info" "domain lookup finished in ${duration} (${feed}, ${cnt_domain} domains, ${cnt_ip} IPs)"
}
# table statistics
@ -1509,7 +1509,7 @@ f_report() {
printf "%s\n" " blocked icmp-flood packets : ${sum_icmpflood}"
printf "%s\n" " blocked invalid ct packets : ${sum_ctinvalid}"
printf "%s\n" " blocked invalid tcp packets: ${sum_tcpinvalid}"
printf "%s\n" " ----------"
printf "%s\n" " ---"
printf "%s\n" " auto-added IPs to allowlist: ${autoadd_allow}"
printf "%s\n\n" " auto-added IPs to blocklist: ${autoadd_block}"
json_select "sets" >/dev/null 2>&1
@ -1752,10 +1752,9 @@ ban_sedcmd="$(f_cmd sed)"
ban_ubuscmd="$(f_cmd ubus)"
ban_zcatcmd="$(f_cmd zcat)"
f_system
if [ "${ban_action}" != "stop" ]; then
[ ! -d "/etc/banip" ] && f_log "err" "no banIP config directory"
[ ! -r "/etc/config/banip" ] && f_log "err" "no banIP config"
[ "$(uci_get banip global ban_enabled)" = "0" ] && f_log "err" "banIP is disabled"
fi
f_system

4
net/banip/files/banip.feeds
View File

@ -179,7 +179,7 @@
},
"nixspam":{
"url_4": "https://www.nixspam.net/download/nixspam-ip.dump.gz",
"rule_4": "/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
"rule_4": "/127\\./{next}/(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
"descr": "iX spam protection",
"flag": "gz"
},
@ -219,7 +219,7 @@
},
"sslbl":{
"url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
"rule_4": "BEGIN{FS=\",\"}/^127\\./{next}/^(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
"rule_4": "BEGIN{FS=\",\"}/127\\./{next}/(([1-9][0-9]{0,2}\\.){1}([0-9]{1,3}\\.){2}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
"descr": "SSL botnet IPs"
},
"stevenblack":{