mirror of
https://github.com/gSpotx2f/ruantiblock_openwrt.git
synced 2026-05-13 14:10:59 +00:00
v1.1. Removed separate nftsets for user entries.
This commit is contained in:
gSpot
@@ -4,7 +4,7 @@
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_VERSION:=1.0-0
|
||||
PKG_VERSION:=1.1-0
|
||||
LUCI_TITLE:=LuCI support for ruantiblock
|
||||
LUCI_DEPENDS:=+ruantiblock
|
||||
LUCI_PKGARCH:=all
|
||||
|
||||
@@ -47,7 +47,6 @@ return view.extend({
|
||||
if(data.rules.nftables && data.rules.nftables.length > 1) {
|
||||
for(let i of data.rules.nftables) {
|
||||
if(!i.rule) continue;
|
||||
|
||||
let set, bytes;
|
||||
i.rule.expr.forEach(e => {
|
||||
if(e.match) {
|
||||
@@ -58,7 +57,6 @@ return view.extend({
|
||||
};
|
||||
});
|
||||
output.rules.push([ set, bytes ]);
|
||||
|
||||
};
|
||||
|
||||
function parseDnsmasqData(set) {
|
||||
@@ -77,8 +75,7 @@ return view.extend({
|
||||
return sArray;
|
||||
};
|
||||
|
||||
output.dnsmasq = parseDnsmasqData('dnsmasq');
|
||||
output.dnsmasq_u = parseDnsmasqData('dnsmasq_u');
|
||||
output.dnsmasq = parseDnsmasqData('dnsmasq');
|
||||
};
|
||||
return output;
|
||||
},
|
||||
@@ -185,11 +182,6 @@ return view.extend({
|
||||
rdTableWrapper.append(this.makeDnsmasqTable(nft_data.dnsmasq));
|
||||
};
|
||||
|
||||
if(nft_data.dnsmasq_u.length > 0) {
|
||||
let rduTableWrapper = document.getElementById('rduTableWrapper');
|
||||
rduTableWrapper.innerHTML = '';
|
||||
rduTableWrapper.append(this.makeDnsmasqTable(nft_data.dnsmasq_u));
|
||||
};
|
||||
} else {
|
||||
if(poll.active()) {
|
||||
poll.stop();
|
||||
@@ -217,8 +209,7 @@ return view.extend({
|
||||
|
||||
let update_status = null,
|
||||
rules = null,
|
||||
dnsmasq = null,
|
||||
dnsmasq_u = null;
|
||||
dnsmasq = null;
|
||||
if(data) {
|
||||
if(data.status === 'enabled') {
|
||||
update_status = E('table', { 'class': 'table' });
|
||||
@@ -278,7 +269,7 @@ return view.extend({
|
||||
E('td',{
|
||||
'class' : 'td left',
|
||||
'data-title': _('Match-set'),
|
||||
}, set + ' (' + set.replace(/^c/, 'CIDR').replace(/^i/, 'IP').replace(/^d/, 'dnsmasq').replace(/u$/, '-user') + ')'),
|
||||
}, set + ' (' + set.replace(/^c/, 'CIDR').replace(/^i/, 'IP').replace(/^d/, 'dnsmasq') + ')'),
|
||||
E('td', {
|
||||
'class' : 'td left',
|
||||
'id' : 'rules.' + set,
|
||||
@@ -306,18 +297,6 @@ return view.extend({
|
||||
]);
|
||||
};
|
||||
|
||||
if(nft_data.dnsmasq_u) {
|
||||
let rduTableWrapper = E('div', {
|
||||
'id' : 'rduTableWrapper',
|
||||
'style': 'width:100%'
|
||||
}, this.makeDnsmasqTable(nft_data.dnsmasq_u));
|
||||
|
||||
dnsmasq_u = E([
|
||||
E('h3', {}, _('Dnsmasq') + ' - ' + _('User entries')),
|
||||
rduTableWrapper,
|
||||
]);
|
||||
};
|
||||
|
||||
poll.add(L.bind(this.pollInfo, this), this.pollInterval);
|
||||
} else {
|
||||
update_status = E('em', {}, _('Status') + ' : ' + _('disabled'));
|
||||
@@ -337,9 +316,6 @@ return view.extend({
|
||||
E('div', { 'class': 'cbi-section fade-in' },
|
||||
E('div', { 'class': 'cbi-section-node' }, dnsmasq)
|
||||
),
|
||||
E('div', { 'class': 'cbi-section fade-in' },
|
||||
E('div', { 'class': 'cbi-section-node' }, dnsmasq_u)
|
||||
),
|
||||
]);
|
||||
},
|
||||
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ruantiblock-mod-lua
|
||||
PKG_VERSION:=1.0
|
||||
PKG_VERSION:=1.1
|
||||
PKG_RELEASE:=0
|
||||
PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
|
||||
|
||||
|
||||
@@ -58,9 +58,6 @@ local Config = Class(nil, {
|
||||
["NFTSET_CIDR"] = true,
|
||||
["NFTSET_IP"] = true,
|
||||
["NFTSET_DNSMASQ"] = true,
|
||||
["NFTSET_CIDR_USER"] = true,
|
||||
["NFTSET_IP_USER"] = true,
|
||||
["NFTSET_DNSMASQ_USER"] = true,
|
||||
["NFTSET_CIDR_CFG"] = true,
|
||||
["NFTSET_IP_CFG"] = true,
|
||||
["NFTSET_DNSMASQ"] = true,
|
||||
@@ -395,25 +392,12 @@ end
|
||||
|
||||
function BlackListParser:write_ipset_config()
|
||||
local file_handler = assert(io.open(self.IP_DATA_FILE, "w"), "Could not open nftset config")
|
||||
for _, v in ipairs({ self.NFTSET_CIDR, self.NFTSET_IP, self.NFTSET_CIDR_USER, self.NFTSET_IP_USER }) do
|
||||
for _, v in ipairs({ self.NFTSET_CIDR, self.NFTSET_IP }) do
|
||||
file_handler:write(string.format("flush set %s %s\n", self.NFT_TABLE, v))
|
||||
end
|
||||
file_handler:write(
|
||||
string.format("table %s {\n%s", self.NFT_TABLE, self.NFTSET_IP_CFG)
|
||||
string.format("table %s {\n%s", self.NFT_TABLE, self.NFTSET_CIDR_CFG)
|
||||
)
|
||||
local i = 0
|
||||
if next(self.ip_table) then
|
||||
file_handler:write("elements={")
|
||||
for ipaddr in pairs(self.ip_table) do
|
||||
file_handler:write(string.format("%s,", ipaddr))
|
||||
i = i + 1
|
||||
end
|
||||
file_handler:write("};")
|
||||
end
|
||||
file_handler:write(
|
||||
string.format("}\n%s", self.NFTSET_CIDR_CFG)
|
||||
)
|
||||
self.ip_records_count = i
|
||||
local c = 0
|
||||
if next(self.cidr_table) then
|
||||
file_handler:write("elements={")
|
||||
@@ -424,6 +408,19 @@ function BlackListParser:write_ipset_config()
|
||||
file_handler:write("};")
|
||||
end
|
||||
self.cidr_count = c
|
||||
file_handler:write(
|
||||
string.format("}\n%s", self.NFTSET_IP_CFG)
|
||||
)
|
||||
local i = 0
|
||||
if next(self.ip_table) then
|
||||
file_handler:write("elements={")
|
||||
for ipaddr in pairs(self.ip_table) do
|
||||
file_handler:write(string.format("%s,", ipaddr))
|
||||
i = i + 1
|
||||
end
|
||||
file_handler:write("};")
|
||||
end
|
||||
self.ip_records_count = i
|
||||
file_handler:write("}\n}\n")
|
||||
file_handler:close()
|
||||
end
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ruantiblock-mod-py
|
||||
PKG_VERSION:=1.0
|
||||
PKG_VERSION:=1.1
|
||||
PKG_RELEASE:=0
|
||||
PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
|
||||
|
||||
|
||||
@@ -42,9 +42,6 @@ class Config:
|
||||
"NFTSET_CIDR",
|
||||
"NFTSET_IP",
|
||||
"NFTSET_DNSMASQ",
|
||||
"NFTSET_CIDR_USER",
|
||||
"NFTSET_IP_USER",
|
||||
"NFTSET_DNSMASQ_USER",
|
||||
"NFTSET_CIDR_CFG",
|
||||
"NFTSET_IP_CFG",
|
||||
"NFTSET_DNSMASQ",
|
||||
@@ -503,25 +500,24 @@ class WriteConfigFiles(Config):
|
||||
|
||||
def write_ipset_config(self, ip_set, cidr_set):
|
||||
with open(self.IP_DATA_FILE, "wt", buffering=self.write_buffer) as file_handler:
|
||||
for i in (self.NFTSET_CIDR, self.NFTSET_IP,
|
||||
self.NFTSET_CIDR_USER, self.NFTSET_IP_USER):
|
||||
for i in (self.NFTSET_CIDR, self.NFTSET_IP):
|
||||
file_handler.write("flush set {} {}\n".format(self.NFT_TABLE, i))
|
||||
file_handler.write(
|
||||
"table {} {{\n{}".format(self.NFT_TABLE, self.NFTSET_IP_CFG)
|
||||
)
|
||||
if len(ip_set) > 0:
|
||||
file_handler.write("elements={")
|
||||
for i in ip_set:
|
||||
file_handler.write(f"{i},")
|
||||
file_handler.write("};")
|
||||
file_handler.write(
|
||||
"}}\n{}".format(self.NFTSET_CIDR_CFG)
|
||||
"table {} {{\n{}".format(self.NFT_TABLE, self.NFTSET_CIDR_CFG)
|
||||
)
|
||||
if len(cidr_set) > 0:
|
||||
file_handler.write("elements={")
|
||||
for i in cidr_set:
|
||||
file_handler.write(f"{i},")
|
||||
file_handler.write("};")
|
||||
file_handler.write(
|
||||
"}}\n{}".format(self.NFTSET_IP_CFG)
|
||||
)
|
||||
if len(ip_set) > 0:
|
||||
file_handler.write("elements={")
|
||||
for i in ip_set:
|
||||
file_handler.write(f"{i},")
|
||||
file_handler.write("};")
|
||||
file_handler.write("}\n}\n")
|
||||
|
||||
def write_dnsmasq_config(self, fqdn_set):
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=ruantiblock
|
||||
PKG_VERSION:=1.0
|
||||
PKG_VERSION:=1.1
|
||||
PKG_RELEASE:=0
|
||||
PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
|
||||
|
||||
|
||||
@@ -58,8 +58,8 @@ VPN_PKTS_MARK=8
|
||||
NFTSET_MAXELEM_IP=1000000
|
||||
NFTSET_MAXELEM_DNSMASQ=65535
|
||||
### Политика отбора элементов в сетах nftables. "performance" - производительность и большее потребление RAM. "memory" - хуже производительность и меньше потребление RAM
|
||||
NFTSET_POLICY_CIDR="performance"
|
||||
NFTSET_POLICY_IP="performance"
|
||||
NFTSET_POLICY_CIDR="memory"
|
||||
NFTSET_POLICY_IP="memory"
|
||||
NFTSET_POLICY_DNSMASQ="performance"
|
||||
### Таймаут для записей в сете $NFTSET_DNSMASQ
|
||||
NFTSET_DNSMASQ_TIMEOUT="1h"
|
||||
@@ -120,12 +120,12 @@ ZI_ALL_URL="https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv"
|
||||
#ZI_ALL_URL="https://app.assembla.com/spaces/z-i/git/source/master/dump.csv?_format=raw"
|
||||
AF_IP_URL="https://antifilter.download/list/allyouneed.lst"
|
||||
AF_FQDN_URL="https://antifilter.download/list/domains.lst"
|
||||
RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.ip"
|
||||
RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.dnsmasq"
|
||||
RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/update_status"
|
||||
RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.ip"
|
||||
RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.dnsmasq"
|
||||
RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/update_status"
|
||||
RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.ip"
|
||||
RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.dnsmasq"
|
||||
RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/update_status"
|
||||
RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.ip"
|
||||
RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.dnsmasq"
|
||||
RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/update_status"
|
||||
RBL_ENCODING=""
|
||||
ZI_ENCODING="CP1251"
|
||||
AF_ENCODING=""
|
||||
|
||||
@@ -29,8 +29,6 @@ Info() {
|
||||
if [ $? -eq 0 ]; then
|
||||
printf ",\"dnsmasq\":"
|
||||
$NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ" 2> /dev/null
|
||||
printf ",\"dnsmasq_u\":"
|
||||
$NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ_USER" 2> /dev/null
|
||||
printf "}"
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -38,16 +38,16 @@ NftCmdWrapper() {
|
||||
return $_return_code
|
||||
}
|
||||
|
||||
IptVpnRouteDel() {
|
||||
NftVpnRouteDelete() {
|
||||
$IP_CMD route flush table $VPN_ROUTE_TABLE_ID
|
||||
$IP_CMD rule del table $VPN_ROUTE_TABLE_ID
|
||||
}
|
||||
|
||||
IptVpnRouteAdd() {
|
||||
NftVpnRouteAdd() {
|
||||
VPN_IP=`$IP_CMD addr list dev $IF_VPN 2> /dev/null | $AWK_CMD '/inet/{sub("/[0-9]{1,2}$", "", $2); print $2; exit}'`
|
||||
if [ -n "$VPN_IP" ]; then
|
||||
echo 0 > /proc/sys/net/ipv4/conf/$IF_VPN/rp_filter
|
||||
IptVpnRouteDel 2> /dev/null
|
||||
NftVpnRouteDelete 2> /dev/null
|
||||
$IP_CMD rule add fwmark $VPN_PKTS_MARK table $VPN_ROUTE_TABLE_ID priority 1000
|
||||
$IP_CMD route add default via $VPN_IP table $VPN_ROUTE_TABLE_ID
|
||||
fi
|
||||
@@ -59,7 +59,7 @@ NftVpnRouteStatus() {
|
||||
}
|
||||
|
||||
NftMainAdd() {
|
||||
local _nft_sets="${NFTSET_CIDR} ${NFTSET_CIDR_USER} ${NFTSET_IP} ${NFTSET_IP_USER} ${NFTSET_DNSMASQ} ${NFTSET_DNSMASQ_USER}" _set
|
||||
local _nft_sets="${NFTSET_CIDR} ${NFTSET_IP} ${NFTSET_DNSMASQ}" _set
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" { $LOCAL_CLIENTS_CHAIN_TYPE }
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_CHAIN"
|
||||
$NFT_CMD add chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
@@ -84,7 +84,7 @@ NftMainAdd() {
|
||||
NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter goto "$NFT_ACTION_CHAIN"
|
||||
done
|
||||
if [ "$PROXY_MODE" = "2" ]; then
|
||||
IptVpnRouteAdd
|
||||
NftVpnRouteAdd
|
||||
fi
|
||||
}
|
||||
|
||||
@@ -97,7 +97,7 @@ NftMainDelete() {
|
||||
$NFT_CMD delete chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
|
||||
$NFT_CMD flush chain $NFT_TABLE "$NFT_ACTION_CHAIN"
|
||||
$NFT_CMD delete chain $NFT_TABLE "$NFT_ACTION_CHAIN"
|
||||
IptVpnRouteDel 2> /dev/null
|
||||
NftVpnRouteDelete 2> /dev/null
|
||||
}
|
||||
|
||||
NftLocalClientsAdd() {
|
||||
|
||||
@@ -70,8 +70,8 @@ export NFTSET_MAXELEM_CIDR=65535
|
||||
export NFTSET_MAXELEM_IP=1000000
|
||||
export NFTSET_MAXELEM_DNSMASQ=65535
|
||||
### Политика отбора элементов в сетах nftables. "performance" - производительность и большее потребление RAM. "memory" - хуже производительность и меньше потребление RAM
|
||||
export NFTSET_POLICY_CIDR="performance"
|
||||
export NFTSET_POLICY_IP="performance"
|
||||
export NFTSET_POLICY_CIDR="memory"
|
||||
export NFTSET_POLICY_IP="memory"
|
||||
export NFTSET_POLICY_DNSMASQ="performance"
|
||||
### Таймаут для записей в сете $NFTSET_DNSMASQ
|
||||
export NFTSET_DNSMASQ_TIMEOUT="1h"
|
||||
@@ -131,12 +131,12 @@ export RBL_IP_URL="https://reestr.rublacklist.net/api/v3/ips/"
|
||||
export ZI_ALL_URL="https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv"
|
||||
export AF_IP_URL="https://antifilter.download/list/allyouneed.lst"
|
||||
export AF_FQDN_URL="https://antifilter.download/list/domains.lst"
|
||||
export RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.ip"
|
||||
export RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.dnsmasq"
|
||||
export RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/update_status"
|
||||
export RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.ip"
|
||||
export RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.dnsmasq"
|
||||
export RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/update_status"
|
||||
export RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.ip"
|
||||
export RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.dnsmasq"
|
||||
export RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/update_status"
|
||||
export RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.ip"
|
||||
export RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.dnsmasq"
|
||||
export RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/update_status"
|
||||
export RBL_ENCODING=""
|
||||
export ZI_ENCODING="CP1251"
|
||||
export AF_ENCODING=""
|
||||
@@ -182,15 +182,12 @@ export NFTSET_ONION="onion"
|
||||
export NFTSET_CIDR="c"
|
||||
export NFTSET_IP="i"
|
||||
export NFTSET_DNSMASQ="d"
|
||||
export NFTSET_CIDR_USER="cu"
|
||||
export NFTSET_IP_USER="iu"
|
||||
export NFTSET_DNSMASQ_USER="du"
|
||||
export NFTSET_ALLOWED_HOSTS_TYPE="ipv4_addr"
|
||||
export NFTSET_CIDR_TYPE="ipv4_addr"
|
||||
export NFTSET_IP_TYPE="ipv4_addr"
|
||||
export NFTSET_DNSMASQ_TYPE="ipv4_addr"
|
||||
export NFTSET_CIDR_CFG="set ${NFTSET_CIDR} {type ${NFTSET_CIDR_TYPE};size ${NFTSET_MAXELEM_CIDR};policy ${NFTSET_POLICY_CIDR};flags interval;auto-merge;"
|
||||
export NFTSET_IP_CFG="set ${NFTSET_IP} {type ${NFTSET_IP_TYPE};size ${NFTSET_MAXELEM_IP};policy ${NFTSET_POLICY_IP};"
|
||||
export NFTSET_IP_CFG="set ${NFTSET_IP} {type ${NFTSET_IP_TYPE};size ${NFTSET_MAXELEM_IP};policy ${NFTSET_POLICY_IP};flags dynamic;"
|
||||
export UPDATE_STATUS_FILE="${DATA_DIR}/update_status"
|
||||
U_PID_FILE="/var/run/${NAME}_update.pid"
|
||||
START_PID_FILE="/var/run/${NAME}_start.pid"
|
||||
@@ -214,9 +211,9 @@ Help() {
|
||||
cat << EOF
|
||||
Usage: `basename $0` start|force-start|stop|destroy|restart|reload|update|force-update|data-files|status|raw-status|html-info|help
|
||||
start : Start
|
||||
force-start : Removing the pid-file before running
|
||||
force-start : Removing the PID-file before running
|
||||
stop : Stop
|
||||
destroy : Stop + remove nft table and clear all data files
|
||||
destroy : Stop, remove nft table and clear all data files
|
||||
restart : Restart
|
||||
reload : Renew nftables configuration
|
||||
update : Update blacklist
|
||||
@@ -273,7 +270,7 @@ DownloadRuabBlacklist() {
|
||||
esac
|
||||
}
|
||||
|
||||
DnsmasqRestart() {
|
||||
RestartDnsmasq() {
|
||||
eval `echo "$DNSMASQ_RESTART_CMD"`
|
||||
}
|
||||
|
||||
@@ -288,13 +285,10 @@ FlushNftSets() {
|
||||
AddNftSets() {
|
||||
local _hosts
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_CIDR" { type "$NFTSET_CIDR_TYPE"\; size $NFTSET_MAXELEM_CIDR\; policy "$NFTSET_POLICY_CIDR"\; flags interval\; auto-merge\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_CIDR_USER" { type "$NFTSET_CIDR_TYPE"\; size $NFTSET_MAXELEM_CIDR\; policy "$NFTSET_POLICY_CIDR"\; flags interval\; auto-merge\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_IP" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_IP_USER" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_DNSMASQ" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_DNSMASQ_USER" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_ONION" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_ALLOWED_HOSTS" { type "$NFTSET_ALLOWED_HOSTS_TYPE"\; policy "$NFTSET_POLICY_IP"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_IP" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; flags dynamic\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_DNSMASQ" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags dynamic,timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_ONION" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags dynamic,timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
|
||||
$NFT_CMD add set $NFT_TABLE "$NFTSET_ALLOWED_HOSTS" { type "$NFTSET_ALLOWED_HOSTS_TYPE"\; policy "$NFTSET_POLICY_IP"\; flags dynamic\; }
|
||||
_hosts=`printf "$ALLOWED_HOSTS_LIST" | $AWK_CMD '{gsub(/[ ]+/, ",", $0); printf $0;}'`
|
||||
if [ -n "$_hosts" ]; then
|
||||
$NFT_CMD add element $NFT_TABLE "$NFTSET_ALLOWED_HOSTS" { "$_hosts" }
|
||||
@@ -336,7 +330,7 @@ SetNetConfig() {
|
||||
|
||||
DropNetConfig() {
|
||||
DeleteNftRules
|
||||
FlushNftSets "$NFTSET_ALLOWED_HOSTS" "$NFTSET_CIDR" "$NFTSET_CIDR_USER" "$NFTSET_IP" "$NFTSET_IP_USER" "$NFTSET_DNSMASQ" "$NFTSET_DNSMASQ_USER" "$NFTSET_ONION"
|
||||
FlushNftSets "$NFTSET_ALLOWED_HOSTS" "$NFTSET_CIDR" "$NFTSET_IP" "$NFTSET_DNSMASQ" "$NFTSET_ONION"
|
||||
}
|
||||
|
||||
DestroyNetConfig() {
|
||||
@@ -387,7 +381,7 @@ AddUserEntries() {
|
||||
if(length(dns) > 0) {
|
||||
printf "server=/%s/%s\n", val, dns >> ENVIRON["DNSMASQ_DATA_FILE"];
|
||||
};
|
||||
printf "nftset=/%s/%s#%s\n", val, ENVIRON["NFT_TABLE_DNSMASQ"], ENVIRON["NFTSET_DNSMASQ_USER"] >> ENVIRON["DNSMASQ_DATA_FILE"];
|
||||
printf "nftset=/%s/%s#%s\n", val, ENVIRON["NFT_TABLE_DNSMASQ"], ENVIRON["NFTSET_DNSMASQ"] >> ENVIRON["DNSMASQ_DATA_FILE"];
|
||||
};
|
||||
function writeFqdnEntries() {
|
||||
delete fqdn_array[0];
|
||||
@@ -408,12 +402,12 @@ AddUserEntries() {
|
||||
};
|
||||
}
|
||||
END {
|
||||
printf "table %s {\nset %s {type %s;size %s;flags interval;auto-merge;", ENVIRON["NFT_TABLE"], ENVIRON["NFTSET_CIDR_USER"], ENVIRON["NFTSET_CIDR_TYPE"], ENVIRON["NFTSET_MAXELEM_CIDR"] >> ENVIRON["IP_DATA_FILE"];
|
||||
printf "table %s {\n%s", ENVIRON["NFT_TABLE"], ENVIRON["NFTSET_CIDR_CFG"] >> ENVIRON["IP_DATA_FILE"];
|
||||
delete cidr_array[0];
|
||||
if(length(cidr_array) > 0) {
|
||||
printf "elements={%s};", writeIpList(cidr_array) >> ENVIRON["IP_DATA_FILE"];
|
||||
};
|
||||
printf "}\nset %s {type %s;size %s;", ENVIRON["NFTSET_IP_USER"], ENVIRON["NFTSET_IP_TYPE"], ENVIRON["NFTSET_MAXELEM_IP"] >> ENVIRON["IP_DATA_FILE"];
|
||||
printf "}\n%s", ENVIRON["NFTSET_IP_CFG"] >> ENVIRON["IP_DATA_FILE"];
|
||||
delete ip_array[0];
|
||||
if(length(ip_array) > 0) {
|
||||
printf "elements={%s};", writeIpList(ip_array) >> ENVIRON["IP_DATA_FILE"];
|
||||
@@ -502,7 +496,7 @@ Update() {
|
||||
echo " ${NAME} ${1}..."
|
||||
MakeLogRecord "notice" "${1}..."
|
||||
if [ "$NFTSET_CLEAR_SETS" = "1" ]; then
|
||||
FlushNftSets "$NFTSET_CIDR" "$NFTSET_CIDR_USER" "$NFTSET_IP" "$NFTSET_IP_USER" "$NFTSET_DNSMASQ" "$NFTSET_DNSMASQ_USER"
|
||||
FlushNftSets "$NFTSET_CIDR" "$NFTSET_IP" "$NFTSET_DNSMASQ"
|
||||
elif [ -z "$BLLIST_PRESET" -a -z "$BLLIST_MODULE" ]; then
|
||||
FlushNftSets "$NFTSET_IP" "$NFTSET_CIDR"
|
||||
fi
|
||||
@@ -523,13 +517,10 @@ Update() {
|
||||
_return_code=1
|
||||
;;
|
||||
esac
|
||||
FlushNftSets "$NFTSET_DNSMASQ" "$NFTSET_ONION" "$NFTSET_DNSMASQ_USER"
|
||||
if [ "$ADD_USER_ENTRIES" != "1" ]; then
|
||||
FlushNftSets "$NFTSET_CIDR_USER" "$NFTSET_IP_USER"
|
||||
fi
|
||||
FlushNftSets "$NFTSET_DNSMASQ" "$NFTSET_ONION"
|
||||
UpdateBllistSets
|
||||
_return_code=$?
|
||||
DnsmasqRestart
|
||||
RestartDnsmasq
|
||||
ToggleUPIDFile del
|
||||
fi
|
||||
MakeToken
|
||||
@@ -722,7 +713,7 @@ case "$1" in
|
||||
ClearDataFiles
|
||||
return_code=$?
|
||||
ToggleUPIDFile del
|
||||
DnsmasqRestart
|
||||
RestartDnsmasq
|
||||
StatusOutput
|
||||
;;
|
||||
update|force-update)
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 187 KiB After Width: | Height: | Size: 121 KiB |
Reference in New Issue
Block a user