PKG_NAME:=banip
PKG_VERSION:=0.8.2
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
| ban_dev | list | - / autodetect | wan device(s), e.g. 'eth2' |
| ban_trigger | list | - | logical startup trigger interface(s), e.g. 'wan' |
| ban_triggerdelay | option | 10 | trigger timeout before banIP processing begins |
+| ban_triggeraction | option | start | trigger action on ifup events, e.g. start, restart or reload |
| ban_deduplicate | option | 1 | deduplicate IP addresses across all active sets |
| ban_splitsize | option | 0 | split ext. sets after every n lines/members (saves RAM) |
| ban_cores | option | - / autodetect | limit the cpu cores used by banIP (saves RAM) |
| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
+| ban_mailnotification | option | 0 | receive E-Mail notifications with every banIP run |
| ban_reportelements | option | 1 | list set elements in the report, disable this to speed up the report significantly |
| ban_resolver | option | - | external resolver used for DNS lookups |
ban_mailreceiver=""
ban_mailtopic="banIP notification"
ban_mailprofile="ban_notify"
+ban_mailnotifcation="0"
ban_reportelements="1"
ban_nftloglevel="warn"
ban_nftpriority="-200"
fi
if [ "${class}" = "err" ]; then
f_genstatus "error"
+ [ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
f_rmdir "${ban_tmpdir}"
rm -rf "${ban_lock}"
exit 1
# get wan devices
#
f_getdev() {
- local dev iface update="0" cnt="0" cnt_max="10"
+ local dev iface update="0" cnt="0" cnt_max="30"
if [ "${ban_autodetect}" = "1" ]; then
- while [ -z "${ban_dev}" ] && [ "${cnt}" -le "${cnt_max}" ]; do
+ while [ "${cnt}" -lt "${cnt_max}" ] && [ -z "${ban_dev}" ]; do
network_flush_cache
for iface in ${ban_ifv4} ${ban_ifv6}; do
network_get_device dev "${iface}"
local detail set_details jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan
[ -z "${ban_dev}" ] && f_conf
+ f_system
f_mkdir "${ban_reportdir}"
report_jsn="${ban_reportdir}/ban_report.jsn"
report_txt="${ban_reportdir}/ban_report.txt"
[ -s "${report_jsn}" ] && cat "${report_jsn}"
;;
"mail")
- [ -x "${ban_mailcmd}" ] && f_mail
+ [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
;;
esac
+ rm -f "${report_txt}"
}
# set search
printf "%s\n%s\n%s\n" ":::" "::: banIP Search" ":::"
printf "%s\n" " Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")"
printf "%s\n" " ---"
- cnt=1
+ cnt="1"
for set in ${table_sets}; do
(
if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then
# load mail template
#
- [ ! -r "${ban_mailtemplate}" ] && f_log "err" "the mail template is missing"
- . "${ban_mailtemplate}"
-
- [ -z "${ban_mailreceiver}" ] && f_log "err" "the option 'ban_mailreceiver' is missing"
- [ -z "${mail_text}" ] && f_log "err" "the 'mail_text' is empty"
+ [ -r "${ban_mailtemplate}" ] && . "${ban_mailtemplate}" || f_log "info" "the mail template is missing"
+ [ -z "${mail_text}" ] && f_log "info" "the 'mail_text' template variable is empty"
[ "${ban_debug}" = "1" ] && msmtp_debug="--debug"
# send mail
f_log "info" "failed to send status mail (${?})"
fi
- f_log "debug" "f_mail ::: template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}"
+ f_log "debug" "f_mail ::: notification: ${ban_mailnotification}, template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}"
}
# check banIP availability and initial sourcing
#
if [ "${ban_action}" != "reload" ]; then
if [ -x "${ban_fw4cmd}" ]; then
- cnt=0
- while [ "${cnt}" -lt "10" ] && ! /etc/init.d/firewall status | grep -q "^active"; do
+ cnt="0"
+ while [ "${cnt}" -lt "30" ] && ! /etc/init.d/firewall status >/dev/null 2>&1; do
cnt="$((cnt + 1))"
sleep 1
done
- if ! /etc/init.d/firewall status | grep -q "^active"; then
+ if ! /etc/init.d/firewall status >/dev/null 2>&1; then
f_log "err" "nft based firewall/fw4 not functional"
fi
else
done
wait
-# start domain lookup
+# start background domain lookup
#
f_log "info" "start detached banIP domain lookup"
(f_lookup "allowlist") &
[ "${hold}" = "0" ] && wait
(f_lookup "blocklist") &
-# tidy up
+# end processing
#
f_rmset
f_rmdir "${ban_tmpdir}"
f_genstatus "active"
+[ "${ban_mailnotification}" = "1" ] && [ -n "${ban_mailreceiver}" ] && [ -x "${ban_mailcmd}" ] && f_mail
f_log "info" "finished banIP download processes"
rm -rf "${ban_lock}"
-# start log service
+# start detached log service
#
if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ]; then
f_log "info" "start detached banIP log service"
fi
done
-# start no-op service loop
+# start detached no-op service loop
#
else
f_log "info" "start detached no-op banIP service (logterms are missing)"
}
service_triggers() {
- local iface trigger delay
+ local iface trigger trigger_action delay
trigger="$(uci_get banip global ban_trigger)"
+ trigger_action="$(uci_get banip global ban_triggeraction "start")"
delay="$(uci_get banip global ban_triggerdelay "10")"
PROCD_RELOAD_DELAY=$((delay * 1000))
for iface in ${trigger}; do
- procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
+ procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "${trigger_action}"
done
procd_add_reload_trigger "banip"
}
projects / feed / packages.git / commitdiff