MyCode/Website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cleanup and reformat scripts

Browse Source
This commit is contained in:
Phil Connor 2024-06-13 13:43:40 -05:00
parent c052ec3a70
commit d1b2c702b1
3 changed files with 25 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
UFW-Blocklist/after.init
View File

@ -130,16 +130,19 @@ stop)
iptables -F ufw-blocklist-input iptables -F ufw-blocklist-input
iptables -X ufw-blocklist-input iptables -X ufw-blocklist-input
fi fi
if chain_exists ufw-blocklist-output; then if chain_exists ufw-blocklist-output; then
iptables -D OUTPUT -m set --match-set $ipsetname dst -j ufw-blocklist-output || true iptables -D OUTPUT -m set --match-set $ipsetname dst -j ufw-blocklist-output || true
iptables -F ufw-blocklist-output iptables -F ufw-blocklist-output
iptables -X ufw-blocklist-output iptables -X ufw-blocklist-output
fi fi
if chain_exists ufw-blocklist-forward; then if chain_exists ufw-blocklist-forward; then
iptables -D FORWARD -m set --match-set $ipsetname dst -j ufw-blocklist-forward || true iptables -D FORWARD -m set --match-set $ipsetname dst -j ufw-blocklist-forward || true
iptables -F ufw-blocklist-forward iptables -F ufw-blocklist-forward
iptables -X ufw-blocklist-forward iptables -X ufw-blocklist-forward
fi fi
if set_exists $ipsetname; then if set_exists $ipsetname; then
$IPSET_EXE flush $ipsetname $IPSET_EXE flush $ipsetname
$IPSET_EXE destroy $ipsetname $IPSET_EXE destroy $ipsetname
@ -148,14 +151,17 @@ stop)
status) status)
# display details of the ipset # display details of the ipset
$IPSET_EXE list "$ipsetname" -t $IPSET_EXE list "$ipsetname" -t
# show iptables hit/byte counts # show iptables hit/byte counts
iptables -L -nvx | grep "$ipsetname" | grep 'match-set' iptables -L -nvx | grep "$ipsetname" | grep 'match-set'
# show the last 10 lines from the logs # show the last 10 lines from the logs
journalctl | grep -i blocklist | tail journalctl | grep -i blocklist | tail
;; ;;
flush-all) flush-all)
# flush sets created above. Use /etc/cron.daily/ufw-blocklist-ipsum to repopulate # flush sets created above. Use /etc/cron.daily/ufw-blocklist-ipsum to repopulate
$IPSET_EXE flush $ipsetname $IPSET_EXE flush $ipsetname
# reset iptables accounting # reset iptables accounting
ipz=$( iptables -L INPUT -nvx --line-numbers | grep ufw-blocklist-input | awk '{print $1}') ipz=$( iptables -L INPUT -nvx --line-numbers | grep ufw-blocklist-input | awk '{print $1}')
iptables -Z INPUT "$ipz" iptables -Z INPUT "$ipz"

8
UFW-Blocklist/after.init_run-parts
View File

@ -32,16 +32,16 @@
set -e set -e
afterinitdir='/etc/ufw/after.init.d' afterinitdir='/etc/ufw/after.init.d'
if [ ! -d "$afterinitdir" ]; if [ ! -d "$afterinitdir" ]; then
then
echo "$afterinitdir does not exist. nothing to do" echo "$afterinitdir does not exist. nothing to do"
exit 0 exit 0
fi fi
runpartsfunc () runpartsfunc () {
{ {
run-parts --report --regex='^[0-9]{2}-.*.ufw$' --arg="$1" "${afterinitdir}" run-parts --report --regex='^[0-9]{2}-.*.ufw$' --arg="$1" "${afterinitdir}"
exit $? exit $?
}
} }
case "$1" in case "$1" in

20
UFW-Blocklist/ufw-blocklist-ipsum
View File

@ -28,7 +28,6 @@ if [ $RET -ne 0 ]; then
fi fi
ipsetcount=$(echo "$ipsetstatus" | grep '^Number of entries:' | cut -d' ' -f4) ipsetcount=$(echo "$ipsetstatus" | grep '^Number of entries:' | cut -d' ' -f4)
$logger "starting update of ${ipsetname} with ${ipsetcount} entries from ${ipsumurl}" $logger "starting update of ${ipsetname} with ${ipsetcount} entries from ${ipsumurl}"
## Download the latest list ## Download the latest list
@ -43,11 +42,11 @@ fi
declare -a scrublist declare -a scrublist
readarray -t scrublist < <(echo "$rawlist") readarray -t scrublist < <(echo "$rawlist")
## Validate the list length ## Validate the list length
scrublistlen="${#scrublist[@]}" scrublistlen="${#scrublist[@]}"
#echo "length of scrublist array: $scrublistlen" #echo "length of scrublist array: $scrublistlen"
if [ $scrublistlen -lt $minlen ]; then if [ "$scrublistlen" -lt $minlen ]; then
$logger -s "$scrublistlen less than $minlen IPs. something must be wrong with $ipsumurl" $logger -s "$scrublistlen less than $minlen IPs. something must be wrong with $ipsumurl"
exit 1 exit 1
fi fi
@ -73,23 +72,14 @@ if [ $RET -ne 0 ]; then
exit 1 exit 1
fi fi
## loop through each IP address in the scrublist array and add it to the temporary ipset ## loop through each IP address in the scrublist array and add it to the temporary ipset
cnt=0 cnt=0
for i in "${scrublist[@]}" for i in "${scrublist[@]}"
do do
## Validate IP address is correct format
# if not valid ip
# log, cleanup and exit
# fi
# Add that IP to the ipset blocklist # Add that IP to the ipset blocklist
#echo -e "Adding $i to ipset blocklist...\n" $ipset_exe add "$tmpsetname" "$i"
$ipset_exe add "$tmpsetname" $i
cnt=$((cnt+1)) cnt=$((cnt+1))
done done
## ipset swap FROM-SETNAME TO-SETNAME ## ipset swap FROM-SETNAME TO-SETNAME
## Swap the content of two existing sets ## Swap the content of two existing sets