Cleanup and reformat scripts
This commit is contained in:
parent
c052ec3a70
commit
d1b2c702b1
@ -130,16 +130,19 @@ stop)
|
||||
iptables -F ufw-blocklist-input
|
||||
iptables -X ufw-blocklist-input
|
||||
fi
|
||||
|
||||
if chain_exists ufw-blocklist-output; then
|
||||
iptables -D OUTPUT -m set --match-set $ipsetname dst -j ufw-blocklist-output || true
|
||||
iptables -F ufw-blocklist-output
|
||||
iptables -X ufw-blocklist-output
|
||||
fi
|
||||
|
||||
if chain_exists ufw-blocklist-forward; then
|
||||
iptables -D FORWARD -m set --match-set $ipsetname dst -j ufw-blocklist-forward || true
|
||||
iptables -F ufw-blocklist-forward
|
||||
iptables -X ufw-blocklist-forward
|
||||
fi
|
||||
|
||||
if set_exists $ipsetname; then
|
||||
$IPSET_EXE flush $ipsetname
|
||||
$IPSET_EXE destroy $ipsetname
|
||||
@ -148,14 +151,17 @@ stop)
|
||||
status)
|
||||
# display details of the ipset
|
||||
$IPSET_EXE list "$ipsetname" -t
|
||||
|
||||
# show iptables hit/byte counts
|
||||
iptables -L -nvx | grep "$ipsetname" | grep 'match-set'
|
||||
|
||||
# show the last 10 lines from the logs
|
||||
journalctl | grep -i blocklist | tail
|
||||
;;
|
||||
flush-all)
|
||||
# flush sets created above. Use /etc/cron.daily/ufw-blocklist-ipsum to repopulate
|
||||
$IPSET_EXE flush $ipsetname
|
||||
|
||||
# reset iptables accounting
|
||||
ipz=$( iptables -L INPUT -nvx --line-numbers | grep ufw-blocklist-input | awk '{print $1}')
|
||||
iptables -Z INPUT "$ipz"
|
||||
|
||||
@ -32,17 +32,17 @@
|
||||
set -e
|
||||
|
||||
afterinitdir='/etc/ufw/after.init.d'
|
||||
if [ ! -d "$afterinitdir" ];
|
||||
then
|
||||
if [ ! -d "$afterinitdir" ]; then
|
||||
echo "$afterinitdir does not exist. nothing to do"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
runpartsfunc ()
|
||||
runpartsfunc () {
|
||||
{
|
||||
run-parts --report --regex='^[0-9]{2}-.*.ufw$' --arg="$1" "${afterinitdir}"
|
||||
exit $?
|
||||
}
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
|
||||
@ -28,7 +28,6 @@ if [ $RET -ne 0 ]; then
|
||||
fi
|
||||
|
||||
ipsetcount=$(echo "$ipsetstatus" | grep '^Number of entries:' | cut -d' ' -f4)
|
||||
|
||||
$logger "starting update of ${ipsetname} with ${ipsetcount} entries from ${ipsumurl}"
|
||||
|
||||
## Download the latest list
|
||||
@ -43,11 +42,11 @@ fi
|
||||
declare -a scrublist
|
||||
readarray -t scrublist < <(echo "$rawlist")
|
||||
|
||||
|
||||
## Validate the list length
|
||||
scrublistlen="${#scrublist[@]}"
|
||||
|
||||
#echo "length of scrublist array: $scrublistlen"
|
||||
if [ $scrublistlen -lt $minlen ]; then
|
||||
if [ "$scrublistlen" -lt $minlen ]; then
|
||||
$logger -s "$scrublistlen less than $minlen IPs. something must be wrong with $ipsumurl"
|
||||
exit 1
|
||||
fi
|
||||
@ -73,24 +72,15 @@ if [ $RET -ne 0 ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
||||
|
||||
## loop through each IP address in the scrublist array and add it to the temporary ipset
|
||||
cnt=0
|
||||
for i in "${scrublist[@]}"
|
||||
do
|
||||
## Validate IP address is correct format
|
||||
# if not valid ip
|
||||
# log, cleanup and exit
|
||||
# fi
|
||||
|
||||
# Add that IP to the ipset blocklist
|
||||
#echo -e "Adding $i to ipset blocklist...\n"
|
||||
$ipset_exe add "$tmpsetname" $i
|
||||
$ipset_exe add "$tmpsetname" "$i"
|
||||
cnt=$((cnt+1))
|
||||
done
|
||||
|
||||
|
||||
## ipset swap FROM-SETNAME TO-SETNAME
|
||||
## Swap the content of two existing sets
|
||||
$ipset_exe swap "$tmpsetname" "$ipsetname"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user