2016-02-15 16:34:45 +03:00
|
|
|
#!/bin/sh
|
|
|
|
|
# create ipset from resolved ip's
|
2019-05-14 18:26:09 +03:00
|
|
|
# $1=no-update - do not update ipset, only create if its absent
|
2016-02-15 16:34:45 +03:00
|
|
|
|
2019-05-08 09:56:46 +03:00
|
|
|
SCRIPT=$(readlink -f "$0")
|
|
|
|
|
EXEDIR=$(dirname "$SCRIPT")
|
2019-03-06 15:52:25 +03:00
|
|
|
IPSET_OPT="hashsize 131072 maxelem 524288"
|
2019-04-06 16:08:14 +03:00
|
|
|
IP2NET=$EXEDIR/../ip2net/ip2net
|
2016-02-15 16:34:45 +03:00
|
|
|
|
|
|
|
|
. "$EXEDIR/def.sh"
|
|
|
|
|
|
2019-05-14 18:26:09 +03:00
|
|
|
[ "$1" = "no-update" ] && NO_UPDATE=1
|
2019-05-07 18:59:57 +03:00
|
|
|
|
2016-03-04 12:03:34 +03:00
|
|
|
create_ipset()
|
|
|
|
|
{
|
2019-04-06 16:08:14 +03:00
|
|
|
local IPSTYPE
|
2019-05-08 10:33:35 +03:00
|
|
|
if [ -x "$IP2NET" ]; then
|
2019-04-06 16:08:14 +03:00
|
|
|
IPSTYPE=hash:net
|
|
|
|
|
else
|
|
|
|
|
IPSTYPE=$1
|
|
|
|
|
fi
|
2019-05-14 18:26:09 +03:00
|
|
|
ipset create $2 $IPSTYPE $IPSET_OPT 2>/dev/null || {
|
|
|
|
|
[ "$NO_UPDATE" = "1" ] && return
|
|
|
|
|
}
|
|
|
|
|
ipset flush $2
|
2018-04-17 09:27:04 +03:00
|
|
|
for f in "$3" "$4"
|
2016-02-15 16:34:45 +03:00
|
|
|
do
|
2019-05-07 18:59:57 +03:00
|
|
|
zzexist "$f" && {
|
|
|
|
|
if [ -x "$IP2NET" ]; then
|
2019-04-06 16:08:14 +03:00
|
|
|
echo Adding to ipset $2 \($IPSTYPE , ip2net\) : $f
|
2019-05-13 18:27:16 +03:00
|
|
|
if [ -f "$5" ] ; then
|
|
|
|
|
zzcat "$f" | grep -vxFf "$5" | "$IP2NET" | sed -nre "s/^.+$/add $2 &/p" | ipset -! restore
|
2019-04-06 16:08:14 +03:00
|
|
|
else
|
2019-05-07 18:59:57 +03:00
|
|
|
zzcat "$f" | "$IP2NET" | sed -nre "s/^.+$/add $2 &/p" | ipset -! restore
|
2019-04-06 16:08:14 +03:00
|
|
|
fi
|
2016-11-26 20:01:33 +03:00
|
|
|
else
|
2019-04-06 16:08:14 +03:00
|
|
|
echo Adding to ipset $2 \($IPSTYPE\) : $f
|
2019-05-13 18:27:16 +03:00
|
|
|
if [ -f "$5" ] ; then
|
|
|
|
|
zzcat "$f" | grep -vxFf "$5" | sort -u | sed -nre "s/^.+$/add $2 &/p" | ipset -! restore
|
2019-04-06 16:08:14 +03:00
|
|
|
else
|
2019-05-07 18:59:57 +03:00
|
|
|
zzcat "$f" | sort -u | sed -nre "s/^.+$/add $2 &/p" | ipset -! restore
|
2019-04-06 16:08:14 +03:00
|
|
|
fi
|
2016-11-26 20:01:33 +03:00
|
|
|
fi
|
2016-02-15 16:34:45 +03:00
|
|
|
}
|
|
|
|
|
done
|
2017-08-13 13:09:08 +03:00
|
|
|
return 0
|
2016-03-04 12:03:34 +03:00
|
|
|
}
|
|
|
|
|
|
2019-05-13 18:27:16 +03:00
|
|
|
create_ipset6()
|
|
|
|
|
{
|
|
|
|
|
local IPSTYPE=$1
|
2019-05-14 18:26:09 +03:00
|
|
|
ipset create $2 $IPSTYPE $IPSET_OPT family inet6 2>/dev/null || {
|
|
|
|
|
[ "$NO_UPDATE" = "1" ] && return
|
|
|
|
|
}
|
|
|
|
|
ipset flush $2
|
2019-05-13 18:27:16 +03:00
|
|
|
for f in "$3" "$4"
|
|
|
|
|
do
|
|
|
|
|
zzexist "$f" && {
|
|
|
|
|
echo Adding to ipset $2 \($IPSTYPE\) : $f
|
|
|
|
|
if [ -f "$5" ] ; then
|
|
|
|
|
zzcat "$f" | grep -vxFf "$5" | sort -u | sed -nre "s/^.+$/add $2 &/p" | ipset -! restore
|
|
|
|
|
else
|
|
|
|
|
zzcat "$f" | sort -u | sed -nre "s/^.+$/add $2 &/p" | ipset -! restore
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
done
|
|
|
|
|
return 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[ "$DISABLE_IPV4" != "1" ] && {
|
|
|
|
|
create_ipset hash:ip $ZIPSET "$ZIPLIST" "$ZIPLIST_USER" "$ZIPLIST_EXCLUDE"
|
|
|
|
|
create_ipset hash:ip $ZIPSET_IPBAN "$ZIPLIST_IPBAN" "$ZIPLIST_USER_IPBAN" "$ZIPLIST_EXCLUDE"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[ "$DISABLE_IPV6" != "1" ] && {
|
|
|
|
|
create_ipset6 hash:ip $ZIPSET6 "$ZIPLIST6" "$ZIPLIST_USER6" "$ZIPLIST_EXCLUDE6"
|
|
|
|
|
create_ipset6 hash:ip $ZIPSET_IPBAN6 "$ZIPLIST_IPBAN6" "$ZIPLIST_USER_IPBAN6" "$ZIPLIST_EXCLUDE6"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
true
|
