projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
banip: update 0.8.1-3
[feed/packages.git] / net / banip / files / banip.init
1 #!/bin/sh /etc/rc.common
2 # banIP init script - ban incoming and outgoing ip adresses/subnets via sets in nftables
3 # Copyright (c) 2018-2023 Dirk Brenken (dev@brenken.org)
4 # This is free software, licensed under the GNU General Public License v3.
5
6 # (s)hellcheck exceptions
7 # shellcheck disable=all
8
9 START=30
10 USE_PROCD=1
11
12 extra_command "report" "[text|json|mail] Print banIP related set statistics"
13 extra_command "search" "[<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP set"
14 extra_command "survey" "[<set name>] List all elements of a given banIP set"
15
16 ban_init="/etc/init.d/banip"
17 ban_service="/usr/bin/banip-service.sh"
18 ban_funlib="/usr/lib/banip-functions.sh"
19 ban_pidfile="/var/run/banip.pid"
20 ban_lock="/var/run/banip.lock"
21
22 [ "${action}" = "stop" ] && ! /etc/init.d/banip running && exit 0
23 [ ! -r "${ban_funlib}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "lookup" ] || [ "${action}" = "status" ]; } && exit 1
24 [ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && exit 1
25 [ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && mkdir -p "${ban_lock}"
26
27 boot() {
28 : >"${ban_pidfile}"
29 rc_procd start_service "boot"
30 }
31
32 start_service() {
33 if "${ban_init}" enabled; then
34 [ "${action}" = "boot" ] && [ -n "$(uci_get banip global ban_trigger)" ] && return 0
35 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
36 f_rmpid
37 procd_open_instance "banip-service"
38 procd_set_param command "${ban_service}" "${@:-"${action}"}"
39 procd_set_param pidfile "${ban_pidfile}"
40 procd_set_param nice "$(uci_get banip global ban_nicelimit "0")"
41 procd_set_param limits nofile="$(uci_get banip global ban_filelimit "1024")"
42 procd_set_param stdout 1
43 procd_set_param stderr 1
44 procd_close_instance
45 else
46 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
47 f_log "err" "banIP service autostart is currently disabled, please enable the service autostart with '/etc/init.d/banip enable'"
48 rm -rf "${ban_lock}"
49 fi
50 }
51
52 reload_service() {
53 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
54 f_rmpid
55 rc_procd start_service "reload"
56 }
57
58 stop_service() {
59 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
60 "${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
61 f_genstatus "stopped"
62 f_rmpid
63 }
64
65 restart() {
66 stop_service
67 rc_procd start_service "restart"
68 }
69
70 status() {
71 status_service
72 }
73
74 status_service() {
75 local actual="${1}"
76
77 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
78 [ -n "${actual}" ] && f_actual || f_getstatus
79 }
80
81 report() {
82 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
83 f_report "${1:-"text"}"
84 }
85
86 search() {
87 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
88 f_search "${1}"
89 }
90
91 survey() {
92 [ -z "$(command -v "f_system")" ] && . "${ban_funlib}"
93 f_survey "${1}"
94 }
95
96 service_triggers() {
97 local iface trigger delay
98
99 trigger="$(uci_get banip global ban_trigger)"
100 delay="$(uci_get banip global ban_triggerdelay "5")"
101 PROCD_RELOAD_DELAY=$((delay * 1000))
102
103 for iface in ${trigger}; do
104 procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
105 done
106 procd_add_reload_trigger "banip"
107 }
Mirror of packages feed