1 #!/bin/sh /etc/rc.common
2 # banIP init script - ban incoming and outgoing ip adresses/subnets via sets in nftables
3 # Copyright (c) 2018-2023 Dirk Brenken (dev@brenken.org)
4 # This is free software, licensed under the GNU General Public License v3.
6 # (s)hellcheck exceptions
7 # shellcheck disable=all
12 extra_command
"report" "[text|json|mail] Print banIP related set statistics"
13 extra_command
"search" "[<IPv4 address>|<IPv6 address>] Check if an element exists in a banIP set"
14 extra_command
"survey" "[<set name>] List all elements of a given banIP set"
16 ban_init
="/etc/init.d/banip"
17 ban_service
="/usr/bin/banip-service.sh"
18 ban_funlib
="/usr/lib/banip-functions.sh"
19 ban_pidfile
="/var/run/banip.pid"
20 ban_lock
="/var/run/banip.lock"
22 [ "${action}" = "stop" ] && ! /etc
/init.d
/banip running
&& exit 0
23 [ ! -r "${ban_funlib}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "stop" ] || [ "${action}" = "report" ] || [ "${action}" = "search" ] || [ "${action}" = "lookup" ] || [ "${action}" = "status" ]; } && exit 1
24 [ -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && exit 1
25 [ ! -d "${ban_lock}" ] && { [ "${action}" = "start" ] || [ "${action}" = "restart" ] || [ "${action}" = "reload" ]; } && mkdir -p "${ban_lock}"
29 rc_procd start_service "boot
"
33 if "${ban_init}" enabled; then
34 [ "${action}" = "boot
" ] && [ -n "$
(uci_get banip global ban_trigger
)" ] && return 0
35 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
37 procd_open_instance "banip-service
"
38 procd_set_param command "${ban_service}" "${@:-"${action}"}"
39 procd_set_param pidfile "${ban_pidfile}"
40 procd_set_param nice "$
(uci_get banip global ban_nicelimit
"0")"
41 procd_set_param limits nofile="$
(uci_get banip global ban_filelimit
"1024")"
42 procd_set_param stdout 1
43 procd_set_param stderr 1
46 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
47 f_log "err
" "banIP service autostart is currently disabled
, please
enable the service autostart with
'/etc/init.d/banip enable'"
53 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
55 rc_procd start_service "reload
"
59 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
60 "${ban_nftcmd}" delete table inet banIP >/dev/null 2>&1
67 rc_procd start_service "restart
"
77 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
78 [ -n "${actual}" ] && f_actual || f_getstatus
82 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
83 f_report "${1:-"text"}"
87 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
92 [ -z "$
(command -v "f_system")" ] && . "${ban_funlib}"
97 local iface trigger delay
99 trigger="$
(uci_get banip global ban_trigger
)"
100 delay="$
(uci_get banip global ban_triggerdelay
"5")"
101 PROCD_RELOAD_DELAY=$((delay * 1000))
103 for iface in ${trigger}; do
104 procd_add_interface_trigger "interface.
*.up
" "${iface}" "${ban_init}" "start
"
106 procd_add_reload_trigger "banip
"