banip: update 0.8.4-2

* fix domain lookup function (parse banIP config vars) * update readme Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-04-28 12:07:06 +02:00 · 2023-04-28 12:07:06 +02:00 · 16acda2262
commit 16acda2262
parent 130e63931f
3 changed files with 53 additions and 52 deletions
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=banip
 PKG_VERSION:=0.8.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@ -125,7 +125,7 @@ Available commands:
 ## banIP config options

 | Option                  | Type   | Default                       | Description                                                                                                  |
-| :---------------------- | :----- | :---------------------------- | :-------------------------------------------------------------------------------------------- |
+| :---------------------- | :----- | :---------------------------- | :----------------------------------------------------------------------------------------------------------- |
 | ban_enabled             | option | 0                             | enable the banIP service                                                                                     |
 | ban_nicelimit           | option | 0                             | ulimit nice level of the banIP service (range 0-19)                                                          |
 | ban_filelimit           | option | 1024                          | ulimit max open/number of files (range 1024-4096)                                                            |
@ -137,8 +137,8 @@ Available commands:
 | ban_loginput            | option | 1                             | log drops in the wan-input chain                                                                             |
 | ban_logforwardwan       | option | 1                             | log drops in the wan-forward chain                                                                           |
 | ban_logforwardlan       | option | 0                             | log rejects in the lan-forward chain                                                                         |
-| ban_autoallowlist       | option | 1                             | add wan IPs/subnets automatically to the local allowlist                                      |
-| ban_autoblocklist       | option | 1                             | add suspicious attacker IPs automatically to the local blocklist                              |
+| ban_autoallowlist       | option | 1                             | add wan IPs/subnets and resolved domains automatically to the local allowlist (not only to the Sets)         |
+| ban_autoblocklist       | option | 1                             | add suspicious attacker IPs and resolved domains automatically to the local blocklist (not only to the Sets) |
 | ban_allowlistonly       | option | 0                             | restrict the internet access from/to a small number of secure websites/IPs                                   |
 | ban_basedir             | option | /tmp                          | base working directory while banIP processing                                                                |
 | ban_reportdir           | option | /tmp/banIP-report             | directory where banIP stores the report files                                                                |
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -1018,6 +1018,7 @@ f_getstatus() {
 f_lookup() {
 	local cnt list domain lookup ip elementsv4 elementsv6 start_time end_time duration cnt_domain="0" cnt_ip="0" feed="${1}"

+	[ -z "${ban_dev}" ] && f_conf
 	start_time="$(date "+%s")"
 	if [ "${feed}" = "allowlist" ]; then
 		list="$("${ban_awkcmd}" '/^([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+([[:space:]]|$)/{printf "%s ",tolower($1)}' "${ban_allowlist}" 2>/dev/null)"