banip: update 0.7.10

* switch to unencrypted http downloads for ipdeny.com due to persistant certificate issues * compact json generator code (tested with report files > 2MB) * various code cleanups and optimizations Signed-off-by: Dirk Brenken <dev@brenken.org> (cherry picked from commit 8ac0103cbd) Signed-off-by: Dirk Brenken <dev@brenken.org>
2021-08-31 11:29:13 +02:00 · 2021-08-31 11:29:13 +02:00 · 19998f14f2
commit 19998f14f2
parent b38bda5ee4
8 changed files with 697 additions and 1113 deletions
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=banip
-PKG_VERSION:=0.7.9
-PKG_RELEASE:=2
+PKG_VERSION:=0.7.10
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

--- a/net/banip/files/banip.dns
+++ b/net/banip/files/banip.dns
@ -1,122 +1,67 @@
 #!/bin/sh
 # helper script to resolve domains for adding to banIP-related IPSets
-# written by Dirk Brenken (dev@brenken.org)
-#
+# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
-#
+
 # (s)hellcheck exceptions
-# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
+# shellcheck disable=1091,3040

 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail

-if [ -r "/lib/functions.sh" ]
-then
-	. "/lib/functions.sh"
-	ban_debug="$(uci_get banip global ban_debug "0")"
-	ban_tmpbase="$(uci_get banip global ban_tmpbase "/tmp")"
-	ban_backupdir="$(uci_get banip global ban_backupdir "${ban_tmpbase}/banIP-Backup")"
-	ban_proto4_enabled="$(uci_get banip global ban_proto4_enabled "0")"
-	ban_proto6_enabled="$(uci_get banip global ban_proto6_enabled "0")"
-else
-	exit 1
-fi
-ban_ver="${1}"
-ban_action="${2}"
-ban_src_name="${3}"
-ban_src_file="${4}"
+. "/lib/functions.sh"
+
+ban_action="${1}"
+ban_src_name="${2}"
+ban_src_file="${3}"
+ban_tmpbase="$(uci_get banip global ban_tmpbase "/tmp")"
+ban_backupdir="$(uci_get banip global ban_backupdir "${ban_tmpbase}/banIP-Backup")"
+ban_proto4_enabled="$(uci_get banip global ban_proto4_enabled "0")"
+ban_proto6_enabled="$(uci_get banip global ban_proto6_enabled "0")"
 ban_ipset_cmd="$(command -v ipset)"
 ban_lookup_cmd="$(command -v nslookup)"
 ban_logger_cmd="$(command -v logger)"
-ban_rc=1

-f_log()
-{
-	local class="${1}" log_msg="${2}"
-
-	if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${ban_debug}" = "1" ]; }
-	then
-		if [ -x "${ban_logger_cmd}" ]
-		then
-			"${ban_logger_cmd}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
-		else
-			printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
-		fi
-	fi
-}
-
-if [ "${ban_action}" = "start" ] || [ "${ban_action}" = "refresh" ]
-then
-	for proto in "4" "6"
-	do
-		if [ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}.gz" ]
-		then
-			gzip -df "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}.gz"
-			if [ "${?}" = "0" ]
-			then
-				ban_rc=0
-			else
-				ban_rc=1
-				break
-			fi
+if [ "${ban_action}" = "start" ] || [ "${ban_action}" = "refresh" ]; then
+	for proto in "4" "6"; do
+		if { [ "${proto}" = "4" ] && [ "${ban_proto4_enabled}" = "1" ]; } ||
+			{ [ "${proto}" = "6" ] && [ "${ban_proto6_enabled}" = "1" ]; }; then
+			gzip -df "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}.gz" 2>/dev/null
 		fi
 	done
 fi

-if [ "${ban_rc}" = "1" ]
-then
-	> "${ban_backupdir}/banIP.${ban_src_name}_addon_4"
-	> "${ban_backupdir}/banIP.${ban_src_name}_addon_6"
-	while read -r domain
-	do
-		update_ips=""
-		result="$("${ban_lookup_cmd}" "${domain}" 2>/dev/null; printf "%s" "${?}")"
-		if [ "$(printf "%s" "${result}" | tail -1)" = "0" ]
-		then
+if { [ "${ban_proto4_enabled}" = "1" ] && [ ! -s "${ban_backupdir}/banIP.${ban_src_name}_addon_4" ]; } ||
+	{ [ "${ban_proto6_enabled}" = "1" ] && [ ! -s "${ban_backupdir}/banIP.${ban_src_name}_addon_6" ]; }; then
+	[ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_4" ] && : > "${ban_backupdir}/banIP.${ban_src_name}_addon_4"
+	[ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_6" ] && : > "${ban_backupdir}/banIP.${ban_src_name}_addon_6"
+	while read -r domain; do
+		result="$(
+			"${ban_lookup_cmd}" "${domain}" 2>/dev/null
+			printf "%s" "${?}"
+		)"
+		if [ "$(printf "%s" "${result}" | tail -1)" = "0" ]; then
 			ips="$(printf "%s" "${result}" | awk '/^Address[ 0-9]*: /{ORS=" ";print $NF}')"
-			for ip in ${ips}
-			do
-				for proto in "4" "6"
-				do
-					if { [ "${proto}" = "4" ] && [ "${ban_proto4_enabled}" = "1" ] && \
-						[ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && \
-						[ -n "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; } || \
-						{ [ "${proto}" = "6" ] && [ "${ban_proto6_enabled}" = "1" ] && \
-						[ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && \
-						[ -z "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; }
-					then
-						printf "%s\n" "add ${ban_src_name}_${proto} ${ip}" >> "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
-						if [ -z "${update_ips}" ]
-						then
-							update_ips="${ip}"
-						else
-							update_ips="${update_ips}, ${ip}"
-						fi
+			for ip in ${ips}; do
+				for proto in "4" "6"; do
+					if { [ "${proto}" = "4" ] && [ "${ban_proto4_enabled}" = "1" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] &&
+						[ -n "$(printf "%s" "${ip}" | awk '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print $1}')" ]; } ||
+						{ [ "${proto}" = "6" ] && [ "${ban_proto6_enabled}" = "1" ] && [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] &&
+							[ -n "$(printf "%s" "${ip}" | awk '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print $1}')" ]; }; then
+						printf "%s\n" "add ${ban_src_name}_${proto} ${ip}" >>"${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
 					fi
 				done
 			done
-			if [ -n "${update_ips}" ]
-			then
-				ban_rc=0
-				f_log "debug" "dns_imp ::: source '${ban_src_name}' supplemented by '${domain}' (${update_ips})"
-			fi
 		fi
-	done < "${ban_src_file}"
+	done <"${ban_src_file}"
 fi

-if [ "${ban_rc}" = "0" ]
-then
-	for proto in "4" "6"
-	do
-		if [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && [ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}" ]
-		then
-			"${ban_ipset_cmd}" -q -! restore < "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
-			gzip -f "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
-		fi
-		rm -f "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
-	done
-fi
-f_log "info" "banIP domain import for source '${ban_src_name}' has been finished with rc '${ban_rc}'"
+for proto in "4" "6"; do
+	if [ -n "$("${ban_ipset_cmd}" -q -n list "${ban_src_name}_${proto}")" ] && [ -s "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}" ]; then
+		"${ban_ipset_cmd}" -q -! restore <"${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
+		gzip -f "${ban_backupdir}/banIP.${ban_src_name}_addon_${proto}"
+	fi
+done
+"${ban_logger_cmd}" -p "info" -t "banIP-resolve [${$}]" "banIP domain import for source '${ban_src_name}' has been finished" 2>/dev/null
 rm -f "${ban_src_file}"
-exit "${ban_rc}"
--- a/net/banip/files/banip.hotplug
+++ b/net/banip/files/banip.hotplug
@ -1,14 +1,10 @@
 #!/bin/sh
-#
-ban_pidfile="/var/run/banip.pid"
-ban_enabled="$(/etc/init.d/banip enabled; printf "%u" "${?}")"
+# firewall hotplug script for banIP
+# Copyright (c) 2019-2021 Dirk Brenken (dev@brenken.org)
+# This is free software, licensed under the GNU General Public License v3.

-if [ "${ban_enabled}" = "0" ] && [ "${ACTION}" = "add" ] && [ -n "${INTERFACE}" ]
-then
-	ban_ifaces="$(uci_get banip global ban_ifaces)"
-	if [ ! -s "${ban_pidfile}" ] && [ -n "$(printf "%s\n" "${ban_ifaces}" | grep -F "${INTERFACE}")" ]
-	then
+if /etc/init.d/banip enabled && [ "${ACTION}" = "add" ] && [ -n "${INTERFACE}" ]; then
+	if [ ! -s "/var/run/banip.pid" ] && uci_get banip global ban_ifaces | grep -q "${INTERFACE}"; then
 		/etc/init.d/banip refresh
 	fi
 fi
-exit 0
--- a/net/banip/files/banip.init
+++ b/net/banip/files/banip.init
@ -1,16 +1,14 @@
 #!/bin/sh /etc/rc.common
-# written by Dirk Brenken (dev@brenken.org)
-#
+# Copyright (c) 2018-2021 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
-#
+
 # (s)hellcheck exceptions
-# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
+# shellcheck disable=1091,2034,3043,3057,3060

 START=30
 USE_PROCD=1

-if [ -n "$(type -t extra_command)" ]
-then
+if type extra_command >/dev/null 2>&1; then
 	extra_command "refresh" "Refresh ipsets without new list downloads"
 	extra_command "suspend" "Suspend banIP processing"
 	extra_command "resume" "Resume banIP processing"
@ -18,7 +16,6 @@ then
 	extra_command "report" "[<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics"
 	extra_command "list" "[<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources"
 	extra_command "timer" "[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals"
-	extra_command "version" "Print version information"
 else
 	EXTRA_COMMANDS="status refresh suspend resume query report list timer version"
 	EXTRA_HELP="	status	Service status
@ -28,34 +25,28 @@ else
 	query	<IP> Query active banIP IPSets for a specific IP address
 	report	[<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics
 	list	[<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources
-	timer	[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals
-	version	Print version information"
+	timer	[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals"
 fi

 ban_init="/etc/init.d/banip"
 ban_script="/usr/bin/banip.sh"
 ban_pidfile="/var/run/banip.pid"

-if [ -s "${ban_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] || \
-	[ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "refresh" ] || \
-	[ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] || \
-	{ [ "${action}" = "list" ] && [ -n "${1}" ]; } || { [ "${action}" = "report" ] && [ "${1}" != "json" ]; }; }
-then
+if [ -s "${ban_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] ||
+	[ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "refresh" ] ||
+	[ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] ||
+	{ [ "${action}" = "list" ] && [ -n "${1}" ]; } || { [ "${action}" = "report" ] && [ "${1}" != "json" ]; }; }; then
 	exit 0
 fi

-boot()
-{
-	> "${ban_pidfile}"
+boot() {
+	: >"${ban_pidfile}"
 	rc_procd start_service
 }

-start_service()
-{
-	if [ "$("${ban_init}" enabled; printf "%u" ${?})" = "0" ]
-	then
-		if [ "${action}" = "boot" ]
-		then
+start_service() {
+	if "${ban_init}" enabled; then
+		if [ "${action}" = "boot" ]; then
 			return 0
 		fi
 		procd_open_instance "banip"
@ -68,102 +59,84 @@ start_service()
 	fi
 }

-version()
-{
+version() {
 	rc_procd "${ban_script}" version
 }

-refresh()
-{
+refresh() {
 	rc_procd start_service refresh
 }

-reload_service()
-{
+reload_service() {
 	rc_procd start_service reload
 }

-stop_service()
-{
+stop_service() {
 	rc_procd "${ban_script}" stop
 }

-restart()
-{
+restart() {
 	rc_procd start_service restart
 }

-suspend()
-{
+suspend() {
 	rc_procd start_service suspend
 }

-resume()
-{
+resume() {
 	rc_procd start_service resume
 }

-query()
-{
+query() {
 	rc_procd "${ban_script}" query "${1}"
 }

-list()
-{
-	local src_archive src_file src_enabled key name enabled focus url_4 rule_4 url_6 rule_6 action="${1}"
+list() {
+	local src_archive src_file src_enabled key name enabled focus descurl url_4 rule_4 url_6 rule_6 action="${1}"

-	if [ "${action%_*}" = "add" ] || [ "${action%_*}" = "remove" ]
-	then
+	if [ "${action%_*}" = "add" ] || [ "${action%_*}" = "remove" ]; then
 		shift
-		for name in "${@}"
-		do
+		for name in "${@}"; do
 			case "${action}" in
 				"add")
-					if [ -z "$(uci_get banip global ban_sources | grep -Fo "${name}")" ]
-					then
+					if ! uci_get banip global ban_sources | grep -q "${name}"; then
 						uci_add_list banip global ban_sources "${name}"
 						printf "%s\n" "::: banIP source '${name}' added to config"
 					fi
-				;;
+					;;
 				"remove")
-					if [ -n "$(uci_get banip global ban_sources | grep -Fo "${name}")" ]
-					then
+					if uci_get banip global ban_sources | grep -q "${name}"; then
 						uci_remove_list banip global ban_sources "${name}"
 						printf "%s\n" "::: banIP source '${name}' removed from config"
 					fi
-				;;
+					;;
 				"add_asn")
-					if [ -z "$(uci_get banip global ban_asns | grep -Fo "${name}")" ]
-					then
+					if ! uci_get banip global ban_asns | grep -q "${name}"; then
 						uci_add_list banip global ban_asns "${name}"
 						printf "%s\n" "::: banIP asn '${name}' added to config"
 					fi
-				;;
+					;;
 				"remove_asn")
-					if [ -n "$(uci_get banip global ban_asns | grep -Fo "${name}")" ]
-					then
+					if uci_get banip global ban_asns | grep -q "${name}"; then
 						uci_remove_list banip global ban_asns "${name}"
 						printf "%s\n" "::: banIP asn '${name}' removed from config"
 					fi
-				;;
+					;;
 				"add_country")
-					if [ -z "$(uci_get banip global ban_countries | grep -Fo "${name}")" ]
-					then
+					if ! uci_get banip global ban_countries | grep -q "${name}"; then
 						uci_add_list banip global ban_countries "${name}"
 						printf "%s\n" "::: banIP country '${name}' added to config"
 					fi
-				;;
+					;;
 				"remove_country")
-					if [ -n "$(uci_get banip global ban_countries | grep -Fo "${name}")" ]
-					then
+					if uci_get banip global ban_countries | grep -q "${name}"; then
 						uci_remove_list banip global ban_countries "${name}"
 						printf "%s\n" "::: banIP country '${name}' removed from config"
 					fi
-				;;
+					;;
 			esac
 		done
-		if [ -n "$(uci -q changes banip)" ]
-		then
+		if [ -n "$(uci -q changes banip)" ]; then
 			uci_commit banip
 			"${ban_init}" start
 		fi
@ -171,24 +144,21 @@ list()
 		src_archive="$(uci_get banip global ban_srcarc "/etc/banip/banip.sources.gz")"
 		src_file="$(uci_get banip global ban_srcfile "/tmp/ban_sources.json")"
 		src_enabled="$(uci -q show banip.global.ban_sources)"
-		if [ -r "${src_archive}" ]
-		then
-			zcat "${src_archive}" > "${src_file}"
+		if [ -r "${src_archive}" ]; then
+			zcat "${src_archive}" >"${src_file}"
 		else
 			printf "%s\n" "::: banIP source archive '${src_archive}' not found"
 		fi
-		if [ -r "${src_file}" ]
-		then
+		if [ -r "${src_file}" ]; then
 			src_enabled="${src_enabled#*=}"
-			src_enabled="${src_enabled//\'}"
+			src_enabled="${src_enabled//\'/}"
 			printf "%s\n" "::: Available banIP sources"
 			printf "%s\n" ":::"
 			printf "%-25s%-10s%-36s%s\n" "    Name" "Enabled" "Focus" "Info URL"
 			printf "%s\n" "    ---------------------------------------------------------------------------"
 			json_load_file "${src_file}"
 			json_get_keys keylist
-			for key in ${keylist}
-			do
+			for key in ${keylist}; do
 				json_select "${key}"
 				json_get_var focus "focus"
 				json_get_var descurl "descurl"
@ -196,15 +166,13 @@ list()
 				json_get_var rule_4 "rule_4"
 				json_get_var url_6 "url_6"
 				json_get_var rule_6 "rule_6"
-				if { [ -n "${url_4}" ] && [ -n "${rule_4}" ]; } || { [ -n "${url_6}" ] && [ -n "${rule_6}" ]; }
-				then
-					if [ -n "$(printf "%s" "${src_enabled}" | grep -Fo "${key}")" ]
-					then
+				if { [ -n "${url_4}" ] && [ -n "${rule_4}" ]; } || { [ -n "${url_6}" ] && [ -n "${rule_6}" ]; }; then
+					if printf "%s" "${src_enabled}" | grep -q "${key}"; then
 						enabled="x"
 					else
 						enabled=" "
 					fi
-					src_enabled="${src_enabled/${key}}"
+					src_enabled="${src_enabled/${key}/}"
 					printf "  + %-21s%-10s%-36s%s\n" "${key:0:20}" "${enabled}" "${focus:0:35}" "${descurl:0:50}"
 				else
 					src_enabled="${src_enabled} ${key}"
@ -217,13 +185,11 @@ list()
 			printf "  * %s\n" "Configured ASNs: ${asn_list// /, }"
 			printf "  * %s\n" "Configured Countries: ${country_list// /, }"

-			if [ -n "${src_enabled// }" ]
-			then
+			if [ -n "${src_enabled// /}" ]; then
 				printf "%s\n" "    ---------------------------------------------------------------------------"
 				printf "%s\n" "    Sources without valid configuration"
 				printf "%s\n" "    ---------------------------------------------------------------------------"
-				for key in ${src_enabled}
-				do
+				for key in ${src_enabled}; do
 					printf "  - %s\n" "${key:0:20}"
 				done
 			fi
@ -233,41 +199,34 @@ list()
 	fi
 }

-status()
-{
+status() {
 	status_service
 }

-status_service()
-{
-	local key keylist value index_value values rtfile
+status_service() {
+	local key keylist type value index_value values rtfile

 	rtfile="$(uci_get banip global ban_rtfile "/tmp/ban_runtime.json")"

 	json_load_file "${rtfile}" >/dev/null 2>&1
 	json_get_keys keylist
-	if [ -n "${keylist}" ]
-	then
+	if [ -n "${keylist}" ]; then
 		printf "%s\n" "::: banIP runtime information"
-		for key in ${keylist}
-		do
+		for key in ${keylist}; do
 			json_get_var value "${key}" >/dev/null 2>&1
-			if [ "${key%_*}" = "active" ]
-			then
+			if [ "${key%_*}" = "active" ]; then
 				printf "  + %-15s : " "${key}"
 				json_select "${key}" >/dev/null 2>&1
 				values=""
 				index=1
-				while json_get_type type "${index}" && [ "${type}" = "object" ]
-				do
+				while json_get_type type "${index}" && [ "${type}" = "object" ]; do
 					json_get_values index_value "${index}" >/dev/null 2>&1
-					if [ "${index}" = "1" ]
-					then
+					if [ "${index}" = "1" ]; then
 						values="${index_value}"
 					else
 						values="${values}, ${index_value}"
 					fi
-					index=$((index+1))
+					index=$((index + 1))
 				done
 				values="$(printf "%s" "${values}" | awk '{NR=1;max=98;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-22s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
 				printf "%s\n" "${values:-"-"}"
@ -281,64 +240,53 @@ status_service()
 	fi
 }

-report()
-{
+report() {
 	rc_procd "${ban_script}" report "${1:-"cli"}"
 }

-timer()
-{
+timer() {
 	local cron_file cron_content cron_lineno action="${1:-"list"}" cron_tasks="${2}" hour="${3}" minute="${4:-0}" weekday="${5:-"*"}"

 	cron_file="/etc/crontabs/root"

-	if [ -s "${cron_file}" ] && [ "${action}" = "list" ]
-	then
+	if [ -s "${cron_file}" ] && [ "${action}" = "list" ]; then
 		awk '{print NR ">  " $0}' "${cron_file}"
-	elif [ "${action}" = "add" ]
-	then
+	elif [ "${action}" = "add" ]; then
 		hour="${hour//[[:alpha:]]/}"
 		minute="${minute//[[:alpha:]]/}"
-		if [ -n "${cron_tasks}" ] && [ -n "${hour}" ] && [ -n "${minute}" ] && [ -n "${weekday}" ] && \
-			[ "${hour}" -ge 0 ] && [ "${hour}" -le 23 ] && \
-			[ "${minute}" -ge 0 ] && [ "${minute}" -le 59 ]
-		then
-			printf "%02d %02d %s\n" "${minute}" "${hour}" "* * ${weekday} ${ban_init} ${cron_tasks}" >> "${cron_file}"
+		if [ -n "${cron_tasks}" ] && [ -n "${hour}" ] && [ -n "${minute}" ] && [ -n "${weekday}" ] &&
+			[ "${hour}" -ge 0 ] && [ "${hour}" -le 23 ] &&
+			[ "${minute}" -ge 0 ] && [ "${minute}" -le 59 ]; then
+			printf "%02d %02d %s\n" "${minute}" "${hour}" "* * ${weekday} ${ban_init} ${cron_tasks}" >>"${cron_file}"
 			/etc/init.d/cron restart
 		fi
-	elif [ -s "${cron_file}" ] && [ "${action}" = "remove" ]
-	then
+	elif [ -s "${cron_file}" ] && [ "${action}" = "remove" ]; then
 		cron_tasks="${cron_tasks//[[:alpha:]]/}"
 		cron_lineno="$(awk 'END{print NR}' "${cron_file}")"
 		cron_content="$(awk '{print $0}' "${cron_file}")"
-		if [ "${cron_tasks:-"0"}" -le "${cron_lineno:-"1"}" ] && [ -n "${cron_content}" ]
-		then
-			printf "%s\n" "${cron_content}" | awk "NR!~/^${cron_tasks}$/" > "${cron_file}"
+		if [ "${cron_tasks:-"0"}" -le "${cron_lineno:-"1"}" ] && [ -n "${cron_content}" ]; then
+			printf "%s\n" "${cron_content}" | awk "NR!~/^${cron_tasks}$/" >"${cron_file}"
 			/etc/init.d/cron restart
 		fi
 	fi
 }

-service_triggers()
-{
+service_triggers() {
 	local iface delay

 	iface="$(uci_get banip global ban_trigger)"
 	delay="$(uci_get banip global ban_triggerdelay "5")"
-	PROCD_RELOAD_DELAY=$((delay*1000))
+	PROCD_RELOAD_DELAY=$((delay * 1000))

-	if [ -z "${iface}" ]
-	then
+	if [ -z "${iface}" ]; then
 		. "/lib/functions/network.sh"
 		network_find_wan iface
-		if [ -n "${iface}" ]
-		then
+		if [ -n "${iface}" ]; then
 			uci_set banip global ban_trigger "${iface}"
 			uci_commit "banip"
 		fi
 	fi
-	if [ -n "${iface}" ]
-	then
+	if [ -n "${iface}" ]; then
 		procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
 	fi
 	procd_add_reload_trigger "banip"
--- a/net/banip/files/banip.mail
+++ b/net/banip/files/banip.mail
@ -1,52 +1,35 @@
 #!/bin/sh
 # send mail script for banIP notifications
-# written by Dirk Brenken (dev@brenken.org)
-#
+# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
-#
+
 # (s)hellcheck exceptions
-# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
+# shellcheck disable=1091,3040
+
+# Please note: you have to setup the package 'msmtp' before using this script

 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail

-if [ -r "/lib/functions.sh" ]
-then
-	. "/lib/functions.sh"
-	ban_debug="$(uci_get banip global ban_debug "0")"
-	ban_loglimit="$(uci_get banip global ban_loglimit "100")"
-	ban_mailsender="$(uci_get banip global ban_mailsender "no-reply@banIP")"
-	ban_mailreceiver="$(uci_get banip global ban_mailreceiver)"
-	ban_mailtopic="$(uci_get banip global ban_mailtopic "banIP notification")"
-	ban_mailprofile="$(uci_get banip global ban_mailprofile "ban_notify")"
-fi
-ban_ver="${1}"
+. "/lib/functions.sh"
+ban_debug="$(uci_get banip global ban_debug "0")"
+ban_loglimit="$(uci_get banip global ban_loglimit "100")"
+ban_mailsender="$(uci_get banip global ban_mailsender "no-reply@banIP")"
+ban_mailreceiver="$(uci_get banip global ban_mailreceiver)"
+ban_mailtopic="$(uci_get banip global ban_mailtopic "banIP notification")"
+ban_mailprofile="$(uci_get banip global ban_mailprofile "ban_notify")"
+
 ban_mail="$(command -v msmtp)"
 ban_logger="$(command -v logger)"
 ban_logread="$(command -v logread)"
-ban_rc=1

-f_log()
-{
-	local class="${1}" log_msg="${2}"
-
-	if [ -x "${ban_logger}" ]
-	then
-		"${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
-	else
-		printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
-	fi
-}
-
-if [ -z "${ban_mailreceiver}" ]
-then
+if [ -z "${ban_mailreceiver}" ]; then
 	f_log "err" "please set the mail receiver with the 'ban_mailreceiver' option"
-	exit ${ban_rc}
+	exit 1
 fi

-if [ "${ban_debug}" = "1" ]
-then
+if [ "${ban_debug}" = "1" ]; then
 	msmtp_debug="--debug"
 fi

@ -54,9 +37,12 @@ ban_mailhead="From: ${ban_mailsender}\nTo: ${ban_mailreceiver}\nSubject: ${ban_m

 # info preparation
 #
-sys_info="$(strings /etc/banner 2>/dev/null)"
+sys_info="$(
+	strings /etc/banner 2>/dev/null
+	ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf "  + %-12s: %s\n",$2,$4}'
+)"
 ban_info="$(/etc/init.d/banip "status" 2>/dev/null)"
-rep_info="${2}"
+rep_info="${1}"
 log_info="$("${ban_logread}" -l "${ban_loglimit}" -e "banIP-" 2>/dev/null | awk '{NR=1;max=120;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"

 # mail body
@ -64,8 +50,7 @@ log_info="$("${ban_logread}" -l "${ban_loglimit}" -e "banIP-" 2>/dev/null | awk
 ban_mailtext="<html><body><pre style='display:block;font-family:monospace;font-size:1rem;padding:20;background-color:#f3eee5;white-space:pre'>"
 ban_mailtext="${ban_mailtext}\n<strong>++\n++ System Information ++\n++</strong>\n${sys_info}"
 ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ banIP Status ++\n++</strong>\n${ban_info}"
-if [ -n "${rep_info}" ]
-then
+if [ -n "${rep_info}" ]; then
 	ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ banIP Report ++\n++</strong>\n${rep_info}"
 fi
 ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ Logfile Information ++\n++</strong>\n${log_info}"
@ -73,12 +58,5 @@ ban_mailtext="${ban_mailtext}</pre></body></html>"

 # send mail
 #
-if [ -x "${ban_mail}" ]
-then
-	printf "%b" "${ban_mailhead}${ban_mailtext}" 2>/dev/null | "${ban_mail}" ${msmtp_debug} -a "${ban_mailprofile}" "${ban_mailreceiver}" >/dev/null 2>&1
-	ban_rc=${?}
-	f_log "info" "mail sent to '${ban_mailreceiver}' with rc '${ban_rc}'"
-else
-	f_log "err" "msmtp mail daemon not found"
-fi
-exit ${ban_rc}
+printf "%b" "${ban_mailhead}${ban_mailtext}" 2>/dev/null | "${ban_mail}" ${msmtp_debug} -a "${ban_mailprofile}" "${ban_mailreceiver}" >/dev/null 2>&1
+"${ban_logger}" -p "info" -t "banIP-mail [${$}]" "mail sent to '${ban_mailreceiver}' with rc '${?}'" 2>/dev/null
--- a/net/banip/files/banip.service
+++ b/net/banip/files/banip.service
@ -1,36 +1,28 @@
 #!/bin/sh
-# log service to trace failed ssh/luci logins and conditionally refresh banIP
-# written by Dirk Brenken (dev@brenken.org)
-#
+# log service to trace suspicious logins and conditionally refresh banIP
+# Copyright (c) 2019-2021 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
-#
+
 # (s)hellcheck exceptions
-# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
+# shellcheck disable=3040

 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
 set -o pipefail
-ban_ver="${1}"
-ban_search="${2}"
-ban_logger="$(command -v logger)"
-ban_logread="$(command -v logread)"

-f_log()
-{
-	local class="${1}" log_msg="${2}"
+ban_search="${1}"
+ban_logger_cmd="$(command -v logger)"
+ban_logread_cmd="$(command -v logread)"

-	if [ -x "${ban_logger}" ]
-	then
-		"${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
-	else
-		printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
-	fi
-}
-
-if [ -x "${ban_logread}" ]
-then
-	f_log "info" "log/banIP service started"
-	"${ban_logread}" -f | { grep -qE "${ban_search}"; [ "${?}" = "0" ] && { /etc/init.d/banip refresh; exit 0; }; }
+if [ -x "${ban_logread_cmd}" ]; then
+	"${ban_logger_cmd}" -p "info" -t "banIP-service [${$}]" "log/banIP service started" 2>/dev/null
+	"${ban_logread_cmd}" -f |
+		{
+			grep -qE "${ban_search}" && {
+				/etc/init.d/banip refresh
+				exit 0
+			}
+		}
 else
-	f_log "err" "can't start log/banIP service"
+	"${ban_logger_cmd}" -p "err" -t "banIP-service [${$}]" "can't start log/banIP service" 2>/dev/null
 fi
--- a/net/banip/files/banip.sh
+++ b/net/banip/files/banip.sh
--- a/net/banip/files/banip.sources
+++ b/net/banip/files/banip.sources
@ -16,12 +16,12 @@
 		"descurl": "https://team-cymru.com"
 	},
 	"country": {
-		"url_4": "https://www.ipdeny.com/ipblocks/data/aggregated/",
-		"url_6": "https://www.ipdeny.com/ipv6/ipaddresses/aggregated/",
+		"url_4": "http://www.ipdeny.com/ipblocks/data/aggregated/",
+		"url_6": "http://www.ipdeny.com/ipv6/ipaddresses/aggregated/",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add country_4 \"$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add country_6 \"$1}",
 		"focus": "Country blocks",
-		"descurl": "https://www.ipdeny.com/ipblocks"
+		"descurl": "http://www.ipdeny.com/ipblocks"
 	},
 	"darklist": {
 		"url_4": "https://darklist.de/raw.php",