Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #14649 from dibdot/banip

Browse source 
banip: release 0.7.0
This commit is contained in:
Dirk Brenken 2021-02-04 21:39:08 +01:00 committed by GitHub
commit 7ec5a355d7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 2560 additions and 1065 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
net/banip/Makefile
View file

@ -1,12 +1,12 @@
#
# Copyright (c) 2018-2019 Dirk Brenken (dev@brenken.org)
# Copyright (c) 2018-2021 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.3.13
PKG_VERSION:=0.7.0
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
@ -16,7 +16,7 @@ include $(INCLUDE_DIR)/package.mk
define Package/banip
SECTION:=net
CATEGORY:=Network
TITLE:=Ban incoming and/or outgoing ip adresses via ipsets
TITLE:=Ban incoming and outgoing ip adresses via ipsets
DEPENDS:=+jshn +jsonfilter +ip +ipset +iptables +ca-bundle
PKGARCH:=all
endef
@ -30,8 +30,9 @@ endef
define Package/banip/conffiles
/etc/config/banip
/etc/banip/banip.whitelist
/etc/banip/banip.maclist
/etc/banip/banip.blacklist
/etc/banip/banip.whitelist
endef
define Build/Prepare
@ -54,9 +55,14 @@ define Package/banip/install
$(INSTALL_CONF) ./files/banip.conf $(1)/etc/config/banip
$(INSTALL_DIR) $(1)/etc/banip
$(INSTALL_BIN) ./files/banip.mail $(1)/etc/banip
$(INSTALL_BIN) ./files/banip.service $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.maclist $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.blacklist $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.whitelist $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.countries $(1)/etc/banip
$(INSTALL_CONF) ./files/banip.sources $(1)/etc/banip
gzip -9 $(1)/etc/banip/banip.sources
$(INSTALL_DIR) $(1)/etc/hotplug.d/firewall
$(INSTALL_DATA) ./files/banip.hotplug $(1)/etc/hotplug.d/firewall/30-banip

385
net/banip/files/README.md
View file

@ -1,10 +1,42 @@
<!-- markdownlint-disable -->
# banIP - ban incoming and/or outgoing ip adresses via ipsets
## Description
IP address blocking is commonly used to protect against brute force attacks, prevent disruptive or unauthorized address(es) from access or it can be used to restrict access to or from a particular geographic area — for example.
## Main Features
* support many IP blocklist sources (free for private usage, for commercial use please check their individual licenses):
* Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
| Source | Focus | Information |
| :------------------ | :--------------------------: | :-------------------------------------------------------------------------------- |
| asn | ASN block | [Link](https://asn.ipinfo.app) |
| bogon | Bogon prefixes | [Link](https://team-cymru.com) |
| country | Country blocks | [Link](https://www.ipdeny.com/ipblocks) |
| darklist | Attacker IP blacklist | [Link](https://darklist.de) |
| debl | Fail2ban IP blacklist | [Link](https://www.blocklist.de) |
| doh | Public DoH-Provider | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
| drop | Spamhaus drop compilation | [Link](https://www.spamhaus.org) |
| dshield | Dshield IP blocklist | [Link](https://www.dshield.org) |
| edrop | Spamhaus edrop compilation | [Link](https://www.spamhaus.org) |
| feodo | Feodo Tracker | [Link](https://feodotracker.abuse.ch) |
| firehol1 | Firehol Level 1 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
| firehol2 | Firehol Level 2 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
| firehol3 | Firehol Level 3 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
| firehol4 | Firehol Level 4 compilation | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
| iblockads | Advertising blocklist | [Link](https://www.iblocklist.com) |
| iblockspy | Malicious spyware blocklist | [Link](https://www.iblocklist.com) |
| myip | Myip Live IP blacklist | [Link](https://myip.ms) |
| nixspam | iX spam protection | [Link](http://www.nixspam.org) |
| proxy | Firehol list of open proxies | [Link](https://iplists.firehol.org/?ipset=proxylists) |
| ssbl | SSL botnet IP blacklist | [Link](https://sslbl.abuse.ch) |
| threat | Emerging Threats | [Link](https://rules.emergingthreats.net) |
| tor | Tor exit nodes | [Link](https://fissionrelays.net/lists) |
| uceprotect1 | Spam protection level 1 | [Link](http://www.uceprotect.net/en/index.php) |
| uceprotect2 | Spam protection level 2 | [Link](http://www.uceprotect.net/en/index.php) |
| voip | VoIP fraud blocklist | [Link](http://www.voipbl.org) |
| yoyo | Ad protection blacklist | [Link](https://pgl.yoyo.org/adservers/) |
* zero-conf like automatic installation & setup, usually no manual changes needed
* automatically selects one of the following download utilities: aria2c, curl, uclient-fetch, wget
* Really fast downloads & list processing as they are handled in parallel as background jobs in a configurable 'Download Queue'
@ -24,88 +56,305 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* procd based init system support (start/stop/restart/reload/refresh/status)
* procd network interface trigger support
* automatic blocklist backup & restore, they will be used in case of download errors or during startup
* output comprehensive runtime information via LuCI or via 'status' init command
* Provides comprehensive runtime information
* Provides a detailed IPSet Report
* Provides a powerful query function to quickly find blocked IPs/CIDR in banIP related IPSets
* Provides an easily configurable blocklist update scheduler called 'Refresh Timer'
* strong LuCI support
* optional: add new banIP sources on your own
* optional: log banned inbound and/or outbound IP to syslog.
## Prerequisites
* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07) and with the latest snapshot
* download utility: 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'wget', 'aria2c' or 'curl' is required
* [OpenWrt](https://openwrt.org), tested with the stable release series (19.07.x) and with the latest rolling snapshot releases. On turris devices it has been successfully tested with TurrisOS 5.2.x
<b>Please note:</b> Older OpenWrt releases like 18.06.x or 17.01.x are _not_ supported!
<b>Please note:</b> Devices with less than 128 MByte RAM are _not_ supported!
* A download utility with SSL support: 'wget', 'uclient-fetch' with one of the 'libustream-*' ssl libraries, 'aria2c' or 'curl' is required
* A certificate store like 'ca-bundle', as banIP checks the validity of the SSL certificates of all download sites by default
* Optional E-Mail notification support: for E-Mail notifications you need to install the additional 'msmtp' package
## Installation & Usage
* install 'banip' (_opkg install banip_)
* at minimum configure the needed IP blocklist sources, the download utility and enable the banIP service in _/etc/config/banip_
* control the banip service manually with _/etc/init.d/banip_ start/stop/restart/reload/refresh/status or use the LuCI frontend
* Update your local opkg repository (_opkg update_)
* Install 'banip' (_opkg install banip_). The banIP service is disabled by default
* Install the LuCI companion package 'luci-app-banip' (_opkg install luci-app-banip_)
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
## LuCI banIP companion package
* it's recommended to use the provided LuCI frontend to control all aspects of banIP
* install 'luci-app-banip' (_opkg install luci-app-banip_)
* the application is located in LuCI under 'Services' menu
## banIP CLI
* All important banIP functions are accessible via CLI as well.
<pre><code>
~# /etc/init.d/banip
Syntax: /etc/init.d/banip [command]
Available commands:
start Start the service
stop Stop the service
restart Restart the service
reload Reload configuration files (or restart if service does not implement reload)
enable Enable service autostart
disable Disable service autostart
enabled Check if service is started on boot
refresh Refresh ipsets without new list downloads
suspend Suspend banIP processing
resume Resume banIP processing
query &lt;IP&gt; Query active banIP IPSets for a specific IP address
report [&lt;cli&gt;|&lt;mail&gt;|&lt;gen&gt;|&lt;json&gt;] Print banIP related IPset statistics
list [&lt;add&gt;|&lt;add_asn&gt;|&lt;add_country&gt;|&lt;remove>|&lt;remove_asn&gt;|&lt;remove_country&gt;] &lt;source(s)&gt; List/Edit available sources
timer [&lt;add&gt; &lt;tasks&gt; &lt;hour&gt; [&lt;minute&gt;] [&lt;weekday&gt;]]|[&lt;remove&gt; &lt;line no.&gt;] List/Edit cron update intervals
version Print version information
running Check if service is running
status Service status
trace Start with syscall trace
</code></pre>
## banIP config options
* usually the pre-configured banIP setup works quite well and no manual overrides are needed
* the following options apply to the 'global' config section:
* ban\_enabled => main switch to enable/disable banIP service (bool/default: '0', disabled)
* ban\_automatic => determine the L2/L3 WAN network device automatically (bool/default: '1', enabled)
* ban\_iface => space separated list of WAN network interface(s)/device(s) used by banIP (default: not set, automatically detected)
* ban\_realtime => a small log/banIP background monitor to block SSH/LuCI brute force attacks in realtime (bool/default: 'false', disabled)
* ban\_target\_src => action to perform when banning inbound IPv4 packets ('DROP'/'REJECT', default: 'DROP')
* ban\_target\_src\_6 => action to perform when banning inbound IPv6 packets ('DROP'/'REJECT', default: 'DROP')
* ban\_target\_dst => action to perform when banning outbound IPv4 packets ('DROP'/'REJECT', default: 'REJECT')
* ban\_target\_dst\_6 => action to perform when banning outbound IPv6 packets ('DROP'/'REJECT', default: 'REJECT')
* ban\_log\_src => switch to enable/disable logging of banned inbound IPv4 packets (bool/default: '0', disabled)
* ban\_log\_dst => switch to enable/disable logging of banned outbound IPv4 packets (bool/default: '0', disabled)
* the following options apply to the 'extra' config section:
* ban\_debug => enable/disable banIP debug output (bool/default: '0', disabled)
* ban\_nice => set the nice level of the banIP process and all sub-processes (int/default: '0', standard priority)
* ban\_triggerdelay => additional trigger delay in seconds before banIP processing begins (int/default: '2')
* ban\_backupdir => target directory for banIP backups (default: '/tmp')
* ban\_sshdaemon => select the SSH daemon for logfile parsing, 'dropbear' or 'sshd' (default: 'dropbear')
* ban\_starttype => select the used start type during boot, 'start', 'refresh' or 'reload' (default: 'start')
* ban\_maxqueue => size of the download queue to handle downloads & IPSet processing in parallel (int/default: '4')
* ban\_fetchutil => name of the used download utility: 'uclient-fetch', 'wget', 'curl', 'aria2c' (default: not set, automatically detected)
* ban\_fetchparm => special config options for the download utility (default: not set)
* ban\_autoblacklist => store auto-addons temporary in ipset and permanently in local blacklist as well (bool/default: '1', enabled)
* ban\_autowhitelist => store auto-addons temporary in ipset and permanently in local whitelist as well (bool/default: '1', enabled)
## Logging of banned packets
* by setting ban\_log\_src=1 / ban\_log\_dst=1 in the config options, banIP will log banned inbound / outbound packets to syslog.
* example of a logged inbound (dst) and outbound (src) packet:
<pre><code>
Oct 2 12:49:14 gateway kernel: [434134.855130] REJECT(dst banIP) IN=br-lan OUT=br-wan MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=x.x.x.x DST=x.x.x.x LEN=100 TOS=0x00 PREC=0x00 TTL=63 ID=7938 PROTO=UDP SPT=16393 DPT=16393 LEN=80
Oct 3 14:11:13 gateway kernel: [11290.429712] DROP(src banIP) IN=br-wan OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=x.x.x.x DST=x.x.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=63275 PROTO=TCP SPT=48246 DPT=37860 WINDOW=1024 RES=0x00 SYN URGP=0
</code></pre>
* to change the default logging behavior, the following options can be added to the 'global' config section:
* ban\_log\_src\_opts => IPv4 iptables LOG options for banned inbound packets (default: '-m limit --limit 10/sec')
* ban\_log\_src\_opts\_6 => IPv6 iptables LOG options for banned inbound packets (default: '-m limit --limit 10/sec')
* ban\_log\_src\_prefix (default: '<ban\_target\_src>(src banIP) ', typically 'DROP(src banIP) ')
* ban\_log\_src\_prefix\_6 (default: '<ban\_target\_src\_6>(src banIP) ', typically 'DROP('src banIP)' )
* ban\_log\_dst\_opts => IPv4 iptables LOG options for banned outbound packets (default: '-m limit --limit 10/sec')
* ban\_log\_dst\_opts\_6 => IPv6 iptables LOG options for banned outbound packets (default: '-m limit --limit 10/sec')
* ban\_log\_dst\_prefix (default: '<ban\_target\_dst>(dst banIP) ', typically 'REJECT(dst banIP) ')
* ban\_log\_dst\_prefix\_6 (default: '<ban\_target\_dst\_6>(dst banIP) ', typically 'REJECT('dst banIP)' )
* Usually the auto pre-configured banIP setup works quite well and no manual overrides are needed
| Option | Type | Default | Description |
| :---------------------- | :----- | :------------------ | :--------------------------------------------------------------------------------------------------- |
| ban_enabled | option | 0 | enable the banIP service |
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
| ban_debug | option | 0 | enable banIP related debug logging |
| ban_mail_enabled | option | 0 | enable the mail service |
| ban_monitor_enabled | option | 0 | enable the log monitor, e.g. to catch failed ssh/luci logins |
| ban_logsrc_enabled | option | 0 | enable the src-related logchain |
| ban_logdst_enabled | option | 0 | enable the dst-related logchain |
| ban_autoblacklist | option | 1 | add suspicious IPs automatically to the local blacklist |
| ban_autowhitelist | option | 1 | add wan IPs/subnets automatically to the local whitelist |
| ban_maxqueue | option | 4 | size of the download queue to handle downloads and processing in parallel |
| ban_reportdir | option | /tmp/banIP-Report | directory where banIP stores the report files |
| ban_backupdir | option | /tmp/banIP-Backup | directory where banIP stores the compressed backup files |
| ban_ifaces | list | - | list option to add logical wan interfaces manually |
| ban_sources | list | - | list option to add banIP sources |
| ban_countries | list | - | list option to add certain countries as an alpha-2 ISO code, e.g. 'de' for germany |
| ban_asns | list | - | list option to add certain ASNs (autonomous system number), e.g. '32934' for facebook |
| ban_chain | option | banIP | name of the root chain used by banIP |
| ban_global_settype | option | src+dst | global settype as default for all sources |
| ban_settype_src | list | - | special SRC settype for a certain sources |
| ban_settype_dst | list | - | special DST settype for a certain sources |
| ban_settype_all | list | - | special SRC+DST settype for a certain sources |
| ban_target_src | option | DROP | default src action (used by log chains as well) |
| ban_target_dst | option | REJECT | default dst action (used by log chains as well) |
| ban_lan_inputchains_4 | list | input_lan_rule | list option to add IPv4 lan input chains |
| ban_lan_inputchains_6 | list | input_lan_rule | list option to add IPv6 lan input chains |
| ban_lan_forwardchains_4 | list | forwarding_lan_rule | list option to add IPv4 lan forward chains |
| ban_lan_forwardchains_6 | list | forwarding_lan_rule | list option to add IPv6 lan forward chains |
| ban_wan_inputchains_4 | list | input_wan_rule | list option to add IPv4 wan input chains |
| ban_wan_inputchains_6 | list | input_wan_rule | list option to add IPv6 wan input chains |
| ban_wan_forwardchains_4 | list | forwarding_wan_rule | list option to add IPv4 wan forward chains |
| ban_wan_forwardchains_6 | list | forwarding_wan_rule | list option to add IPv6 wan forward chains |
| ban_mailreceiver | option | - | receiver address for banIP related notification E-Mails |
| ban_mailsender | option | no-reply@banIP | sender address for banIP related notification E-Mails |
| ban_mailtopic | option | banIP notification | topic for banIP related notification E-Mails |
| ban_mailprofile | option | ban_notify | mail profile used in 'msmtp' for banIP related notification E-Mails |
| ban_srcarc | option | /etc/banip/banip.sources.gz | full path to the compressed source archive file used by banIP |
| ban_maclist | option | /etc/banip/banip.maclist | full path to the maclist file used by banIP |
| ban_blacklist | option | /etc/banip/banip.blacklist | full path to the blacklist file used by banIP |
| ban_whitelist | option | /etc/banip/banip.whitelist | full path to the whitelist file used by banIP |
## Examples
**list/edit banIP sources:**
<pre><code>
~# /etc/init.d/banip list
::: Available banIP sources
:::
Name Enabled Focus Info URL
---------------------------------------------------------------------------
+ asn ASN blocks https://asn.ipinfo.app
+ bogon Bogon prefixes https://team-cymru.com
+ country x Country blocks https://www.ipdeny.com/ipblocks
+ debl x Fail2ban IP blacklist https://www.blocklist.de
+ doh x Public DoH-Provider https://github.com/dibdot/DoH-IP-blocklists
+ drop x Spamhaus drop compilation https://www.spamhaus.org
+ dshield x Dshield IP blocklist https://www.dshield.org
+ edrop Spamhaus edrop compilation https://www.spamhaus.org
+ feodo x Feodo Tracker https://feodotracker.abuse.ch
+ firehol1 x Firehol Level 1 compilation https://iplists.firehol.org/?ipset=firehol_level1
+ firehol2 Firehol Level 2 compilation https://iplists.firehol.org/?ipset=firehol_level2
+ firehol3 Firehol Level 3 compilation https://iplists.firehol.org/?ipset=firehol_level3
+ firehol4 Firehol Level 4 compilation https://iplists.firehol.org/?ipset=firehol_level4
+ iblockads Advertising blocklist https://www.iblocklist.com
+ iblockspy x Malicious spyware blocklist https://www.iblocklist.com
+ myip Myip Live IP blacklist https://myip.ms
+ nixspam x iX spam protection http://www.nixspam.org
+ proxy Firehol list of open proxies https://iplists.firehol.org/?ipset=proxylists
+ sslbl x SSL botnet IP blacklist https://sslbl.abuse.ch
+ threat x Emerging Threats https://rules.emergingthreats.net
+ tor x Tor exit nodes https://fissionrelays.net/lists
+ uceprotect1 x Spam protection level 1 http://www.uceprotect.net/en/index.php
+ uceprotect2 Spam protection level 2 http://www.uceprotect.net/en/index.php
+ voip x VoIP fraud blocklist http://www.voipbl.org
+ yoyo x Ad protection blacklist https://pgl.yoyo.org/adservers/
---------------------------------------------------------------------------
* Configured ASNs: -
* Configured Countries: af, bd, br, cn, hk, hu, id, il, in, iq, ir, kp, kr, no, pk, pl, ro, ru, sa, th, tr, ua, gb
</code></pre>
**receive banIP runtime information:**
# /etc/init.d/banip status
::: banIP runtime information
+ status : enabled
+ version : 0.3.0
+ util_info : /usr/bin/aria2c, true
+ ipset_info : 10 IPSets with overall 106729 IPs/Prefixes
+ backup_dir : /tmp
+ last_run : 03.10.2019 19:15:25
+ system : UBNT-ERX, OpenWrt SNAPSHOT r11102-ced4c0e635
<pre><code>
~# /etc/init.d/banip status
::: banIP runtime information
+ status : enabled
+ version : 0.7.0
+ ipset_info : 23 IPSets with 302008 IPs/Prefixes
+ active_sources : blacklist, country, debl, doh, drop, dshield, feodo, firehol1, iblockspy, nixspam, sslbl, threat,
tor, uceprotect1, voip, whitelist, yoyo
+ active_devs : eth3
+ active_ifaces : wan, wan6
+ active_logterms : dropbear, sshd, luci
+ active_subnets : xxx.xxx.x.xxx/24, xxxx:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx/64
+ run_infos : settype: src+dst, backup_dir: /mnt/data/banip, report_dir: /tmp/banIP-Report
+ run_flags : protocols (4/6): ✔/✔, log (src/dst): ✔/✘, monitor: ✔, mail: ✔
+ last_run : refresh, 0m 16s, 4019/3527/3680, 03.02.2021 19:57:46
+ system : PC Engines apu4, OpenWrt SNAPSHOT r15556-20a0d435d8
</code></pre>
**generate an IPSet report:**
**cronjob for a regular IPSet blocklist update (/etc/crontabs/root):**
# Every day at 06:00, update the IPSets of banIP
00 06 * * * /etc/init.d/banip reload
<pre><code>
~# /etc/init.d/banip report
:::
::: report on all banIP related IPSets
:::
+ Report timestamp ::: 04.02.2021 06:24:41
+ Number of all IPSets ::: 24
+ Number of all entries ::: 302448
+ Number of IP entries ::: 224748
+ Number of CIDR entries ::: 77700
+ Number of MAC entries ::: 0
+ Number of accessed entries ::: 36
:::
::: IPSet details
:::
Name Type Count Cnt_IP Cnt_CIDR Cnt_MAC Cnt_ACC Entry details (Entry/Count)
--------------------------------------------------------------------------------------------------------------------
whitelist_4 src+dst 1 0 1 0 1
xxx.xxxx.xxx.xxxx/24 85
--------------------------------------------------------------------------------------------------------------------
whitelist_6 src+dst 2 0 2 0 1
xxxx:xxxx:xxxx::/64 29
--------------------------------------------------------------------------------------------------------------------
blacklist_4 src+dst 513 513 0 0 2
192.35.168.16 3
80.82.65.74 1
--------------------------------------------------------------------------------------------------------------------
blacklist_6 src+dst 1 1 0 0 0
--------------------------------------------------------------------------------------------------------------------
country_4 src 52150 0 52150 0 23
124.5.0.0/16 1
95.188.0.0/14 1
121.16.0.0/12 1
46.161.0.0/18 1
42.56.0.0/14 1
113.64.0.0/10 1
113.252.0.0/14 1
5.201.128.0/17 1
125.64.0.0/11 1
90.188.0.0/15 1
60.0.0.0/11 1
78.160.0.0/11 1
1.80.0.0/12 1
183.184.0.0/13 1
175.24.0.0/14 1
119.176.0.0/12 1
59.88.0.0/13 1
103.78.12.0/22 1
123.128.0.0/13 1
116.224.0.0/12 1
42.224.0.0/12 1
82.80.0.0/15 1
14.32.0.0/11 1
--------------------------------------------------------------------------------------------------------------------
country_6 src 20099 0 20099 0 0
--------------------------------------------------------------------------------------------------------------------
debl_4 src+dst 29389 29389 0 0 1
5.182.210.16 4
--------------------------------------------------------------------------------------------------------------------
debl_6 src+dst 64 64 0 0 0
--------------------------------------------------------------------------------------------------------------------
doh_4 src+dst 168 168 0 0 0
--------------------------------------------------------------------------------------------------------------------
doh_6 src+dst 122 122 0 0 0
--------------------------------------------------------------------------------------------------------------------
drop_4 src+dst 965 0 965 0 0
--------------------------------------------------------------------------------------------------------------------
drop_6 src+dst 36 0 36 0 0
--------------------------------------------------------------------------------------------------------------------
dshield_4 src+dst 20 0 20 0 1
89.248.165.0/24 1
--------------------------------------------------------------------------------------------------------------------
feodo_4 src+dst 325 325 0 0 0
--------------------------------------------------------------------------------------------------------------------
firehol1_4 src+dst 2763 403 2360 0 0
--------------------------------------------------------------------------------------------------------------------
iblockspy_4 src+dst 3650 2832 818 0 0
--------------------------------------------------------------------------------------------------------------------
nixspam_4 src+dst 9577 9577 0 0 0
--------------------------------------------------------------------------------------------------------------------
sslbl_4 src+dst 104 104 0 0 0
--------------------------------------------------------------------------------------------------------------------
threat_4 src+dst 1300 315 985 0 0
--------------------------------------------------------------------------------------------------------------------
tor_4 src+dst 1437 1437 0 0 0
--------------------------------------------------------------------------------------------------------------------
tor_6 src+dst 478 478 0 0 0
--------------------------------------------------------------------------------------------------------------------
uceprotect1_4 src+dst 156249 156249 0 0 6
192.241.220.137 1
128.14.137.178 1
61.219.11.153 1
138.34.32.33 1
107.174.133.130 2
180.232.99.46 1
--------------------------------------------------------------------------------------------------------------------
voip_4 src+dst 12563 12299 264 0 0
--------------------------------------------------------------------------------------------------------------------
yoyo_4 src+dst 10472 10472 0 0 1
204.79.197.200 2
--------------------------------------------------------------------------------------------------------------------
</code></pre>
**Enable E-Mail notification via 'msmtp':**
To use the email notification you have to install & configure the package 'msmtp'.
Modify the file '/etc/msmtprc', e.g.:
<pre><code>
[...]
defaults
auth on
tls on
tls_certcheck off
timeout 5
syslog LOG_MAIL
[...]
account ban_notify
host smtp.gmail.com
port 587
from <address>k@gmail.com
user <gmail-user>
password <password>
</code></pre>
Finally enable E-Mail support and add a valid E-Mail receiver address in LuCI.
**Edit, add new adblock sources:**
The banIP blocklist sources are stored in an external, compressed JSON file '/etc/banip/banip.sources.gz'.
This file is directly parsed in LuCI and accessible via CLI, just call _/etc/init.d/banip list_.
To add new or edit existing sources extract the compressed JSON file _gunzip /etc/banip/banip.sources.gz_.
A valid JSON source object contains the following required information, e.g.:
<pre><code>
[...]
"tor": {
"url_4": "https://lists.fissionrelays.net/tor/exits-ipv4.txt",
"url_6": "https://lists.fissionrelays.net/tor/exits-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add tor_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add tor_6 \"$1}",
"focus": "Tor exit nodes",
"descurl": "https://fissionrelays.net/lists"
},
[...]
</code></pre>
Add an unique object name, make the required changes to 'url_4', 'rule_4' (and/or 'url_6', 'rule_6'), 'focus' and 'descurl' and finally compress the changed JSON file _gzip /etc/banip/banip.sources.gz_ to use the new source object in banIP.
<b>Please note:</b> if you're going to add new sources on your own, please make a copy of the default file and work with that copy further on, cause the default will be overwritten with every banIP update. To reference your copy set the option 'ban\_srcarc' which points by default to '/etc/banip/banip.sources.gz'
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>

234
net/banip/files/banip.conf
View file

@ -1,226 +1,16 @@
config banip 'global'
option ban_enabled '0'
option ban_basever '0.3'
option ban_automatic '1'
option ban_realtime 'false'
option ban_log_src '0'
option ban_log_dst '0'
config banip 'extra'
option ban_debug '0'
option ban_mail_enabled '0'
option ban_monitor_enabled '0'
option ban_logsrc_enabled '0'
option ban_logdst_enabled '0'
option ban_autodetect '1'
option ban_autoblacklist '1'
option ban_autowhitelist '1'
option ban_nice '0'
option ban_maxqueue '4'
config source 'whitelist'
option ban_src '/etc/banip/banip.whitelist'
option ban_src_6 '/etc/banip/banip.whitelist'
option ban_src_desc 'Always allow these IPs (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add whitelist \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add whitelist_6 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src+dst'
option ban_src_on '1'
option ban_src_on_6 '0'
config source 'blacklist'
option ban_src '/etc/banip/banip.blacklist'
option ban_src_6 '/etc/banip/banip.blacklist'
option ban_src_desc 'Always deny these IPs (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add blacklist \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add blacklist_6 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src+dst'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'bogon'
option ban_src 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt'
option ban_src_6 'https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt'
option ban_src_desc 'Bogon prefixes, plus prefixes that have been allocated to RIRs but not yet assigned to ISPs (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add bogon \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add bogon_6 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src+dst'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'DoH'
option ban_src 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt'
option ban_src_6 'https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt'
option ban_src_desc 'List of public DoH providers (DNS over HTTPS) (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add DoH \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add DoH_6 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src+dst'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'tor'
option ban_src 'https://check.torproject.org/exit-addresses'
option ban_src_desc 'List of Tor Exit Nodes (IPv4)'
option ban_src_rset '/^(ExitAddress ([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add tor \"\$2}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'threat'
option ban_src 'https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt'
option ban_src_desc 'Emerging Threats (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add threat \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'debl'
option ban_src 'https://www.blocklist.de/downloads/export-ips_all.txt'
option ban_src_6 'https://www.blocklist.de/downloads/export-ips_all.txt'
option ban_src_desc 'Fail2ban reporting service (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add debl \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add debl_6 \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'myip'
option ban_src 'https://www.myip.ms/files/blacklist/general/latest_blacklist.txt'
option ban_src_6 'https://www.myip.ms/files/blacklist/general/latest_blacklist.txt'
option ban_src_desc 'IP blacklist provided by myip.ms (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add myip \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add myip_6 \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'yoyo'
option ban_src 'https://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext'
option ban_src_desc 'IP blocklist provided by Peter Lowe (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add yoyo \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'sslbl'
option ban_src 'https://sslbl.abuse.ch/blacklist/sslipblacklist.csv'
option ban_src_desc 'SSL Blacklist by abuse.ch (IPv4)'
option ban_src_rset 'BEGIN{FS=\",\"}/(([0-9]{1,3}\.){3}[0-9]{1,3},).*/{print \"add sslbl \"\$2}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'ransomware'
option ban_src 'https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt'
option ban_src_desc 'Ransomware Tracker by abuse.ch (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add ransomware \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'feodo'
option ban_src 'https://feodotracker.abuse.ch/downloads/ipblocklist.txt'
option ban_src_desc 'Feodo Tracker by abuse.ch (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add feodo \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'dshield'
option ban_src 'https://feeds.dshield.org/block.txt'
option ban_src_desc 'Dshield recommended IP blocklist. Contains top 20 attacking class C subnets (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add dshield \"\$1 \"/\"\$3}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'proxy'
option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists.ipset'
option ban_src_desc 'List of Open Proxies (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3})([[:space:]]|$)/{print \"add proxy \"\$1}'
option ban_src_settype 'ip'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'iblocklist'
option ban_src 'https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz'
option ban_src_desc 'Contains advertising trackers and a short list of bad/intrusive porn sites (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add iblocklist \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'drop'
option ban_src 'https://www.spamhaus.org/drop/drop.txt'
option ban_src_6 'https://www.spamhaus.org/drop/dropv6.txt'
option ban_src_desc 'Spamhaus drop compilation (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add drop \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add drop_6 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'edrop'
option ban_src 'https://www.spamhaus.org/drop/edrop.txt'
option ban_src_desc 'Spamhaus edrop compilation (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add edrop \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'firehol1'
option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset'
option ban_src_desc 'Firehol Level 1 compilation. Contains bogons, spamhaus drop and edrop, dshield and malware lists (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol1 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'firehol2'
option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset'
option ban_src_desc 'Firehol Level 2 compilation. Contains blocklists that track attacks, during the last 48 hours (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol2 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'firehol3'
option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset'
option ban_src_desc 'Firehol Level 3 compilation. Contains blocklists that track attacks, spyware and viruses (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol3 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'firehol4'
option ban_src 'https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset'
option ban_src_desc 'Firehol Level 4 compilation. May include a large number of false positives (IPv4)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add firehol4 \"\$1}'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
config source 'country'
option ban_src 'https://stat.ripe.net/data/country-resource-list/data.json?resource='
option ban_src_6 'https://stat.ripe.net/data/country-resource-list/data.json?resource='
option ban_src_desc 'Build a dynamic IPSet by country iso codes based on RIPE data (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add country \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add country_6 \"\$1}'
list ban_src_cat 'de'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
option ban_src_on_6 '0'
config source 'asn'
option ban_src 'https://stat.ripe.net/data/announced-prefixes/data.json?resource='
option ban_src_6 'https://stat.ripe.net/data/announced-prefixes/data.json?resource='
option ban_src_desc 'Build a dynamic IPSet by ASN numbers based on RIPE data (IPv4/IPv6)'
option ban_src_rset '/^(([0-9]{1,3}\.){3}[0-9]{1,3}(\/[0-9]{1,2})?)([[:space:]]|$)/{print \"add asn \"\$1}'
option ban_src_rset_6 '/^([0-9a-fA-F]{0,4}:){1,7}[0-9a-fA-F]{0,4}(:\/[0-9]{1,2})?([[:space:]]|$)/{print \"add asn_6 \"\$1}'
list ban_src_cat '32934'
option ban_src_settype 'net'
option ban_src_ruletype 'src'
option ban_src_on '0'
option ban_src_on_6 '0'
option ban_global_settype 'src+dst'
option ban_target_src 'DROP'
option ban_target_dst 'REJECT'
option ban_loglimit '100'

249
net/banip/files/banip.countries Normal file
View file

@ -0,0 +1,249 @@
tw;Taiwan
af;Afghanistan
al;Albania
dz;Algeria
as;American Samoa
ad;Andorra
ao;Angola
ai;Anguilla
aq;Antarctica
ag;Antigua & Barbuda
ar;Argentina
am;Armenia
aw;Aruba
au;Australia
at;Austria
az;Azerbaijan
bs;Bahamas
bh;Bahrain
bd;Bangladesh
bb;Barbados
by;Belarus
be;Belgium
bz;Belize
bj;Benin
bm;Bermuda
bt;Bhutan
bo;Bolivia
bq;Caribbean Netherlands
ba;Bosnia
bw;Botswana
bv;Bouvet Island
br;Brazil
io;British Indian Ocean Territory
vg;British Virgin Islands
bn;Brunei
bg;Bulgaria
bf;Burkina Faso
bi;Burundi
cv;Cape Verde
kh;Cambodia
cm;Cameroon
ca;Canada
ky;Cayman Islands
cf;Central African Republic
td;Chad
cl;Chile
cn;China
hk;Hong Kong
mo;Macau
cx;Christmas Island
cc;Cocos (Keeling) Islands
co;Colombia
km;Comoros
cg;Congo - Brazzaville
ck;Cook Islands
cr;Costa Rica
hr;Croatia
cu;Cuba
cw;Curaçao
cy;Cyprus
cz;Czechia
ci;Côte dIvoire
kp;North Korea
cd;Congo - Kinshasa
dk;Denmark
dj;Djibouti
dm;Dominica
do;Dominican Republic
ec;Ecuador
eg;Egypt
sv;El Salvador
gq;Equatorial Guinea
er;Eritrea
ee;Estonia
sz;Eswatini
et;Ethiopia
fk;Falkland Islands
fo;Faroe Islands
fj;Fiji
fi;Finland
fr;France
gf;French Guiana
pf;French Polynesia
tf;French Southern Territories
ga;Gabon
gm;Gambia
ge;Georgia
de;Germany
gh;Ghana
gi;Gibraltar
gr;Greece
gl;Greenland
gd;Grenada
gp;Guadeloupe
gu;Guam
gt;Guatemala
gg;Guernsey
gn;Guinea
gw;Guinea-Bissau
gy;Guyana
ht;Haiti
hm;Heard & McDonald Islands
va;Vatican City
hn;Honduras
hu;Hungary
is;Iceland
in;India
id;Indonesia
ir;Iran
iq;Iraq
ie;Ireland
im;Isle of Man
il;Israel
it;Italy
jm;Jamaica
jp;Japan
je;Jersey
jo;Jordan
kz;Kazakhstan
ke;Kenya
ki;Kiribati
kw;Kuwait
kg;Kyrgyzstan
la;Laos
lv;Latvia
lb;Lebanon
ls;Lesotho
lr;Liberia
ly;Libya
li;Liechtenstein
lt;Lithuania
lu;Luxembourg
mg;Madagascar
mw;Malawi
my;Malaysia
mv;Maldives
ml;Mali
mt;Malta
mh;Marshall Islands
mq;Martinique
mr;Mauritania
mu;Mauritius
yt;Mayotte
mx;Mexico
fm;Micronesia
mc;Monaco
mn;Mongolia
me;Montenegro
ms;Montserrat
ma;Morocco
mz;Mozambique
mm;Myanmar
na;Namibia
nr;Nauru
np;Nepal
nl;Netherlands
nc;New Caledonia
nz;New Zealand
ni;Nicaragua
ne;Niger
ng;Nigeria
nu;Niue
nf;Norfolk Island
mp;Northern Mariana Islands
no;Norway
om;Oman
pk;Pakistan
pw;Palau
pa;Panama
pg;Papua New Guinea
py;Paraguay
pe;Peru
ph;Philippines
pn;Pitcairn Islands
pl;Poland
pt;Portugal
pr;Puerto Rico
qa;Qatar
kr;South Korea
md;Moldova
ro;Romania
ru;Russia
rw;Rwanda
re;Réunion
bl;St. Barthélemy
sh;St. Helena
kn;St. Kitts & Nevis
lc;St. Lucia
mf;St. Martin
pm;St. Pierre & Miquelon
vc;St. Vincent & Grenadines
ws;Samoa
sm;San Marino
st;São Tomé & Príncipe
sa;Saudi Arabia
sn;Senegal
rs;Serbia
sc;Seychelles
sl;Sierra Leone
sg;Singapore
sx;Sint Maarten
sk;Slovakia
si;Slovenia
sb;Solomon Islands
so;Somalia
za;South Africa
gs;South Georgia & South Sandwich Islands
ss;South Sudan
es;Spain
lk;Sri Lanka
ps;Palestine
sd;Sudan
sr;Suriname
sj;Svalbard & Jan Mayen
se;Sweden
ch;Switzerland
sy;Syria
tj;Tajikistan
th;Thailand
mk;North Macedonia
tl;Timor-Leste
tg;Togo
tk;Tokelau
to;Tonga
tt;Trinidad & Tobago
tn;Tunisia
tr;Turkey
tm;Turkmenistan
tc;Turks & Caicos Islands
tv;Tuvalu
ug;Uganda
ua;Ukraine
ae;United Arab Emirates
gb;United Kingdom
tz;Tanzania
um;U.S. Outlying Islands
vi;U.S. Virgin Islands
us;United States
uy;Uruguay
uz;Uzbekistan
vu;Vanuatu
ve;Venezuela
vn;Vietnam
wf;Wallis & Futuna
eh;Western Sahara
ye;Yemen
zm;Zambia
zw;Zimbabwe
ax;Åland Islands

15
net/banip/files/banip.hotplug
View file

@ -1,15 +1,14 @@
#!/bin/sh
#
[ "${ACTION}" != "add" ] && exit 0
ban_iface="wan"
[ -r "/lib/functions/network.sh" ] && { . "/lib/functions/network.sh"; network_find_wan ban_iface; }
[ "${INTERFACE}" != "${ban_iface}" ] && exit 0
ban_pidfile="/var/run/banip.pid"
ban_enabled="$(/etc/init.d/banip enabled; printf "%u" "${?}")"
if [ "${ban_enabled}" = "0" ] && [ ! -s "${ban_pidfile}" ]
if [ "${ban_enabled}" = "0" ] && [ "${ACTION}" = "add" ] && [ -n "${INTERFACE}" ]
then
/etc/init.d/banip refresh
ban_ifaces="$(uci_get banip global ban_ifaces)"
if [ ! -s "${ban_pidfile}" ] && [ -n "$(printf "%s\n" "${ban_ifaces}" | grep -F "${INTERFACE}")" ]
then
/etc/init.d/banip refresh
fi
fi
exit 0

294
net/banip/files/banip.init
View file

@ -1,30 +1,58 @@
#!/bin/sh /etc/rc.common
# written by Dirk Brenken (dev@brenken.org)
#
# This is free software, licensed under the GNU General Public License v3.
#
# (s)hellcheck exceptions
# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
START=30
USE_PROCD=1
extra_command "refresh" "Refresh ipsets without new list downloads"
if [ -n "$(type -t extra_command)" ]
then
extra_command "refresh" "Refresh ipsets without new list downloads"
extra_command "suspend" "Suspend banIP processing"
extra_command "resume" "Resume banIP processing"
extra_command "query" "<IP> Query active banIP IPSets for a specific IP address"
extra_command "report" "[<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics"
extra_command "list" "[<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources"
extra_command "timer" "[<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals"
extra_command "version" "Print version information"
else
EXTRA_COMMANDS="status refresh suspend resume query report list timer version"
EXTRA_HELP=" status Service status
refresh Refresh ipsets without new list downloads
suspend Suspend banIP processing
resume Resume banIP processing
query <IP> Query active banIP IPSets for a specific IP address
report [<cli>|<mail>|<gen>|<json>] Print banIP related IPset statistics
list [<add>|<add_asn>|<add_country>|<remove>|<remove_asn>|<remove_country>] <source(s)> List/Edit available sources
timer [<add> <tasks> <hour> [<minute>] [<weekday>]]|[<remove> <line no.>] List/Edit cron update intervals
version Print version information"
fi
ban_init="/etc/init.d/banip"
ban_script="/usr/bin/banip.sh"
ban_pidfile="/var/run/banip.pid"
if [ -s "${ban_pidfile}" ] && { [ "${action}" = "start" ] || [ "${action}" = "stop" ] || \
[ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "refresh" ]; }
[ "${action}" = "restart" ] || [ "${action}" = "reload" ] || [ "${action}" = "refresh" ] || \
[ "${action}" = "suspend" ] || [ "${action}" = "resume" ] || [ "${action}" = "query" ] || \
{ [ "${action}" = "list" ] && [ -n "${1}" ]; } || { [ "${action}" = "report" ] && [ "${1}" != "json" ]; }; }
then
exit 0
fi
boot()
{
[ -s "${ban_pidfile}" ] && > "${ban_pidfile}"
> "${ban_pidfile}"
rc_procd start_service
}
start_service()
{
if [ "$("${ban_init}" enabled; printf "%u" ${?})" -eq 0 ]
if [ "$("${ban_init}" enabled; printf "%u" ${?})" = "0" ]
then
if [ "${action}" = "boot" ]
then
@ -33,13 +61,18 @@ start_service()
procd_open_instance "banip"
procd_set_param command "${ban_script}" "${@}"
procd_set_param pidfile "${ban_pidfile}"
procd_set_param nice "$(uci_get banip extra ban_nice "0")"
procd_set_param nice "$(uci_get banip global ban_nice "0")"
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
fi
}
version()
{
rc_procd "${ban_script}" version
}
refresh()
{
rc_procd start_service refresh
@ -60,49 +93,254 @@ restart()
rc_procd start_service restart
}
suspend()
{
rc_procd start_service suspend
}
resume()
{
rc_procd start_service resume
}
query()
{
rc_procd "${ban_script}" query "${1}"
}
list()
{
local src_archive src_file src_enabled key name enabled focus url_4 rule_4 url_6 rule_6 action="${1}"
if [ "${action%_*}" = "add" ] || [ "${action%_*}" = "remove" ]
then
shift
for name in "${@}"
do
case "${action}" in
"add")
if [ -z "$(uci_get banip global ban_sources | grep -Fo "${name}")" ]
then
uci_add_list banip global ban_sources "${name}"
printf "%s\n" "::: banIP source '${name}' added to config"
fi
;;
"remove")
if [ -n "$(uci_get banip global ban_sources | grep -Fo "${name}")" ]
then
uci_remove_list banip global ban_sources "${name}"
printf "%s\n" "::: banIP source '${name}' removed from config"
fi
;;
"add_asn")
if [ -z "$(uci_get banip global ban_asns | grep -Fo "${name}")" ]
then
uci_add_list banip global ban_asns "${name}"
printf "%s\n" "::: banIP asn '${name}' added to config"
fi
;;
"remove_asn")
if [ -n "$(uci_get banip global ban_asns | grep -Fo "${name}")" ]
then
uci_remove_list banip global ban_asns "${name}"
printf "%s\n" "::: banIP asn '${name}' removed from config"
fi
;;
"add_country")
if [ -z "$(uci_get banip global ban_countries | grep -Fo "${name}")" ]
then
uci_add_list banip global ban_countries "${name}"
printf "%s\n" "::: banIP country '${name}' added to config"
fi
;;
"remove_country")
if [ -n "$(uci_get banip global ban_countries | grep -Fo "${name}")" ]
then
uci_remove_list banip global ban_countries "${name}"
printf "%s\n" "::: banIP country '${name}' removed from config"
fi
;;
esac
done
if [ -n "$(uci -q changes banip)" ]
then
uci_commit banip
"${ban_init}" start
fi
else
src_archive="$(uci_get banip global ban_srcarc "/etc/banip/banip.sources.gz")"
src_file="$(uci_get banip global ban_srcfile "/tmp/ban_sources.json")"
src_enabled="$(uci -q show banip.global.ban_sources)"
if [ -r "${src_archive}" ]
then
zcat "${src_archive}" > "${src_file}"
else
printf "%s\n" "::: banIP source archive '${src_archive}' not found"
fi
if [ -r "${src_file}" ]
then
src_enabled="${src_enabled#*=}"
src_enabled="${src_enabled//\'}"
printf "%s\n" "::: Available banIP sources"
printf "%s\n" ":::"
printf "%-25s%-10s%-36s%s\n" " Name" "Enabled" "Focus" "Info URL"
printf "%s\n" " ---------------------------------------------------------------------------"
json_load_file "${src_file}"
json_get_keys keylist
for key in ${keylist}
do
json_select "${key}"
json_get_var focus "focus"
json_get_var descurl "descurl"
json_get_var url_4 "url_4"
json_get_var rule_4 "rule_4"
json_get_var url_6 "url_6"
json_get_var rule_6 "rule_6"
if { [ -n "${url_4}" ] && [ -n "${rule_4}" ]; } || { [ -n "${url_6}" ] && [ -n "${rule_6}" ]; }
then
if [ -n "$(printf "%s" "${src_enabled}" | grep -Fo "${key}")" ]
then
enabled="x"
else
enabled=" "
fi
src_enabled="${src_enabled/${key}}"
printf " + %-21s%-10s%-36s%s\n" "${key:0:20}" "${enabled}" "${focus:0:35}" "${descurl:0:50}"
else
src_enabled="${src_enabled} ${key}"
fi
json_select ..
done
asn_list="$(uci_get banip global ban_asns "-")"
country_list="$(uci_get banip global ban_countries "-")"
printf "%s\n" " ---------------------------------------------------------------------------"
printf " * %s\n" "Configured ASNs: ${asn_list// /, }"
printf " * %s\n" "Configured Countries: ${country_list// /, }"
if [ -n "${src_enabled// }" ]
then
printf "%s\n" " ---------------------------------------------------------------------------"
printf "%s\n" " Sources without valid configuration"
printf "%s\n" " ---------------------------------------------------------------------------"
for key in ${src_enabled}
do
printf " - %s\n" "${key:0:20}"
done
fi
else
printf "%s\n" "::: banIP source file '${src_file}' not found"
fi
fi
}
status()
{
status_service
}
status_service()
{
local key keylist value
local rtfile="$(uci_get banip global ban_rtfile "/tmp/ban_runtime.json")"
local key keylist value index_value values rtfile
rtfile="$(uci_get banip global ban_rtfile "/tmp/ban_runtime.json")"
json_load_file "${rtfile}" >/dev/null 2>&1
json_select data >/dev/null 2>&1
if [ "${?}" -eq 0 ]
json_get_keys keylist
if [ -n "${keylist}" ]
then
printf "%s\\n" "::: banIP runtime information"
json_get_keys keylist
printf "%s\n" "::: banIP runtime information"
for key in ${keylist}
do
json_get_var value "${key}"
printf " + %-10s : %s\\n" "${key}" "${value}"
json_get_var value "${key}" >/dev/null 2>&1
if [ "${key%_*}" = "active" ]
then
printf " + %-15s : " "${key}"
json_select "${key}" >/dev/null 2>&1
values=""
index=1
while json_get_type type "${index}" && [ "${type}" = "object" ]
do
json_get_values index_value "${index}" >/dev/null 2>&1
if [ "${index}" = "1" ]
then
values="${index_value}"
else
values="${values}, ${index_value}"
fi
index=$((index+1))
done
values="$(printf "%s" "${values}" | awk '{NR=1;max=98;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-22s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
printf "%s\n" "${values:-"-"}"
json_select ".."
else
printf " + %-15s : %s\n" "${key}" "${value:-"-"}"
fi
done
else
printf "%s\\n" "::: no banIP runtime information available"
printf "%s\n" "::: no banIP runtime information available"
fi
}
report()
{
rc_procd "${ban_script}" report "${1:-"cli"}"
}
timer()
{
local cron_file cron_content cron_lineno action="${1:-"list"}" cron_tasks="${2}" hour="${3}" minute="${4:-0}" weekday="${5:-"*"}"
cron_file="/etc/crontabs/root"
if [ -s "${cron_file}" ] && [ "${action}" = "list" ]
then
awk '{print NR "> " $0}' "${cron_file}"
elif [ "${action}" = "add" ]
then
hour="${hour//[[:alpha:]]/}"
minute="${minute//[[:alpha:]]/}"
if [ -n "${cron_tasks}" ] && [ -n "${hour}" ] && [ -n "${minute}" ] && [ -n "${weekday}" ] && \
[ "${hour}" -ge 0 ] && [ "${hour}" -le 23 ] && \
[ "${minute}" -ge 0 ] && [ "${minute}" -le 59 ]
then
printf "%02d %02d %s\n" "${minute}" "${hour}" "* * ${weekday} ${ban_init} ${cron_tasks}" >> "${cron_file}"
/etc/init.d/cron restart
fi
elif [ -s "${cron_file}" ] && [ "${action}" = "remove" ]
then
cron_tasks="${cron_tasks//[[:alpha:]]/}"
cron_lineno="$(awk 'END{print NR}' "${cron_file}")"
cron_content="$(awk '{print $0}' "${cron_file}")"
if [ "${cron_tasks:-"0"}" -le "${cron_lineno:-"1"}" ] && [ -n "${cron_content}" ]
then
printf "%s\n" "${cron_content}" | awk "NR!~/^${cron_tasks}$/" > "${cron_file}"
/etc/init.d/cron restart
fi
fi
}
service_triggers()
{
local trigger trigger_list="$(uci_get banip global ban_trigger)"
local delay="$(uci_get banip extra ban_triggerdelay "2")"
local type="$(uci_get banip extra ban_starttype "start")"
local iface delay
PROCD_RELOAD_DELAY=$((${delay}*1000))
iface="$(uci_get banip global ban_trigger)"
delay="$(uci_get banip global ban_triggerdelay "5")"
PROCD_RELOAD_DELAY=$((delay*1000))
if [ -z "${trigger_list}" ] && [ -r "/lib/functions/network.sh" ]
if [ -z "${iface}" ]
then
. "/lib/functions/network.sh"
network_find_wan trigger_list
network_find_wan iface
if [ -n "${iface}" ]
then
uci_set banip global ban_trigger "${iface}"
uci_commit "banip"
fi
fi
if [ -n "${trigger_list}" ]
if [ -n "${iface}" ]
then
for trigger in ${trigger_list}
do
procd_add_interface_trigger "interface.*.up" "${trigger}" "${ban_init}" "${type}"
done
else
procd_add_raw_trigger "interface.*.up" ${PROCD_RELOAD_DELAY} "${ban_init}" "${type}"
procd_add_interface_trigger "interface.*.up" "${iface}" "${ban_init}" "start"
fi
procd_add_reload_trigger "banip"
}

0
net/banip/files/banip.maclist Normal file
View file

84
net/banip/files/banip.mail Executable file
View file

@ -0,0 +1,84 @@
#!/bin/sh
# send mail script for banIP notifications
# written by Dirk Brenken (dev@brenken.org)
#
# This is free software, licensed under the GNU General Public License v3.
#
# (s)hellcheck exceptions
# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
if [ -r "/lib/functions.sh" ]
then
. "/lib/functions.sh"
ban_debug="$(uci_get banip global ban_debug "0")"
ban_loglimit="$(uci_get banip global ban_loglimit "100")"
ban_mailsender="$(uci_get banip global ban_mailsender "no-reply@banIP")"
ban_mailreceiver="$(uci_get banip global ban_mailreceiver)"
ban_mailtopic="$(uci_get banip global ban_mailtopic "banIP notification")"
ban_mailprofile="$(uci_get banip global ban_mailprofile "ban_notify")"
fi
ban_ver="${1}"
ban_mail="$(command -v msmtp)"
ban_logger="$(command -v logger)"
ban_logread="$(command -v logread)"
ban_rc=1
f_log()
{
local class="${1}" log_msg="${2}"
if [ -x "${ban_logger}" ]
then
"${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
else
printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
fi
}
if [ -z "${ban_mailreceiver}" ]
then
f_log "err" "please set the mail receiver with the 'ban_mailreceiver' option"
exit ${ban_rc}
fi
if [ "${ban_debug}" = "1" ]
then
msmtp_debug="--debug"
fi
ban_mailhead="From: ${ban_mailsender}\nTo: ${ban_mailreceiver}\nSubject: ${ban_mailtopic}\nReply-to: ${ban_mailsender}\nMime-Version: 1.0\nContent-Type: text/html;charset=utf-8\nContent-Disposition: inline\n\n"
# info preparation
#
sys_info="$(strings /etc/banner 2>/dev/null)"
ban_info="$(/etc/init.d/banip "status" 2>/dev/null)"
rep_info="${2}"
log_info="$("${ban_logread}" -l "${ban_loglimit}" -e "banIP-" 2>/dev/null | awk '{NR=1;max=120;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{print substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}')"
# mail body
#
ban_mailtext="<html><body><pre style='display:block;font-family:monospace;font-size:1rem;padding:20;background-color:#f3eee5;white-space:pre'>"
ban_mailtext="${ban_mailtext}\n<strong>++\n++ System Information ++\n++</strong>\n${sys_info}"
ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ banIP Status ++\n++</strong>\n${ban_info}"
if [ -n "${rep_info}" ]
then
ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ banIP Report ++\n++</strong>\n${rep_info}"
fi
ban_mailtext="${ban_mailtext}\n\n<strong>++\n++ Logfile Information ++\n++</strong>\n${log_info}"
ban_mailtext="${ban_mailtext}</pre></body></html>"
# send mail
#
if [ -x "${ban_mail}" ]
then
printf "%b" "${ban_mailhead}${ban_mailtext}" 2>/dev/null | "${ban_mail}" ${msmtp_debug} -a "${ban_mailprofile}" "${ban_mailreceiver}" >/dev/null 2>&1
ban_rc=${?}
f_log "info" "mail sent to '${ban_mailreceiver}' with rc '${ban_rc}'"
else
f_log "err" "msmtp mail daemon not found"
fi
exit ${ban_rc}

21
net/banip/files/banip.service
View file

@ -1,15 +1,17 @@
#!/bin/sh
# log service to trace failed ssh/luci logins and conditionally refresh banIP
# written by Dirk Brenken (dev@brenken.org)
#
# This is free software, licensed under the GNU General Public License v3.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# (s)hellcheck exceptions
# shellcheck disable=1091,2030,2031,2034,2039,2086,2129,2140,2143,2154,2181,2183,2188
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
ban_ver="${1}"
ban_sshdaemon="${2}"
ban_search="${2}"
ban_logger="$(command -v logger)"
ban_logread="$(command -v logread)"
@ -19,17 +21,16 @@ f_log()
if [ -x "${ban_logger}" ]
then
"${ban_logger}" -p "${class}" -t "banIP-${ban_ver}[${$}]" "${log_msg}"
"${ban_logger}" -p "${class}" -t "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
else
printf "%s %s %s\\n" "${class}" "banIP-${ban_ver}[${$}]" "${log_msg}"
printf "%s %s %s\n" "${class}" "banIP-${ban_ver%-*}[${$}]" "${log_msg}"
fi
}
if [ -x "${ban_logread}" ]
then
f_log "info" "log/banIP service started"
"${ban_logread}" -f -e "${ban_sshdaemon}\|luci: failed login" | \
{ grep -q "Exit before auth\|luci: failed login\|error: maximum authentication attempts exceeded"; [ $? -eq 0 ] && /etc/init.d/banip refresh; }
"${ban_logread}" -f | { grep -q "${ban_search}"; [ "${?}" = "0" ] && /etc/init.d/banip refresh; }
else
f_log "err" "can't start log/banIP service"
fi

2150
net/banip/files/banip.sh
View file

File diff suppressed because it is too large Load diff

179
net/banip/files/banip.sources Normal file
View file

@ -0,0 +1,179 @@
{
"asn": {
"url_4": "https://asn.ipinfo.app/api/text/list/",
"url_6": "https://asn.ipinfo.app/api/text/list/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add asn_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add asn_6 \"$1}",
"focus": "ASN blocks",
"descurl": "https://asn.ipinfo.app"
},
"bogon": {
"url_4": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
"url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add bogon_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add bogon_6 \"$1}",
"focus": "Bogon prefixes",
"descurl": "https://team-cymru.com"
},
"country": {
"url_4": "https://www.ipdeny.com/ipblocks/data/aggregated/",
"url_6": "https://www.ipdeny.com/ipv6/ipaddresses/aggregated/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add country_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add country_6 \"$1}",
"focus": "Country blocks",
"descurl": "https://www.ipdeny.com/ipblocks"
},
"darklist": {
"url_4": "https://darklist.de/raw.php",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add darklist_4 \"$1}",
"focus": "Attacker IP blacklist",
"descurl": "https://darklist.de"
},
"debl": {
"url_4": "https://www.blocklist.de/downloads/export-ips_all.txt",
"url_6": "https://www.blocklist.de/downloads/export-ips_all.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add debl_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add debl_6 \"$1}",
"focus": "Fail2ban IP blacklist",
"descurl": "https://www.blocklist.de"
},
"doh": {
"url_4": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt",
"url_6": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add doh_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add doh_6 \"$1}",
"focus": "Public DoH-Provider",
"descurl": "https://github.com/dibdot/DoH-IP-blocklists"
},
"drop": {
"url_4": "https://www.spamhaus.org/drop/drop.txt",
"url_6": "https://www.spamhaus.org/drop/dropv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add drop_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add drop_6 \"$1}",
"focus": "Spamhaus drop compilation",
"descurl": "https://www.spamhaus.org"
},
"dshield": {
"url_4": "https://feeds.dshield.org/block.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add dshield_4 \"$1 \"/\"$3}",
"focus": "Dshield IP blocklist",
"descurl": "https://www.dshield.org"
},
"edrop": {
"url_4": "https://www.spamhaus.org/drop/edrop.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add edrop_4 \"$1}",
"focus": "Spamhaus edrop compilation",
"descurl": "https://www.spamhaus.org"
},
"feodo": {
"url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add feodo_4 \"$1}",
"focus": "Feodo Tracker",
"descurl": "https://feodotracker.abuse.ch"
},
"firehol1": {
"url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol1_4 \"$1}",
"focus": "Firehol Level 1 compilation",
"descurl": "https://iplists.firehol.org/?ipset=firehol_level1"
},
"firehol2": {
"url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol2_4 \"$1}",
"focus": "Firehol Level 2 compilation",
"descurl": "https://iplists.firehol.org/?ipset=firehol_level2"
},
"firehol3": {
"url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol3_4 \"$1}",
"focus": "Firehol Level 3 compilation",
"descurl": "https://iplists.firehol.org/?ipset=firehol_level3"
},
"firehol4": {
"url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add firehol4_4 \"$1}",
"focus": "Firehol Level 4 compilation",
"descurl": "https://iplists.firehol.org/?ipset=firehol_level4"
},
"iblockads": {
"url_4": "https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add iblockads_4 \"$1}",
"focus": "Advertising blocklist",
"descurl": "https://www.iblocklist.com",
"comp": "gz"
},
"iblockspy": {
"url_4": "https://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=cidr&archiveformat=gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add iblockspy_4 \"$1}",
"focus": "Malicious spyware blocklist",
"descurl": "https://www.iblocklist.com",
"comp": "gz"
},
"myip": {
"url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
"url_6": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add myip_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add myip_6 \"$1}",
"focus": "Myip Live IP blacklist",
"descurl": "https://myip.ms"
},
"nixspam": {
"url_4": "http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz",
"rule_4": "/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add nixspam_4 \"$2}",
"focus": "iX spam protection",
"descurl": "http://www.nixspam.org",
"comp": "gz"
},
"proxy": {
"url_4": "https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/proxylists.ipset",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add proxy_4 \"$1}",
"focus": "Firehol list of open proxies",
"descurl": "https://iplists.firehol.org/?ipset=proxylists"
},
"sslbl": {
"url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
"rule_4": "BEGIN{FS=\",\"}/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{print \"add sslbl_4 \"$2}",
"focus": "SSL botnet IP blacklist",
"descurl": "https://sslbl.abuse.ch"
},
"threat": {
"url_4": "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add threat_4 \"$1}",
"focus": "Emerging Threats",
"descurl": "https://rules.emergingthreats.net"
},
"tor": {
"url_4": "https://lists.fissionrelays.net/tor/exits-ipv4.txt",
"url_6": "https://lists.fissionrelays.net/tor/exits-ipv6.txt",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add tor_4 \"$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{print \"add tor_6 \"$1}",
"focus": "Tor exit nodes",
"descurl": "https://fissionrelays.net/lists"
},
"uceprotect1": {
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{print \"add uceprotect1_4 \"$1}",
"focus": "Spam protection level 1",
"descurl": "http://www.uceprotect.net/en/index.php",
"comp": "gz"
},
"uceprotect2": {
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-2.uceprotect.net.gz",
"rule_4": "BEGIN{IGNORECASE=1}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]+NET[[:space:]]+)/{print \"add uceprotect2_4 \"$1}",
"focus": "Spam protection level 2",
"descurl": "http://www.uceprotect.net/en/index.php",
"comp": "gz"
},
"voip": {
"url_4": "http://www.voipbl.org/update/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add voip_4 \"$1}",
"focus": "VoIP fraud blocklist",
"descurl": "http://www.voipbl.org"
},
"yoyo": {
"url_4": "https://pgl.yoyo.org/adservers/iplist.php?ipformat=plain&showintro=0&mimetype=plaintext",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{print \"add yoyo_4 \"$1}",
"focus": "Ad protection blacklist",
"descurl": "https://pgl.yoyo.org/adservers/"
}
}