banip: update 0.8.4-4

* add housekeeping to the autoallow function, only the current uplink will be held * fix small issues * cosmetics Signed-off-by: Dirk Brenken <dev@brenken.org>
2023-05-04 12:07:09 +02:00 · 2023-05-04 12:07:09 +02:00 · 97d6c8bf77
commit 97d6c8bf77
parent d079652396
4 changed files with 104 additions and 96 deletions
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=banip
 PKG_VERSION:=0.8.4
-PKG_RELEASE:=3
+PKG_RELEASE:=4
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@ -29,6 +29,7 @@ ban_nftcmd="$(command -v nft)"
 ban_fw4cmd="$(command -v fw4)"
 ban_awkcmd="$(command -v awk)"
 ban_grepcmd="$(command -v grep)"
 ban_sedcmd="$(command -v sed)"
 ban_lookupcmd="$(command -v nslookup)"
 ban_mailcmd="$(command -v msmtp)"
 ban_mailsender="no-reply@banIP"
@ -248,17 +249,17 @@ f_conf() {
 # prepare fetch utility
 #
 f_fetch() {
-	local ut utils packages insecure
+	local item utils packages insecure
 	if [ -z "${ban_fetchcmd}" ] || [ ! -x "${ban_fetchcmd}" ]; then
-		packages="$(${ban_ubuscmd} -S call rpc-sys packagelist 2>/dev/null)"
+		packages="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
-		[ -z "${packages}" ] && f_log "err" "local opkg package repository is not available, please set the download utility 'ban_fetchcmd' manually"
+		[ -z "${packages}" ] && f_log "err" "local package repository is not available, please set the download utility 'ban_fetchcmd' manually"
 		utils="aria2c curl wget uclient-fetch"
-		for ut in ${utils}; do
+		for item in ${utils}; do
-			if { [ "${ut}" = "uclient-fetch" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
+			if { [ "${item}" = "uclient-fetch" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
-				{ [ "${ut}" = "wget" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
+				{ [ "${item}" = "wget" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
-				[ "${ut}" = "curl" ] || [ "${ut}" = "aria2c" ]; then
+				[ "${item}" = "curl" ] || [ "${item}" = "aria2c" ]; then
-				ban_fetchcmd="$(command -v "${ut}")"
+				ban_fetchcmd="$(command -v "${item}")"
 				if [ -x "${ban_fetchcmd}" ]; then
 					uci_set banip global ban_fetchcmd "${ban_fetchcmd##*/}"
 					uci_commit "banip"
@ -429,12 +430,18 @@ f_getuplink() {
 		done
 		for ip in ${ban_uplink}; do
 			if ! "${ban_grepcmd}" -q "${ip}" "${ban_allowlist}"; then
-				update="1"
+				if [ "${update}" = "0" ]; then
 					"${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}"
 				fi
 				printf "%-42s%s\n" "${ip}" "# uplink added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_allowlist}"
 				f_log "info" "added uplink '${ip}' to local allowlist"
 				update="1"
 			fi
 		done
 		ban_uplink="${ban_uplink%%?}"
 	elif [ "${ban_autoallowlist}" = "1" ] && [ "${ban_autoallowuplink}" = "disable" ]; then
 		"${ban_sedcmd}" -i '/# uplink added on /d' "${ban_allowlist}"
 		update="1"
 	fi
 	f_log "debug" "f_getuplink ::: auto/update: ${ban_autoallowlist}/${update}, uplink: ${ban_uplink:-"-"}"
@ -867,7 +874,7 @@ f_restore() {
 # remove disabled feeds
 #
 f_rmset() {
-	local feedlist tmp_del ruleset_raw table_sets handle set del_set feed_log feed_rc
+	local feedlist tmp_del ruleset_raw item table_sets handle del_set feed_log feed_rc
 	f_getfeed
 	json_get_keys feedlist
@ -876,19 +883,19 @@ f_rmset() {
 	table_sets="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -qe '@.nftables[@.set.table="banIP"].set.name')"
 	{
 		printf "%s\n\n" "#!/usr/sbin/nft -f"
-		for set in ${table_sets}; do
+		for item in ${table_sets}; do
-			if ! printf "%s" "allowlist blocklist ${ban_feed}" | "${ban_grepcmd}" -q "${set%v*}" ||
+			if ! printf "%s" "allowlist blocklist ${ban_feed}" | "${ban_grepcmd}" -q "${item%v*}" ||
-				! printf "%s" "allowlist blocklist ${feedlist}" | "${ban_grepcmd}" -q "${set%v*}"; then
+				! printf "%s" "allowlist blocklist ${feedlist}" | "${ban_grepcmd}" -q "${item%v*}"; then
-				del_set="${del_set}${set}, "
+				del_set="${del_set}${item}, "
-				rm -f "${ban_backupdir}/banIP.${set}.gz"
+				rm -f "${ban_backupdir}/banIP.${item}.gz"
-				printf "%s\n" "flush set inet banIP ${set}"
+				printf "%s\n" "flush set inet banIP ${item}"
-				handle="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-input\"][@.expr[0].match.right=\"@${set}\"].handle")"
+				handle="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-input\"][@.expr[0].match.right=\"@${item}\"].handle")"
 				[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP wan-input handle ${handle}"
-				handle="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-forward\"][@.expr[0].match.right=\"@${set}\"].handle")"
+				handle="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-forward\"][@.expr[0].match.right=\"@${item}\"].handle")"
 				[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP wan-forward handle ${handle}"
-				handle="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"lan-forward\"][@.expr[0].match.right=\"@${set}\"].handle")"
+				handle="$(printf "%s\n" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"lan-forward\"][@.expr[0].match.right=\"@${item}\"].handle")"
 				[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP lan-forward handle ${handle}"
-				printf "%s\n\n" "delete set inet banIP ${set}"
+				printf "%s\n\n" "delete set inet banIP ${item}"
 			fi
 		done
 	} >"${tmp_del}"
@ -906,7 +913,7 @@ f_rmset() {
 # generate status information
 #
 f_genstatus() {
-	local object duration set table_sets cnt_elements="0" custom="0" split="0" status="${1}"
+	local object duration item table_sets cnt_elements="0" custom="0" split="0" status="${1}"
 	[ -z "${ban_dev}" ] && f_conf
 	if [ "${status}" = "active" ]; then
@ -916,8 +923,8 @@ f_genstatus() {
 		fi
 		table_sets="$("${ban_nftcmd}" -tj list ruleset 2>/dev/null | jsonfilter -qe '@.nftables[@.set.table="banIP"].set.name')"
 		if [ "${ban_reportelements}" = "1" ]; then
-			for set in ${table_sets}; do
+			for item in ${table_sets}; do
-				cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))"
+				cnt_elements="$((cnt_elements + $("${ban_nftcmd}" -j list set inet banIP "${item}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)))"
 			done
 		fi
 		runtime="action: ${ban_action:-"-"}, duration: ${duration:-"-"}, date: $(date "+%Y-%m-%d %H:%M:%S")"
@ -1078,7 +1085,7 @@ f_lookup() {
 # table statistics
 #
 f_report() {
-	local report_jsn report_txt set tmp_val ruleset_raw table_sets set_cnt set_input set_forwardwan set_forwardlan set_cntinput set_cntforwardwan set_cntforwardlan output="${1}"
+	local report_jsn report_txt tmp_val ruleset_raw item table_sets set_cnt set_input set_forwardwan set_forwardlan set_cntinput set_cntforwardwan set_cntforwardlan output="${1}"
 	local detail set_details jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan
 	[ -z "${ban_dev}" ] && f_conf
@ -1102,13 +1109,13 @@ f_report() {
 	: >"${report_jsn}"
 	{
 		printf "%s\n" "{"
-		printf "\t%s\n" '"sets": {'
+		printf "\t%s\n" '"sets":{'
-		for set in ${table_sets}; do
+		for item in ${table_sets}; do
-			set_cntinput="$(printf "%s" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-input\"][@.expr[0].match.right=\"@${set}\"].expr[*].counter.packets")"
+			set_cntinput="$(printf "%s" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-input\"][@.expr[0].match.right=\"@${item}\"].expr[*].counter.packets")"
-			set_cntforwardwan="$(printf "%s" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-forward\"][@.expr[0].match.right=\"@${set}\"].expr[*].counter.packets")"
+			set_cntforwardwan="$(printf "%s" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"wan-forward\"][@.expr[0].match.right=\"@${item}\"].expr[*].counter.packets")"
-			set_cntforwardlan="$(printf "%s" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"lan-forward\"][@.expr[0].match.right=\"@${set}\"].expr[*].counter.packets")"
+			set_cntforwardlan="$(printf "%s" "${ruleset_raw}" | jsonfilter -l1 -qe "@.nftables[@.rule.table=\"banIP\"&&@.rule.chain=\"lan-forward\"][@.expr[0].match.right=\"@${item}\"].expr[*].counter.packets")"
 			if [ "${ban_reportelements}" = "1" ]; then
-				set_cnt="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)"
+				set_cnt="$("${ban_nftcmd}" -j list set inet banIP "${item}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)"
 				sum_setelements="$((sum_setelements + set_cnt))"
 			else
 				set_cnt=""
@ -1139,7 +1146,7 @@ f_report() {
 				set_cntforwardlan=""
 			fi
 			[ "${sum_sets}" -gt "0" ] && printf "%s\n" ","
-			printf "\t\t%s\n" "\"${set}\": {"
+			printf "\t\t%s\n" "\"${item}\":{"
 			printf "\t\t\t%s\n" "\"cnt_elements\": \"${set_cnt}\","
 			printf "\t\t\t%s\n" "\"cnt_input\": \"${set_cntinput}\","
 			printf "\t\t\t%s\n" "\"input\": \"${set_input}\","
@ -1193,9 +1200,9 @@ f_report() {
 				if [ -n "${table_sets}" ]; then
 					printf "%-25s%-15s%-24s%-24s%s\n" "    Set" "| Elements" "| WAN-Input (packets)" "| WAN-Forward (packets)" "| LAN-Forward (packets)"
 					printf "%s\n" "    ---------------------+--------------+-----------------------+-----------------------+------------------------"
-					for set in ${table_sets}; do
+					for item in ${table_sets}; do
-						printf "    %-21s" "${set}"
+						printf "    %-21s" "${item}"
-						json_select "${set}"
+						json_select "${item}"
 						json_get_keys set_details
 						for detail in ${set_details}; do
 							json_get_var jsnval "${detail}" >/dev/null 2>&1
@ -1241,13 +1248,13 @@ f_report() {
 # set search
 #
 f_search() {
-	local set table_sets ip proto run_search hold cnt search="${1}"
+	local item table_sets ip proto hold cnt result_flag="/var/run/banIP.search" input="${1}"
-	if [ -n "${search}" ]; then
+	if [ -n "${input}" ]; then
-		ip="$(printf "%s" "${search}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{printf "%s",RT}')"
+		ip="$(printf "%s" "${input}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{printf "%s",RT}')"
 		[ -n "${ip}" ] && proto="v4"
 		if [ -z "${proto}" ]; then
-			ip="$(printf "%s" "${search}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{printf "%s",RT}')"
+			ip="$(printf "%s" "${input}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{printf "%s",RT}')"
 			[ -n "${ip}" ] && proto="v6"
 		fi
 	fi
@ -1261,13 +1268,15 @@ f_search() {
 	printf "    %s\n" "Looking for IP '${ip}' on $(date "+%Y-%m-%d %H:%M:%S")"
 	printf "    %s\n" "---"
 	cnt="1"
-	run_search="/var/run/banIP.search"
+	for item in ${table_sets}; do
-	for set in ${table_sets}; do
+		if [ -f "${result_flag}" ]; then
-		[ -f "${run_search}" ] && break
+			rm -f "${result_flag}"
 			return
 		fi
 		(
-			if "${ban_nftcmd}" get element inet banIP "${set}" "{ ${ip} }" >/dev/null 2>&1; then
+			if "${ban_nftcmd}" get element inet banIP "${item}" "{ ${ip} }" >/dev/null 2>&1; then
-				printf "    %s\n" "IP found in Set '${set}'"
+				printf "    %s\n" "IP found in Set '${item}'"
-				: >"${run_search}"
+				: >"${result_flag}"
 			fi
 		) &
 		hold="$((cnt % ban_cores))"
@ -1275,22 +1284,21 @@ f_search() {
 		cnt="$((cnt + 1))"
 	done
 	wait
-	[ ! -f "${run_search}" ] && printf "    %s\n" "IP not found"
+	printf "    %s\n" "IP not found"
 	rm -f "${run_search}"
 }
 # set survey
 #
 f_survey() {
-	local set_elements set="${1}"
+	local set_elements input="${1}"
-	if [ -z "${set}" ]; then
+	if [ -z "${input}" ]; then
 		printf "%s\n%s\n%s\n" ":::" "::: no valid survey input" ":::"
 		return
 	fi
-	[ -n "${set}" ] && set_elements="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')"
+	set_elements="$("${ban_nftcmd}" -j list set inet banIP "${input}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]')"
 	printf "%s\n%s\n%s\n" ":::" "::: banIP Survey" ":::"
-	printf "    %s\n" "List the elements of Set '${set}' on $(date "+%Y-%m-%d %H:%M:%S")"
+	printf "    %s\n" "List the elements of Set '${input}' on $(date "+%Y-%m-%d %H:%M:%S")"
 	printf "    %s\n" "---"
 	[ -n "${set_elements}" ] && printf "%s\n" "${set_elements}" || printf "    %s\n" "empty set"
 }
--- a/net/banip/files/banip-service.sh
+++ b/net/banip/files/banip-service.sh
@ -138,7 +138,7 @@ wait
 f_rmset
 f_rmdir "${ban_tmpdir}"
 f_genstatus "active"
-f_log "info" "finished banIP download processes"
+f_log "info" "finish banIP download processes"
 # start domain lookup
 #
--- a/net/banip/files/banip.feeds
+++ b/net/banip/files/banip.feeds
@ -1,259 +1,259 @@
 {
-	"adaway": {
+	"adaway":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adaway-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adaway-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "adaway IPs"
 	},
-	"adguard": {
+	"adguard":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguard-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguard-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "adguard IPs"
 	},
-	"adguardtrackers": {
+	"adguardtrackers":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguardtrackers-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/adguardtrackers-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "adguardtracker IPs"
 	},
-	"antipopads": {
+	"antipopads":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/antipopads-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/antipopads-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "antipopads IPs"
 	},
-	"asn": {
+	"asn":{
 		"url_4": "https://asn.ipinfo.app/api/text/list/",
 		"url_6": "https://asn.ipinfo.app/api/text/list/",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "ASN IPs"
 	},
-	"backscatterer": {
+	"backscatterer":{
 		"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "backscatterer IPs",
 		"flag": "gz"
 	},
-	"bogon": {
+	"bogon":{
 		"url_4": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt",
 		"url_6": "https://www.team-cymru.org/Services/Bogons/fullbogons-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "bogon prefixes"
 	},
-	"cinsscore": {
+	"cinsscore":{
 		"url_4": "https://cinsscore.com/list/ci-badguys.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "suspicious attacker IPs"
 	},
-	"country": {
+	"country":{
 		"url_4": "https://www.ipdeny.com/ipblocks/data/aggregated/",
 		"url_6": "https://www.ipdeny.com/ipv6/ipaddresses/aggregated/",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "country blocks"
 	},
-	"darklist": {
+	"darklist":{
 		"url_4": "https://darklist.de/raw.php",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "suspicious attacker IPs"
 	},
-	"debl": {
+	"debl":{
 		"url_4": "https://www.blocklist.de/downloads/export-ips_all.txt",
 		"url_6": "https://www.blocklist.de/downloads/export-ips_all.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "fail2ban IP blacklist"
 	},
-	"doh": {
+	"doh":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/DoH-IP-blocklists/master/doh-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "public DoH-Provider"
 	},
-	"drop": {
+	"drop":{
 		"url_4": "https://www.spamhaus.org/drop/drop.txt",
 		"url_6": "https://www.spamhaus.org/drop/dropv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "spamhaus drop compilation"
 	},
-	"dshield": {
+	"dshield":{
 		"url_4": "https://feeds.dshield.org/block.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s/%s,\\n\",$1,$3}",
 		"descr": "dshield IP blocklist"
 	},
-	"edrop": {
+	"edrop":{
 		"url_4": "https://www.spamhaus.org/drop/edrop.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "spamhaus edrop compilation"
 	},
-	"feodo": {
+	"feodo":{
 		"url_4": "https://feodotracker.abuse.ch/downloads/ipblocklist.txt",
 		"rule_4": "BEGIN{RS=\"\\r\\n\"}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "feodo tracker"
 	},
-	"firehol1": {
+	"firehol1":{
 		"url_4": "https://iplists.firehol.org/files/firehol_level1.netset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "firehol level 1 compilation"
 	},
-	"firehol2": {
+	"firehol2":{
 		"url_4": "https://iplists.firehol.org/files/firehol_level2.netset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "firehol level 2 compilation"
 	},
-	"firehol3": {
+	"firehol3":{
 		"url_4": "https://iplists.firehol.org/files/firehol_level3.netset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "firehol level 3 compilation"
 	},
-	"firehol4": {
+	"firehol4":{
 		"url_4": "https://iplists.firehol.org/files/firehol_level4.netset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{if(!seen[$1]++)printf \"%s,\\n\",$1}",
 		"descr": "firehol level 4 compilation"
 	},
-	"greensnow": {
+	"greensnow":{
 		"url_4": "https://blocklist.greensnow.co/greensnow.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "suspicious server IPs"
 	},
-	"iblockads": {
+	"iblockads":{
 		"url_4": "https://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=cidr&archiveformat=gz",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "advertising IPs",
 		"flag": "gz"
 	},
-	"iblockspy": {
+	"iblockspy":{
 		"url_4": "https://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=cidr&archiveformat=gz",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "malicious spyware IPs",
 		"flag": "gz"
 	},
-	"ipthreat": {
+	"ipthreat":{
 		"url_4": "https://lists.ipthreat.net/file/ipthreat-lists/threat/threat-30.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[-[:space:]]?/{printf \"%s,\\n\",$1}",
 		"descr": "hacker and botnet IPs"
 	},
-	"myip": {
+	"myip":{
 		"url_4": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
 		"url_6": "https://myip.ms/files/blacklist/general/latest_blacklist.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "real-time IP blocklist"
 	},
-	"nixspam": {
+	"nixspam":{
 		"url_4": "https://www.nixspam.net/download/nixspam-ip.dump.gz",
 		"rule_4": "/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$2}",
 		"descr": "iX spam protection",
 		"flag": "gz"
 	},
-	"oisdbig": {
+	"oisdbig":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdbig-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdbig-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "OISD-big IPs"
 	},
-	"oisdnsfw": {
+	"oisdnsfw":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdnsfw-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdnsfw-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "OISD-nsfw IPs"
 	},
-	"oisdsmall": {
+	"oisdsmall":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdsmall-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/oisdsmall-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "OISD-small IPs"
 	},
-	"proxy": {
+	"proxy":{
 		"url_4": "https://iplists.firehol.org/files/proxylists.ipset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "open proxies"
 	},
-	"sslbl": {
+	"sslbl":{
 		"url_4": "https://sslbl.abuse.ch/blacklist/sslipblacklist.csv",
 		"rule_4": "BEGIN{FS=\",\"}/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)/{printf \"%s,\\n\",$2}",
 		"descr": "SSL botnet IPs"
 	},
-	"stevenblack": {
+	"stevenblack":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/stevenblack-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)[[:space:]]/{printf \"%s,\\n\",$1}",
 		"descr": "stevenblack IPs"
 	},
-	"talos": {
+	"talos":{
 		"url_4": "https://www.talosintelligence.com/documents/ip-blacklist",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "talos IPs"
 	},
-	"threat": {
+	"threat":{
 		"url_4": "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "emerging threats"
 	},
-	"threatview": {
+	"threatview":{
 		"url_4": "https://threatview.io/Downloads/IP-High-Confidence-Feed.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "malicious IPs"
 	},
-	"tor": {
+	"tor":{
 		"url_4": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
 		"url_6": "https://raw.githubusercontent.com/SecOps-Institute/Tor-IP-Addresses/master/tor-exit-nodes.lst",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "tor exit nodes"
 	},
-	"uceprotect1": {
+	"uceprotect1":{
 		"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-1.uceprotect.net.gz",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "spam protection level 1",
 		"flag": "gz"
 	},
-	"uceprotect2": {
+	"uceprotect2":{
 		"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-2.uceprotect.net.gz",
 		"rule_4": "BEGIN{IGNORECASE=1}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]NET)/{printf \"%s,\\n\",$1}",
 		"descr": "spam protection level 2",
 		"flag": "gz"
 	},
-	"uceprotect3": {
+	"uceprotect3":{
 		"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/dnsbl-3.uceprotect.net.gz",
 		"rule_4": "BEGIN{IGNORECASE=1}/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]YOUR)/{printf \"%s,\\n\",$1}",
 		"descr": "spam protection level 3",
 		"flag": "gz"
 	},
-	"urlhaus": {
+	"urlhaus":{
 		"url_4": "https://urlhaus.abuse.ch/downloads/ids/",
 		"rule_4": "match($0,/(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5]))/){printf \"%s,\\n\",substr($0,RSTART,RLENGTH)}",
 		"descr": "urlhaus IDS IPs"
 	},
-	"urlvir": {
+	"urlvir":{
 		"url_4": "https://iplists.firehol.org/files/urlvir.ipset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "malware related IPs"
 	},
-	"voip": {
+	"voip":{
 		"url_4": "https://voipbl.org/update/",
 		"rule_4": "BEGIN{RS=\"(([0-9]{1,3}\\\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)\"}{if(RT)printf \"%s,\\n\",RT}",
 		"descr": "VoIP fraud blocklist"
 	},
-	"webclient": {
+	"webclient":{
 		"url_4": "https://iplists.firehol.org/files/firehol_webclient.netset",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
 		"descr": "malware related IPs"
 	},
-	"yoyo": {
+	"yoyo":{
 		"url_4": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/yoyo-ipv4.txt",
 		"url_6": "https://raw.githubusercontent.com/dibdot/banIP-IP-blocklists/main/yoyo-ipv6.txt",
 		"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)[[:space:]]/{printf \"%s,\\n\",$1}",