Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:advanced:ipset_extras [2021/12/08 09:11] – [Instructions] vgaetera | docs:guide-user:advanced:ipset_extras [2023/10/18 07:56] – consolidate terminology vgaetera | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== IP set extras ====== | ====== IP set extras ====== | ||
| - | {{section> | + | {{section> |
| ===== Introduction ===== | ===== Introduction ===== | ||
| - | * This instruction extends the functionality of [[https:// | + | * This instruction extends the functionality of [[docs:guide-user: |
| * Follow the [[docs: | * Follow the [[docs: | ||
| ===== Features ===== | ===== Features ===== | ||
| - | * Create and populate IP sets with domains, CIDRs and ASNs. | + | * Create and populate IP sets with domains, CIDRs, ASNs and GeoIP. |
| * Populate IP sets automatically at startup. | * Populate IP sets automatically at startup. | ||
| ===== Implementation ===== | ===== Implementation ===== | ||
| - | * Rely on [[docs: | + | * Rely on [[docs: |
| * Process settings with [[https:// | * Process settings with [[https:// | ||
| - | * Utilize [[https:// | + | * Utilize [[packages: |
| * Fetch ASN prefixes using [[https:// | * Fetch ASN prefixes using [[https:// | ||
| - | * Use [[docs: | + | |
| + | | ||
| ===== Commands ===== | ===== Commands ===== | ||
| Line 30: | Line 31: | ||
| local IPSET_CMD=" | local IPSET_CMD=" | ||
| case " | case " | ||
| - | (setup|unset) | + | (setup|unset) |
| + | (*) command ipset " | ||
| + | esac | ||
| + | } | ||
| + | |||
| + | ipset_proc() { | ||
| . / | . / | ||
| config_load dhcp | config_load dhcp | ||
| config_foreach ipset_proc_" | config_foreach ipset_proc_" | ||
| uci_commit firewall | uci_commit firewall | ||
| - | / | + | service |
| - | (*) command ipset " | + | fw4 reload-sets |
| - | esac | + | |
| } | } | ||
| Line 47: | Line 52: | ||
| config_list_foreach " | config_list_foreach " | ||
| config_list_foreach " | config_list_foreach " | ||
| - | } > " | + | config_list_foreach " |
| + | } | sort -u > " | ||
| config_list_foreach " | config_list_foreach " | ||
| rm -f " | rm -f " | ||
| Line 59: | Line 65: | ||
| ipset_setup() { | ipset_setup() { | ||
| local IPSET_NAME=" | local IPSET_NAME=" | ||
| + | local IPSET_FILE="/ | ||
| local IPSET_FAMILY | local IPSET_FAMILY | ||
| case " | case " | ||
| - | (*6) IPSET_FAMILY=" | + | (*6) IPSET_FAMILY=" |
| - | (*) IPSET_FAMILY=" | + | sed -e "/\./d" ;; |
| - | esac | + | (*) IPSET_FAMILY=" |
| + | sed -e "/:/d" ;; | ||
| + | esac < " | ||
| uci -q batch << EOI | uci -q batch << EOI | ||
| set firewall.' | set firewall.' | ||
| set firewall.' | set firewall.' | ||
| set firewall.' | set firewall.' | ||
| - | set firewall.' | ||
| set firewall.' | set firewall.' | ||
| - | $(sed -e "/ | + | set firewall.' |
| - | / | + | |
| - | del_list | + | |
| - | add_list firewall.'${IPSET_NAME}'.entry=' | + | |
| EOI | EOI | ||
| } | } | ||
| Line 79: | Line 84: | ||
| ipset_unset() { | ipset_unset() { | ||
| local IPSET_NAME=" | local IPSET_NAME=" | ||
| + | local IPSET_FILE="/ | ||
| + | rm -f " | ||
| uci -q batch << EOI | uci -q batch << EOI | ||
| - | delete firewall.' | + | delete firewall.' |
| EOI | EOI | ||
| } | } | ||
| Line 96: | Line 103: | ||
| ipset_asn() { | ipset_asn() { | ||
| local IPSET_ENTRY=" | local IPSET_ENTRY=" | ||
| - | uclient-fetch | + | wget -O - " |
| announced-prefixes/ | announced-prefixes/ | ||
| - | | jsonfilter -e "@[' | + | | jsonfilter -e "$[' |
| + | } | ||
| + | |||
| + | ipset_geoip() { | ||
| + | local IPSET_ENTRY=" | ||
| + | wget -O - " | ||
| + | aggregated/ | ||
| + | " | ||
| + | aggregated/ | ||
| } | } | ||
| EOF | EOF | ||
| Line 106: | Line 121: | ||
| mkdir -p / | mkdir -p / | ||
| cat << " | cat << " | ||
| - | if [ ! -e / | + | if [ -z " |
| - | && lock -n / | + | && |
| + | || [ -n " | ||
| + | && lock -n / | ||
| + | && sleep 10 | ||
| then . / | then . / | ||
| ipset setup | ipset setup | ||
| Line 116: | Line 134: | ||
| / | / | ||
| EOF | EOF | ||
| + | |||
| + | # Configure cron | ||
| + | cat << " | ||
| + | 0 */3 * * * . / | ||
| + | EOF | ||
| + | service cron restart | ||
| </ | </ | ||
| Line 122: | Line 146: | ||
| # Install packages | # Install packages | ||
| opkg update | opkg update | ||
| - | opkg remove dnsmasq | + | opkg install resolveip |
| - | opkg install | + | |
| # Configure IP sets, domains, CIDRs and ASNs | # Configure IP sets, domains, CIDRs and ASNs | ||
| Line 135: | Line 158: | ||
| uci add_list dhcp.example.asn=" | uci add_list dhcp.example.asn=" | ||
| uci add_list dhcp.example.asn=" | uci add_list dhcp.example.asn=" | ||
| + | uci add_list dhcp.example.geoip=" | ||
| + | uci add_list dhcp.example.geoip=" | ||
| uci commit dhcp | uci commit dhcp | ||
| Line 143: | Line 168: | ||
| ===== Automated ===== | ===== Automated ===== | ||
| <code bash> | <code bash> | ||
| - | uclient-fetch -O ipset-extras.sh " | + | wget -U "" |
| . ./ | . ./ | ||
| </ | </ | ||