Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:advanced:ipset_extras [2023/03/28 03:08] – [Instructions] optimize code vgaetera | docs:guide-user:advanced:ipset_extras [2023/10/18 07:56] – consolidate terminology vgaetera | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| ===== Features ===== | ===== Features ===== | ||
| - | * Create and populate IP sets with domains, CIDRs and ASNs. | + | * Create and populate IP sets with domains, CIDRs, ASNs and GeoIP. |
| * Populate IP sets automatically at startup. | * Populate IP sets automatically at startup. | ||
| Line 15: | Line 15: | ||
| * Utilize [[packages: | * Utilize [[packages: | ||
| * Fetch ASN prefixes using [[https:// | * Fetch ASN prefixes using [[https:// | ||
| - | * Use [[docs: | + | |
| + | | ||
| ===== Commands ===== | ===== Commands ===== | ||
| ^ Sub-command ^ Description ^ | ^ Sub-command ^ Description ^ | ||
| - | | '' | ||
| | '' | | '' | ||
| | '' | | '' | ||
| Line 31: | Line 31: | ||
| local IPSET_CMD=" | local IPSET_CMD=" | ||
| case " | case " | ||
| - | (reset) | + | (setup|unset) ipset_proc ;; |
| - | ipset unset | + | (*) command |
| - | ipset setup ;; | + | esac |
| - | (setup|unset) | + | } |
| + | |||
| + | ipset_proc() { | ||
| . / | . / | ||
| config_load dhcp | config_load dhcp | ||
| config_foreach ipset_proc_" | config_foreach ipset_proc_" | ||
| uci_commit firewall | uci_commit firewall | ||
| - | / | + | service |
| - | (*) command ipset " | + | fw4 reload-sets |
| - | esac | + | |
| } | } | ||
| Line 51: | Line 52: | ||
| config_list_foreach " | config_list_foreach " | ||
| config_list_foreach " | config_list_foreach " | ||
| - | } > " | + | config_list_foreach " |
| + | } | sort -u > " | ||
| config_list_foreach " | config_list_foreach " | ||
| rm -f " | rm -f " | ||
| Line 63: | Line 65: | ||
| ipset_setup() { | ipset_setup() { | ||
| local IPSET_NAME=" | local IPSET_NAME=" | ||
| - | local IPSET_FILE="/ | + | local IPSET_FILE="/ |
| local IPSET_FAMILY | local IPSET_FAMILY | ||
| case " | case " | ||
| (*6) IPSET_FAMILY=" | (*6) IPSET_FAMILY=" | ||
| - | sed -e "/\./d" " | + | sed -e "/ |
| (*) IPSET_FAMILY=" | (*) IPSET_FAMILY=" | ||
| - | sed -e "/:/ | + | sed -e "/:/ |
| - | esac | sort -u > " | + | esac < " |
| uci -q batch << EOI | uci -q batch << EOI | ||
| set firewall.' | set firewall.' | ||
| Line 82: | Line 84: | ||
| ipset_unset() { | ipset_unset() { | ||
| local IPSET_NAME=" | local IPSET_NAME=" | ||
| - | local IPSET_FILE="/ | + | local IPSET_FILE="/ |
| rm -f " | rm -f " | ||
| + | uci -q batch << EOI | ||
| + | delete firewall.' | ||
| + | EOI | ||
| } | } | ||
| Line 98: | Line 103: | ||
| ipset_asn() { | ipset_asn() { | ||
| local IPSET_ENTRY=" | local IPSET_ENTRY=" | ||
| - | uclient-fetch | + | wget -O - " |
| announced-prefixes/ | announced-prefixes/ | ||
| | jsonfilter -e " | | jsonfilter -e " | ||
| + | } | ||
| + | |||
| + | ipset_geoip() { | ||
| + | local IPSET_ENTRY=" | ||
| + | wget -O - " | ||
| + | aggregated/ | ||
| + | " | ||
| + | aggregated/ | ||
| } | } | ||
| EOF | EOF | ||
| Line 108: | Line 121: | ||
| mkdir -p / | mkdir -p / | ||
| cat << " | cat << " | ||
| - | if [ ! -e / | + | if [ -z " |
| - | && lock -n / | + | && |
| + | || [ -n " | ||
| + | && lock -n / | ||
| + | && sleep 10 | ||
| then . / | then . / | ||
| ipset setup | ipset setup | ||
| Line 118: | Line 134: | ||
| / | / | ||
| EOF | EOF | ||
| + | |||
| + | # Configure cron | ||
| + | cat << " | ||
| + | 0 */3 * * * . / | ||
| + | EOF | ||
| + | service cron restart | ||
| </ | </ | ||
| Line 136: | Line 158: | ||
| uci add_list dhcp.example.asn=" | uci add_list dhcp.example.asn=" | ||
| uci add_list dhcp.example.asn=" | uci add_list dhcp.example.asn=" | ||
| + | uci add_list dhcp.example.geoip=" | ||
| + | uci add_list dhcp.example.geoip=" | ||
| uci commit dhcp | uci commit dhcp | ||
| Line 144: | Line 168: | ||
| ===== Automated ===== | ===== Automated ===== | ||
| <code bash> | <code bash> | ||
| - | uclient-fetch -O ipset-extras.sh " | + | wget -U "" |
| . ./ | . ./ | ||
| </ | </ | ||