Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:advanced:ipset_extras [2023/04/27 05:29] – minor code refactoring; ipset reset lost its reason since new implementation vgaeteradocs:guide-user:advanced:ipset_extras [2023/10/18 07:56] – consolidate terminology vgaetera
Line 7: Line 7:
  
 ===== Features ===== ===== Features =====
-  * Create and populate IP sets with domains, CIDRs and ASNs.+  * Create and populate IP sets with domains, CIDRsASNs and GeoIP.
   * Populate IP sets automatically at startup.   * Populate IP sets automatically at startup.
  
Line 15: Line 15:
   * Utilize [[packages:pkgdata:resolveip]] to resolve domains.   * Utilize [[packages:pkgdata:resolveip]] to resolve domains.
   * Fetch ASN prefixes using [[https://stat.ripe.net/docs/data_api|RIPEstat Data API]].   * Fetch ASN prefixes using [[https://stat.ripe.net/docs/data_api|RIPEstat Data API]].
-  * Use [[docs:guide-user:base-system:hotplug|Hotplug]] to trigger setup automatically.+  * Fetch GeoIP data using [[https://www.ipdeny.com/ipblocks/|IPdeny GeoIP Data]]. 
 +  * Use [[docs:guide-user:advanced:hotplug_extras|Hotplug extras]] to trigger setup automatically.
  
 ===== Commands ===== ===== Commands =====
Line 40: Line 41:
 config_foreach ipset_proc_"${IPSET_CMD}" ipset config_foreach ipset_proc_"${IPSET_CMD}" ipset
 uci_commit firewall uci_commit firewall
-/etc/init.d/firewall reload+service firewall reload
 fw4 reload-sets fw4 reload-sets
 } }
Line 51: Line 52:
 config_list_foreach "${IPSET_CONF}" cidr ipset_cidr config_list_foreach "${IPSET_CONF}" cidr ipset_cidr
 config_list_foreach "${IPSET_CONF}" asn ipset_asn config_list_foreach "${IPSET_CONF}" asn ipset_asn
 +config_list_foreach "${IPSET_CONF}" geoip ipset_geoip
 } | sort -u > "${IPSET_TEMP}" } | sort -u > "${IPSET_TEMP}"
 config_list_foreach "${IPSET_CONF}" name ipset_"${IPSET_CMD}" config_list_foreach "${IPSET_CONF}" name ipset_"${IPSET_CMD}"
Line 101: Line 103:
 ipset_asn() { ipset_asn() {
 local IPSET_ENTRY="${1}" local IPSET_ENTRY="${1}"
-uclient-fetch -O - "https://stat.ripe.net/data/\+wget -O - "https://stat.ripe.net/data/\
 announced-prefixes/data.json?resource=${IPSET_ENTRY}" \ announced-prefixes/data.json?resource=${IPSET_ENTRY}" \
 | jsonfilter -e "$['data']['prefixes'][*]['prefix']" | jsonfilter -e "$['data']['prefixes'][*]['prefix']"
 +}
 +
 +ipset_geoip() {
 +local IPSET_ENTRY="${1}"
 +wget -O - "https://www.ipdeny.com/ipblocks/data/\
 +aggregated/${IPSET_ENTRY}-aggregated.zone" \
 +"https://www.ipdeny.com/ipv6/ipaddresses/\
 +aggregated/${IPSET_ENTRY}-aggregated.zone"
 } }
 EOF EOF
 . /etc/profile.d/ipset.sh . /etc/profile.d/ipset.sh
- 
-# Fetch IP sets 
-cat << "EOF" >> /etc/nftables.d/ipset-setup.sh 
-if lock -n /var/lock/ipset-setup 
-then . /etc/profile.d/ipset.sh 
-ipset setup 
-lock -u /var/lock/ipset-setup 
-fi 
-EOF 
-. /etc/nftables.d/ipset-setup.sh 
  
 # Configure hotplug # Configure hotplug
 mkdir -p /etc/hotplug.d/online mkdir -p /etc/hotplug.d/online
 cat << "EOF" > /etc/hotplug.d/online/70-ipset-setup cat << "EOF" > /etc/hotplug.d/online/70-ipset-setup
-if [ ! -e /var/lock/ipset-setup ] +if [ -z "${TERM}" ] \ 
-then . /etc/nftables.d/ipset-setup.sh+&& [ ! -e /var/lock/ipset-setup ] 
 +|| [ -n "${TERM}" ] \ 
 +&& lock -n /var/lock/ipset-setup \ 
 +&& sleep 10 
 +then . /etc/profile.d/ipset.sh 
 +ipset setup 
 +lock -u /var/lock/ipset-setup
 fi fi
 EOF EOF
Line 131: Line 137:
 # Configure cron # Configure cron
 cat << "EOF" >> /etc/crontabs/root cat << "EOF" >> /etc/crontabs/root
-0 */3 * * * . /etc/nftables.d/ipset-setup.sh+0 */3 * * * . /etc/hotplug.d/online/70-ipset-setup
 EOF EOF
-/etc/init.d/cron restart+service cron restart
 </code> </code>
  
Line 152: Line 158:
 uci add_list dhcp.example.asn="2906" uci add_list dhcp.example.asn="2906"
 uci add_list dhcp.example.asn="40027" uci add_list dhcp.example.asn="40027"
 +uci add_list dhcp.example.geoip="cn"
 +uci add_list dhcp.example.geoip="ru"
 uci commit dhcp uci commit dhcp
  
Line 160: Line 168:
 ===== Automated ===== ===== Automated =====
 <code bash> <code bash>
-uclient-fetch -O ipset-extras.sh "https://openwrt.org/_export/code/docs/guide-user/advanced/ipset_extras?codeblock=0"+wget -U "" -O ipset-extras.sh "https://openwrt.org/_export/code/docs/guide-user/advanced/ipset_extras?codeblock=0"
 . ./ipset-extras.sh . ./ipset-extras.sh
 </code> </code>
  
  • Last modified: 2024/04/17 19:58
  • by fail-safe1