Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:advanced:ipset_extras [2023/09/19 00:01] – [Automated] fix wget UA vgaetera | docs:guide-user:advanced:ipset_extras [2023/10/18 07:56] – consolidate terminology vgaetera | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| ===== Features ===== | ===== Features ===== | ||
| - | * Create and populate IP sets with domains, CIDRs and ASNs. | + | * Create and populate IP sets with domains, CIDRs, ASNs and GeoIP. |
| * Populate IP sets automatically at startup. | * Populate IP sets automatically at startup. | ||
| Line 15: | Line 15: | ||
| * Utilize [[packages: | * Utilize [[packages: | ||
| * Fetch ASN prefixes using [[https:// | * Fetch ASN prefixes using [[https:// | ||
| - | * Use [[docs: | + | |
| + | | ||
| ===== Commands ===== | ===== Commands ===== | ||
| Line 40: | Line 41: | ||
| config_foreach ipset_proc_" | config_foreach ipset_proc_" | ||
| uci_commit firewall | uci_commit firewall | ||
| - | / | + | service |
| fw4 reload-sets | fw4 reload-sets | ||
| } | } | ||
| Line 51: | Line 52: | ||
| config_list_foreach " | config_list_foreach " | ||
| config_list_foreach " | config_list_foreach " | ||
| + | config_list_foreach " | ||
| } | sort -u > " | } | sort -u > " | ||
| config_list_foreach " | config_list_foreach " | ||
| Line 104: | Line 106: | ||
| announced-prefixes/ | announced-prefixes/ | ||
| | jsonfilter -e " | | jsonfilter -e " | ||
| + | } | ||
| + | |||
| + | ipset_geoip() { | ||
| + | local IPSET_ENTRY=" | ||
| + | wget -O - " | ||
| + | aggregated/ | ||
| + | " | ||
| + | aggregated/ | ||
| } | } | ||
| EOF | EOF | ||
| . / | . / | ||
| - | |||
| - | # Fetch IP sets | ||
| - | cat << " | ||
| - | if lock -n / | ||
| - | then . / | ||
| - | ipset setup | ||
| - | lock -u / | ||
| - | fi | ||
| - | EOF | ||
| - | . / | ||
| # Configure hotplug | # Configure hotplug | ||
| mkdir -p / | mkdir -p / | ||
| cat << " | cat << " | ||
| - | if [ ! -e / | + | if [ -z " |
| - | then . /etc/nftables.d/ipset-setup.sh | + | && |
| + | || [ -n " | ||
| + | && lock -n / | ||
| + | && sleep 10 | ||
| + | then . /etc/profile.d/ipset.sh | ||
| + | ipset setup | ||
| + | lock -u / | ||
| fi | fi | ||
| EOF | EOF | ||
| Line 131: | Line 137: | ||
| # Configure cron | # Configure cron | ||
| cat << " | cat << " | ||
| - | 0 */3 * * * . /etc/nftables.d/ | + | 0 */3 * * * . /etc/hotplug.d/online/70-ipset-setup |
| EOF | EOF | ||
| - | / | + | service |
| </ | </ | ||
| Line 152: | Line 158: | ||
| uci add_list dhcp.example.asn=" | uci add_list dhcp.example.asn=" | ||
| uci add_list dhcp.example.asn=" | uci add_list dhcp.example.asn=" | ||
| + | uci add_list dhcp.example.geoip=" | ||
| + | uci add_list dhcp.example.geoip=" | ||
| uci commit dhcp | uci commit dhcp | ||