-
Notifications
You must be signed in to change notification settings - Fork 0
/
blacklist-check
executable file
·80 lines (72 loc) · 2.13 KB
/
blacklist-check
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/bin/bash
### return 0 if IP is valid IPv4 and if NOT already in IPset blacklists
# 2.1 - added whitelist specific check -w
# 2.0 - moved ip check to ipcalc-ng
# 1.0 - add IP v4 string check
### Preset and vars
# refresh ipset all IP list for quick check
_LOGD='/root/blacklist/logs'
find ${_LOGD}/ipset-all.ip -mmin +60 -exec ipset save -f ${_LOGD}/ipset-all.ip \; || ipset save -f ${_LOGD}/ipset-all.ip
# check for installed ipcalc-ng
type ipcalc-ng &>/dev/null || { echo "ipcalc-ng not found.. exiting" && exit 1 ; }
_IP=''
_USAGE () {
echo "### Usage:"
echo "$(basebame $0) 192.168.1.1 # return 0 if \$1 is valid IPv4 address and if NOT already in IPset lists"
echo "$(basename $0) 192.168.1.1 -w # '-w' for whitelist check"
echo "$(basename $0) -v 192.168.1.1 # '-v' for verbose output"
echo
exit 2
}
while (( "$#" )); do
case "$1" in
-v|--verbose) _VERB='true'
shift
;;
-w|--whitelist) _WHITE='true'
shift
;;
-h|--help) _USAGE
shift
;;
-*|--*=) echo "Error: Unsupported flag $1" >&2
exit 1
;;
*) _IP="$1"
shift
;;
esac
done
eval set -- "$_IP"
[ -z "$_IP" ] && _USAGE
_ISANIP(){
if [ "$_VERB" = 'true' ]; then
ipcalc-ng -c $_IP || exit 1
else
ipcalc-ng -cs $_IP || exit 1
fi
}
_ISINBL(){
for _LST in $(ipset list -n); do
if [ "$_VERB" = 'true' ]; then
{ grep -m 1 -w $_IP ${_LOGD}/ipset-all.ip | grep $_LST && _FOUND=1 ; } || { ipset test $_LST $_IP && _FOUND=1 ; }
else
{ grep -q -m 1 -w $_IP ${_LOGD}/ipset-all.ip | grep $_LST && _FOUND=1 ; } || { ipset test $_LST $_IP >/dev/null 2>&1 && _FOUND=1 ; }
fi
done
[ "$_VERB" = 'true' ] && echo
}
_ISINWL(){
if [ "$_VERB" = 'true' ]; then
{ grep whitelist ${_LOGD}/ipset-all.ip | grep -m 1 -w $_IP && _FOUND=1 ; } || { ipset test whitelist $_IP && _FOUND=1 ; }
else
{ grep whitelist ${_LOGD}/ipset-all.ip |grep -q -m 1 -w $_IP && _FOUND=1 ; } || { ipset test whitelist $_IP >/dev/null 2>&1 && _FOUND=1 ; }
fi
[ "$_VERB" = 'true' ] && echo
}
[ "$_VERB" = 'true' ] && echo "### Blacklist-Check IP = $_IP "
_ISANIP
[ "$_WHITE" = true ] && _ISINWL || _ISINBL
[ "$_FOUND" = 1 ] && exit 1
# return 0 if reach
exit 0