Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 1901

Přidáno uživatelem Michal Kliment před více než 11 roky(ů)

freenetis-redirection_1.9.4

Upravy:

- optimalizace aktualizace ipsetu

Zobrazit rozdíly:

freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.init.sh
# Email sevcik.roman@slfree.net #
# #
# Name freenetis-redirection.init.sh #
# Version 1.9.2 #
# Version 1.9.4 #
# #
################################################################################
......
ipset -N self_cancel iphash --hashsize 10000 --probes 8 --resize 50
ipset -N ranges nethash --hashsize 1024 --probes 4 --resize 50
# Create temporary ipset
ipset -N allowed_tmp iphash --hashsize 10000 --probes 8 --resize 50
ipset -N self_cancel_tmp iphash --hashsize 10000 --probes 8 --resize 50
ipset -N ranges_tmp nethash --hashsize 1024 --probes 4 --resize 50
#Rule for allowing access. If come packet to $IP_TARGET then we add source address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --set self_cancel src -d $IP_TARGET -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src
......
$IPTABLES -i $INPUT_INTERFACE -I FORWARD 2 -m set --set ranges src -j DROP
#Run update script on background
nohup $REDIRECTION_SYNCFILE >> "$LOG_FILE" 2>&1 &
nohup "$REDIRECTION_SYNCFILE" >> "$LOG_FILE" 2>&1 &
#Parse PID a save to file
ps aux | grep $REDIRECTION_SYNCFILE | grep -v grep | awk '{print $2}' > $REDIRECTION_PIDFILE
......
echo -n "Starting FreenetIS redirection HTTP deamon: "
#Run update script on background
nohup $REDIRECTION_HTTP_REDIRECTOR "$PORT_REDIRECT" "$PATH_FN" > "$LOG_FILE_REDIRECTOR" 2>&1 &
nohup "$REDIRECTION_HTTP_REDIRECTOR" "$PORT_REDIRECT" "$PATH_FN" > "$LOG_FILE_REDIRECTOR" 2>&1 &
#Parse PID a save to file
ps aux | grep $REDIRECTION_HTTP_REDIRECTOR | grep -v grep | awk '{print $2}' > $REDIRECTION_HTTP_REDIRECTOR_PIDFILE
......
ipset -X self_cancel
ipset -X ranges
# Delete temporary ipset
ipset -X allowed_tmp
ipset -X self_cancel_tmp
ipset -X ranges_tmp
# test if daemon is stopped
if [ `ps aux | grep $REDIRECTION_SYNCFILE | grep -v grep | wc -l` -eq 0 ]; then
echo "OK"
......
esac
exit 0
exit 0
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection-sync.sh
# email sevcik.roman@slfree.net #
# #
# name freenetis-redirection-sync.sh #
# version 1.9.2 #
# version 1.9.4 #
# #
################################################################################
#Load variables from config file
CONFIG=/etc/freenetis/freenetis-redirection.conf
#Paths where temporary data will be saved.
PATH_RANGES=/tmp/ranges
PATH_ALLOWED=/tmp/allowed
PATH_SELF_CANCEL=/tmp/self_cancel
LOG_PREFIX=`date "+%Y-%m-%d %H:%M"`" Redirection: "
#Load variables
......
exit 0
fi
# Function returns 1 if is IP valid
# @param IP address
# return 1 on true or other number on false
valid_ip ()
{
local ip=$1
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
OIFS=$IFS
IFS='.'
ip=($ip)
IFS=$OIFS
[[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]]
stat=$?
fi;
return $stat
}
update ()
{
echo $LOG_PREFIX"Updating..."
OIFS=$IFS
export IFS=";"
IFS=$OIFS
echo $LOG_PREFIX"Cleaning ipset ranges...";
ipset -F ranges
echo $LOG_PREFIX"Cleaning ipset allowed...";
ipset -F allowed
echo $LOG_PREFIX"Cleaning ipset self_cancel...";
ipset -F self_cancel
echo $LOG_PREFIX"Downloading data...";
wget -q -O $PATH_ALLOWED $SET_URL_ALLOWED --no-check-certificate
wget -q -O $PATH_SELF_CANCEL $SET_URL_SELF_CANCEL --no-check-certificate
wget -q -O $PATH_RANGES $SET_URL_RANGES --no-check-certificate
PATH_ALLOWED=`mktemp`
PATH_SELF_CANCEL=`mktemp`
PATH_RANGES=`mktemp`
ipset -F ranges_tmp
ipset -F allowed_tmp
ipset -F self_cancel_tmp
for URL in $SET_URL_ALLOWED;
do
echo $LOG_PREFIX"Downloaded list of allowed IP addresses from: $URL"
wget -qO- $URL --no-check-certificate >> "$PATH_ALLOWED"
done
for URL in $SET_URL_SELF_CANCEL;
do
echo $LOG_PREFIX"Downloaded list of self-cancel IP addresses from: $URL"
wget -qO- $URL --no-check-certificate >> "$PATH_SELF_CANCEL"
done
for URL in $SET_URL_RANGES;
do
echo $LOG_PREFIX"Downloaded list of ranges from: $URL"
wget -qO- $URL --no-check-certificate >> "$PATH_RANGES"
done
for i in $(cat $PATH_ALLOWED);
do
echo $LOG_PREFIX"$i - added to set allowed"
ipset -A allowed $i
ipset -A allowed_tmp $i
done
for i in $(cat $PATH_SELF_CANCEL);
do
echo $LOG_PREFIX"$i - added to set self_cancel"
ipset -A self_cancel $i
ipset -A self_cancel_tmp $i
done
for i in $(cat $PATH_RANGES);
do
echo $LOG_PREFIX"$i - added to set ranges"
ipset -A ranges $i
ipset -A ranges_tmp $i
done
ipset -W ranges_tmp ranges
ipset -W allowed_tmp allowed
ipset -W self_cancel_tmp self_cancel
#Cleaning up...
rm -f $PATH_RANGES
rm -f $PATH_ALLOWED
......
echo $LOG_PREFIX"Sleeping..."
sleep $DELAY;
LOG_PREFIX=`date "+%Y-%m-%d %H:%M"`" Redirection: "
}
while (true);
do
update
done
done
freenetis/branches/1.1/application/vendors/redirection/freenetis-redirection.init.wheezy.sh
# Email sevcik.roman@slfree.net #
# #
# Name freenetis-redirection.init.sh #
# Version 1.9.2 #
# Version 1.9.4 #
# #
################################################################################
......
ipset -N self_cancel iphash --hashsize 10000 --probes 8 --resize 50
ipset -N ranges nethash --hashsize 1024 --probes 4 --resize 50
# Create temporary ipset
ipset -N allowed_tmp iphash --hashsize 10000 --probes 8 --resize 50
ipset -N self_cancel_tmp iphash --hashsize 10000 --probes 8 --resize 50
ipset -N ranges_tmp nethash --hashsize 1024 --probes 4 --resize 50
#Rule for allowing access. If come packet to $IP_TARGET then we add source address do set allowed and to set seen
#Set seen is used for ip synchronization with FreenetIS.
$IPTABLES -i $INPUT_INTERFACE -t nat -A PREROUTING -m set --match-set self_cancel src -d $IP_TARGET -p tcp --dport $PORT_SELF_CANCEL -j SET --add-set allowed src
......
$IPTABLES -i $INPUT_INTERFACE -I FORWARD 2 -m set --match-set ranges src -j DROP
#Run update script on background
nohup $REDIRECTION_SYNCFILE >> "$LOG_FILE" 2>&1 &
nohup "$REDIRECTION_SYNCFILE" >> "$LOG_FILE" 2>&1 &
#Parse PID a save to file
ps aux | grep $REDIRECTION_SYNCFILE | grep -v grep | awk '{print $2}' > $REDIRECTION_PIDFILE
......
echo -n "Starting FreenetIS redirection HTTP deamon: "
#Run update script on background
nohup $REDIRECTION_HTTP_REDIRECTOR "$PORT_REDIRECT" "$PATH_FN" > "$LOG_FILE_REDIRECTOR" 2>&1 &
nohup "$REDIRECTION_HTTP_REDIRECTOR" "$PORT_REDIRECT" "$PATH_FN" > "$LOG_FILE_REDIRECTOR" 2>&1 &
#Parse PID a save to file
ps aux | grep $REDIRECTION_HTTP_REDIRECTOR | grep -v grep | awk '{print $2}' > $REDIRECTION_HTTP_REDIRECTOR_PIDFILE
......
ipset -X self_cancel
ipset -X ranges
# Delete temporary ipset
ipset -X allowed_tmp
ipset -X self_cancel_tmp
ipset -X ranges_tmp
# test if daemon is stopped
if [ `ps aux | grep $REDIRECTION_SYNCFILE | grep -v grep | wc -l` -eq 0 ]; then
echo "OK"

Také k dispozici: Unified diff