You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
70 lines
2.3 KiB
70 lines
2.3 KiB
2 years ago
|
#!/bin/bash
|
||
|
|
# info: update firewall ipset
|
||
|
|
# options: [REFRESH]
|
||
|
|
#
|
||
|
|
# example: v-update-firewall-ipset
|
||
|
|
#
|
||
|
|
# This function creates ipset lists and updates the lists if they are expired or ondemand
|
||
|
|
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
# Variables & Functions #
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
|
||
|
|
refresh=${1:-no}
|
||
|
|
|
||
|
|
# Includes
|
||
|
|
source /etc/profile.d/hestia.sh
|
||
|
|
# shellcheck source=/etc/hestiacp/hestia.conf
|
||
|
|
source /etc/hestiacp/hestia.conf
|
||
|
|
# shellcheck source=/usr/local/hestia/func/main.sh
|
||
|
|
source $HESTIA/func/main.sh
|
||
|
|
# load config file
|
||
|
|
source_conf "$HESTIA/conf/hestia.conf"
|
||
|
|
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
# Verifications #
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
|
||
|
|
is_refresh_ipset_format_valid "$refresh" 'Refresh IP lists (load/yes/no)'
|
||
|
|
is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
|
||
|
|
|
||
|
|
# Perform verification if read-only mode is enabled
|
||
|
|
check_hestia_demo_mode
|
||
|
|
|
||
|
|
ipset_hstobject='../../data/firewall/ipset'
|
||
|
|
|
||
|
|
for ipset_name in $(search_objects "$ipset_hstobject" 'SUSPENDED' 'no' 'LISTNAME' 2> /dev/null); do
|
||
|
|
|
||
|
|
ipset_time="$(get_object_value "$ipset_hstobject" 'LISTNAME' "$ipset_name" '$TIME')"
|
||
|
|
ipset_date="$(get_object_value "$ipset_hstobject" 'LISTNAME' "$ipset_name" '$DATE')"
|
||
|
|
ipset_au="$(get_object_value "$ipset_hstobject" 'LISTNAME' "$ipset_name" '$AUTOUPDATE')"
|
||
|
|
|
||
|
|
if [ "$ipset_au" = 'no' ] || [ "$refresh" = 'load' ]; then
|
||
|
|
# Load existing ip list files in the kernel but don't auto update them
|
||
|
|
# The "load" refresh option is only used by hestia-iptables systemd service
|
||
|
|
$BIN/v-add-firewall-ipset "$ipset_name"
|
||
|
|
continue
|
||
|
|
fi
|
||
|
|
|
||
|
|
last_updated_ts=$(date -d "$ipset_date $ipset_time" +%s)
|
||
|
|
now=$(date +%s)
|
||
|
|
hours_since_update=$(((now - last_updated_ts) / (60 * 60)))
|
||
|
|
|
||
|
|
if [[ "$hours_since_update" -lt 24 ]] && [ "$refresh" = 'no' ]; then
|
||
|
|
# Load existing ip list files in the kernel but don't auto update them
|
||
|
|
$BIN/v-add-firewall-ipset "$ipset_name"
|
||
|
|
continue
|
||
|
|
fi
|
||
|
|
|
||
|
|
$BIN/v-add-firewall-ipset "$ipset_name" '' '' '' 'yes'
|
||
|
|
done
|
||
|
|
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
# Hestia #
|
||
|
|
#----------------------------------------------------------#
|
||
|
|
|
||
|
|
# Logging
|
||
|
|
log_event "$OK" "$ARGUMENTS"
|
||
|
|
|
||
|
|
exit
|