v6.9.2

Add DNSCrypt Support Add syslog-ng Support Add ASN Banning/Unbanning Support
Adamm00 · Dec 3, 2019 · aac085a · aac085a
1 parent 9901cae
commit aac085a
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -35,30 +35,32 @@ In your favorite SSH Client;
 ## Help
 
 ```Shell
-Here Are Some Example Unban Commands;
+Example Unban Commands;
 ( sh /jffs/scripts/firewall unban ip 8.8.8.8 ) This Unbans The IP Specified
 ( sh /jffs/scripts/firewall unban range 8.8.8.8/24 ) This Unbans the CIDR Block Specified
 ( sh /jffs/scripts/firewall unban domain google.com ) This Unbans the URL Specified
 ( sh /jffs/scripts/firewall unban comment "Apples" ) This Unbans Entries With The Comment Apples
 ( sh /jffs/scripts/firewall unban country ) This Unbans Entries Added By The "Ban Country" Feature
+( sh /jffs/scripts/firewall unban asn AS123456 ) This Unbans the ASN Specified
 ( sh /jffs/scripts/firewall unban malware ) This Unbans Entries Added By The "Ban Malware" Feature
 ( sh /jffs/scripts/firewall unban nomanual ) This Unbans Everything But Manual Bans
 ( sh /jffs/scripts/firewall unban all ) This Unbans All Entries From Both Blacklists
 
-Here Are Some Example Ban Commands;
+Example Ban Commands;
 ( sh /jffs/scripts/firewall ban ip 8.8.8.8 "Apples" ) This Bans The IP Specified With The Comment Apples
 ( sh /jffs/scripts/firewall ban range 8.8.8.8/24 "Apples" ) This Bans the CIDR Block Specified With The Comment Apples
 ( sh /jffs/scripts/firewall ban domain google.com ) This Bans the URL Specified
 ( sh /jffs/scripts/firewall ban country "pk cn sa" ) This Bans The Known IPs For The Specified Countries (Accepts Single/Multiple Inputs If Quoted) http://www.ipdeny.com/ipblocks/data/countries/
+( sh /jffs/scripts/firewall ban asn AS123456 ) This Bans the ASN Specified
 
-Here Are Some Example Banmalware Commands;
+Example Banmalware Commands;
 ( sh /jffs/scripts/firewall banmalware ) This Bans IPs From The Predefined Filter List
 ( sh /jffs/scripts/firewall banmalware google.com/filter.list ) This Uses The Filter List From The Specified URL
 ( sh /jffs/scripts/firewall banmalware reset ) This Will Reset Skynet Back To The Default Filter URL
 ( sh /jffs/scripts/firewall banmalware exclude "list1.ipset|list2.ipset" ) This Will Exclude Lists Matching The Names "list1.ipset list2.ipset" From The Current Filter (Quotes And Pipes Are Nessessary For Seperating Multiple Entries!)
 ( sh /jffs/scripts/firewall banmalware exclude reset ) This Will Reset The Exclusion List
 
-Here Are Some Example Whitelist Commands;
+Example Whitelist Commands;
 ( sh /jffs/scripts/firewall whitelist ip 8.8.8.8 "Apples" ) This Whitelists The IP Specified With The Comment Apples
 ( sh /jffs/scripts/firewall whitelist range 8.8.8.8/24 "Apples" ) This Whitelists The Range Specified With The Comment Apples
 ( sh /jffs/scripts/firewall whitelist domain google.com) This Whitelists the URL Specified
@@ -69,20 +71,20 @@ Here Are Some Example Whitelist Commands;
 ( sh /jffs/scripts/firewall whitelist refresh ) Regenerate Shared Whitelist Files
 ( sh /jffs/scripts/firewall whitelist view ips|domains|imported ) View Whitelist Entries Based On Category (Leave Blank For All)
 
-Here Are Some Example Import Commands;
+Example Import Commands;
 ( sh /jffs/scripts/firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples
 ( sh /jffs/scripts/firewall import whitelist file.txt "Apples" ) This Whitelists All IPs From URL/Local File With The Comment Apples
 
-Here Are Some Example Deport Commands;
+Example Deport Commands;
 ( sh /jffs/scripts/firewall deport blacklist file.txt ) This Unbans All IPs From URL/Local File
 ( sh /jffs/scripts/firewall deport whitelist file.txt ) This Unwhitelists All IPs From URL/Local File
 
-Here Are Some Example Update Commands;
+Example Update Commands;
 ( sh /jffs/scripts/firewall update ) Standard Update Check - If Nothing Detected Exit
 ( sh /jffs/scripts/firewall update check ) Check For Updates Only - Wont Update If Detected
 ( sh /jffs/scripts/firewall update -f ) Force Update Even If No Changes Detected
 
-Here Are Some Example Settings Commands;
+Example Settings Commands;
 ( sh /jffs/scripts/firewall settings autoupdate enable|disable ) Enable/Disable Skynet Autoupdating
 ( sh /jffs/scripts/firewall settings banmalware daily|weekly|disable ) Enable/Disable Automatic Malware List Updating
 ( sh /jffs/scripts/firewall settings logmode enable|disable ) Enable/Disable Logging
@@ -101,7 +103,7 @@ Here Are Some Example Settings Commands;
 ( sh /jffs/scripts/firewall settings lookupcountry enable|disable ) Enable/Disable Country Lookup For Stat Data
 ( sh /jffs/scripts/firewall settings cdnwhitelist enable|disable ) Enable/Disable CDN Whitelisting
 
-Here Are Some Example Debug Commands;
+Example Debug Commands;
 ( sh /jffs/scripts/firewall debug watch ) Show Debug Entries As They Appear
 ( sh /jffs/scripts/firewall debug info ) Print Useful Debug Info
 ( sh /jffs/scripts/firewall debug info extended ) Debug Info + Config
@@ -110,7 +112,7 @@ Here Are Some Example Debug Commands;
 ( sh /jffs/scripts/firewall debug backup ) Backup Skynet Files To Skynets Install Directory With The Name "Skynet-Backup.tar.gz"
 ( sh /jffs/scripts/firewall debug restore ) Restore Backup Files From Skynets Install Directory With The Name "Skynet-Backup.tar.gz"
 
-Here Are Some Example Stats Commands;
+Example Stats Commands;
 ( sh /jffs/scripts/firewall stats ) Compile Stats With Default Top10 Output
 ( sh /jffs/scripts/firewall stats 20 ) Compile Stats With Customizable Top20 Output
 ( sh /jffs/scripts/firewall stats tcp ) Compile Stats Showing Only TCP Entries

diff --git a/firewall.sh b/firewall.sh
@@ -9,7 +9,7 @@
 #			                     __/ |                             				    #
 #			                    |___/                              				    #
 #                                                     							    #
-## - 25/10/2019 -		   Asus Firewall Addition By Adamm v6.9.1				    #
+## - 04/12/2019 -		   Asus Firewall Addition By Adamm v6.9.2				    #
 ##				   https://github.com/Adamm00/IPSet_ASUS		                    #
 #############################################################################################################
 
@@ -563,6 +563,10 @@ Is_Port () {
 		grep -qE '^[0-9]{1,5}$'
 }
 
+Is_ASN () {
+		grep -qiE '^AS[0-9]{1,6}$'
+}
+
 Strip_Domain () {
 		sed 's~http[s]*://~~;s~/.*~~;s~www\.~~g' | awk '!x[$0]++'
 }
@@ -877,6 +881,16 @@ Whitelist_Shared () {
 		for ip in $(nvram get "$dotvar" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}'); do
 			ipset -q -A Skynet-Whitelist "$ip" comment "nvram: $dotvar"
 		done
+		if [ -f "/jffs/dnscrypt/public-resolvers.md" ] && [ -f "/jffs/dnscrypt/relays.md" ]; then
+			if [ -f /opt/bin/opkg ] && [ ! -f /opt/bin/base64 ]; then
+				opkg update && opkg install coreutils-base64
+			fi
+			if [ -f /opt/bin/opkg ] && [ -f /opt/bin/base64 ]; then
+				grep -hoE '^sdns:.*' /jffs/dnscrypt/public-resolvers.md /jffs/dnscrypt/relays.md | sed "s~'~~g;s~sdns://~~g" | while read -r stamp; do
+					echo "$stamp" | base64 -d 2>/dev/null
+				done | grep -aoE '([0-9]{1,3}\.){3}[0-9]{1,3}' | awk '{printf "add Skynet-Whitelist %s comment \"nvram: DNSCrypt Stamp\"\n", $1 }' | ipset restore -!
+			fi
+		fi
 }
 
 Manage_Device () {
@@ -967,7 +981,7 @@ Create_Swap () {
 		done
 		swaplocation="${device}/myswap.swp"
 		if [ -f "$swaplocation" ]; then swapoff "$swaplocation" 2>/dev/null; rm -rf "$swaplocation"; fi
-		if [ "$(df $device | xargs | awk '{print $11}')" -le "$swapsize" ]; then echo "[*] Not Enough Free Space Available On $device"; Create_Swap; fi
+		if [ "$(df "$device" | xargs | awk '{print $11}')" -le "$swapsize" ]; then echo "[*] Not Enough Free Space Available On $device"; Create_Swap; fi
 		echo "[i] Creating SWAP File"
 		dd if=/dev/zero of="$swaplocation" bs=1k count="$swapsize"
 		mkswap "$swaplocation"
@@ -996,6 +1010,7 @@ Purge_Logs () {
 			sed '\~Skynet: \[#\] ~!d' "$syslog1loc" "$syslogloc" 2>/dev/null >> "$skynetevents"
 			sed -i '\~Skynet: \[#\] ~d;\~Skynet: \[i\] ~d;\~Skynet: \[\*\] Lock ~d' "$syslog1loc" "$syslogloc" 2>/dev/null
 		fi
+		if [ -f "/opt/etc/syslog-ng.d/skynet" ]; then /usr/bin/killall -HUP syslog-ng; fi
 }
 
 Print_Log () {
@@ -1156,11 +1171,12 @@ Load_Menu () {
 					echo "[3]  --> Domain"
 					echo "[4]  --> Comment"
 					echo "[5]  --> Country"
-					echo "[6]  --> Malware Lists"
-					echo "[7]  --> Non Manual Bans"
-					echo "[8]  --> All"
+					echo "[6]  --> ASN"
+					echo "[7]  --> Malware Lists"
+					echo "[8]  --> Non Manual Bans"
+					echo "[9]  --> All"
 					echo
-					printf "[1-8]: "
+					printf "[1-9]: "
 					read -r "menu2"
 					echo
 					case "$menu2" in
@@ -1209,14 +1225,24 @@ Load_Menu () {
 							break
 						;;
 						6)
-							option2="malware"
+							option2="asn"
+							echo "Input ASN To Unban:"
+							echo
+							printf "[ASN]: "
+							read -r "option3"
+							echo
+							if ! echo "$option3" | Is_ASN; then echo "[*] $option3 Is Not A Valid ASN"; echo; unset "option2" "option3"; continue; fi
 							break
 						;;
 						7)
-							option2="nomanual"
+							option2="malware"
 							break
 						;;
 						8)
+							option2="nomanual"
+							break
+						;;
+						9)
 							option2="all"
 							break
 						;;
@@ -1243,8 +1269,9 @@ Load_Menu () {
 					echo "[2]  --> Range"
 					echo "[3]  --> Domain"
 					echo "[4]  --> Country"
+					echo "[5]  --> ASN"
 					echo
-					printf "[1-4]: "
+					printf "[1-5]: "
 					read -r "menu2"
 					echo
 					case "$menu2" in
@@ -1302,6 +1329,16 @@ Load_Menu () {
 							if echo "$option3" | grep -qF "\""; then echo "[*] Country Field Can't Include Quotes - Please Try Again"; echo; unset "option2" "option3"; continue; fi
 							break
 						;;
+						5)
+							option2="asn"
+							echo "Input ASN To Ban:"
+							echo
+							printf "[ASN]: "
+							read -r "option3"
+							echo
+							if ! echo "$option3" | Is_ASN; then echo "[*] $option3 Is Not A Valid ASN"; echo; unset "option2" "option3"; continue; fi
+							break
+						;;
 						e|exit|back|menu)
 							unset "option1" "option2" "option3" "option4" "option5"
 							clear
@@ -2903,6 +2940,13 @@ case "$1" in
 				sed '\~add Skynet-Whitelist ~d;\~Country: ~!d;s~ comment.*~~;s~add~del~g' "$skynetipset" | ipset restore -!
 				unset "countrylist"
 			;;
+			asn)
+				if [ -z "$3" ]; then echo "[*] ASN Field Can't Be Empty - Please Try Again"; echo; exit 2; fi
+				if ! echo "$3" | Is_ASN; then echo "[*] $3 Is Not A Valid ASN"; echo; exit 2; fi
+				asnlist="$(echo "$3" | awk '{print toupper($0)}')"
+				echo "[i] Removing Previous $asnlist Bans"
+				sed "\~add Skynet-Whitelist ~d;\~$asnlist ~!d;s~ comment.*~~;s~add~del~g" "$skynetipset" | ipset restore -!
+			;;
 			malware)
 				echo "[i] Removing Previous Malware Blacklist Entries"
 				sed '\~add Skynet-Whitelist ~d;\~BanMalware~!d;s~ comment.*~~;s~add~del~g' "$skynetipset" | ipset restore -!
@@ -2988,6 +3032,13 @@ case "$1" in
 				grep -F "/" /tmp/skynet/countrylist.txt | sed -n "/^[0-9,\\.,\\/]*$/s/^/add Skynet-BlockedRanges /;s/$/& comment \"Country: $countrylist\"/p" | ipset restore -!
 				rm -rf "/tmp/skynet/countrylist.txt"
 			;;
+			asn)
+				if [ -z "$3" ]; then echo "[*] ASN Field Can't Be Empty - Please Try Again"; echo; exit 2; fi
+				if ! echo "$3" | Is_ASN; then echo "[*] $3 Is Not A Valid ASN"; echo; exit 2; fi
+				asnlist="$(echo "$3" | awk '{print toupper($0)}')"
+				echo "[i] Adding $asnlist To Blacklist"
+				curl -fsL --retry 3 "https://ipinfo.io/$asnlist" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}' | awk -v asn="$asnlist" '{printf "add Skynet-BlockedRanges %s comment \"ASN: %s \"\n", $1, asn }' | awk '!x[$0]++' | ipset restore -!
+			;;
 			*)
 				echo "Command Not Recognized, Please Try Again"
 				echo "For Help Check https://github.com/Adamm00/IPSet_ASUS#help"