su/tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1

Browse Source
This commit is contained in:
sushen339
2025-11-18 03:01:56 +08:00
parent 9687a4fd4f
commit a4384ac881
1 changed files with 25 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
block-ip.sh
+25 -33
View File
@@ -8,6 +8,7 @@ BAN_TIME="24h"
RECORD_DIR="/tmp/block_ip_counts" RECORD_DIR="/tmp/block_ip_counts"
PERSIST_FILE="/etc/block-ip.list" PERSIST_FILE="/etc/block-ip.list"
COUNTRY_FILE="/etc/block-ip.country"
WHITELIST_FILE="/etc/block-ip.whitelist" WHITELIST_FILE="/etc/block-ip.whitelist"
INSTALL_PATH="/usr/local/bin/block-ip" INSTALL_PATH="/usr/local/bin/block-ip"
NFT_TABLE="inet filter" NFT_TABLE="inet filter"
@@ -139,19 +140,22 @@ ban_ip() {
if [ "$SAVE_DISK" -eq 1 ] && ! is_ipv6 "$BASE_IP" && ! echo "$TARGET_IP" | grep -q '/'; then if [ "$SAVE_DISK" -eq 1 ] && ! is_ipv6 "$BASE_IP" && ! echo "$TARGET_IP" | grep -q '/'; then
if command -v curl >/dev/null 2>&1; then if command -v curl >/dev/null 2>&1; then
COUNTRY_CODE=$(curl -s --max-time 2 "https://ipinfo.io/$BASE_IP/country" 2>/dev/null | tr -d '\n\r ') COUNTRY_CODE=$(curl -s --max-time 2 "https://ipinfo.io/$BASE_IP/country" 2>/dev/null | tr -d '\n\r ')
if [ -n "$COUNTRY_CODE" ] && [ ${#COUNTRY_CODE} -eq 2 ]; then
# 检查是否已存在记录
if ! grep -q "^$BASE_IP|" "$COUNTRY_FILE" 2>/dev/null; then
echo "$BASE_IP|$COUNTRY_CODE" >> "$COUNTRY_FILE"
fi
fi
fi fi
fi fi
if [ "$SAVE_DISK" -eq 1 ]; then if [ "$SAVE_DISK" -eq 1 ]; then
# 检查是否已存在记录(支持带|和不带|的格式) if ! grep -q "^$TARGET_IP$" "$PERSIST_FILE" 2>/dev/null; then
if ! grep -qE "^$TARGET_IP(\||$)" "$PERSIST_FILE" 2>/dev/null; then echo "$TARGET_IP" >> "$PERSIST_FILE"
# 如果有国家代码,写入格式:IP|CODE,否则只写IP if [ -n "$COUNTRY_CODE" ]; then
if [ -n "$COUNTRY_CODE" ] && [ ${#COUNTRY_CODE} -eq 2 ]; then
echo "$TARGET_IP|$COUNTRY_CODE" >> "$PERSIST_FILE"
COUNTRY_NAME=$(get_country_name "$COUNTRY_CODE") COUNTRY_NAME=$(get_country_name "$COUNTRY_CODE")
log "[执行封禁] IP=$TARGET_IP 国家=$COUNTRY_NAME 已封禁" log "[执行封禁] IP=$TARGET_IP 国家=$COUNTRY_NAME 已封禁"
else else
echo "$TARGET_IP" >> "$PERSIST_FILE"
log "[执行封禁] IP=$TARGET_IP 已封禁" log "[执行封禁] IP=$TARGET_IP 已封禁"
fi fi
fi fi
@@ -324,19 +328,14 @@ $RAW_V6"
# 国家统计 # 国家统计
msg "$C_CYAN" "=== 🌍 攻击源国家/地区统计 ===" msg "$C_CYAN" "=== 🌍 攻击源国家/地区统计 ==="
if [ -f "$PERSIST_FILE" ] && [ -s "$PERSIST_FILE" ]; then if [ -f "$COUNTRY_FILE" ] && [ -s "$COUNTRY_FILE" ]; then
# 从 PERSIST_FILE 提取国家代码并统计 # 直接统计country文件中的国家代码
COUNTRY_DATA=$(grep '|' "$PERSIST_FILE" 2>/dev/null | cut -d'|' -f2) cut -d'|' -f2 "$COUNTRY_FILE" | sort | uniq -c | sort -rn | while read -r count code; do
if [ -n "$COUNTRY_DATA" ]; then [ -n "$count" ] && [ -n "$code" ] && {
echo "$COUNTRY_DATA" | sort | uniq -c | sort -rn | while read -r count code; do COUNTRY_NAME=$(get_country_name "$code")
if [ -n "$count" ] && [ -n "$code" ]; then printf " - %-15s %b(%s 个)%b\n" "$COUNTRY_NAME" "$C_RED" "$count" "$C_RESET"
COUNTRY_NAME=$(get_country_name "$code") }
printf " - %-15s \033[31m(%s 个)\033[0m\n" "$COUNTRY_NAME" "$count" done
fi
done
else
echo "(暂无国家信息)"
fi
else else
echo "(暂无国家信息)" echo "(暂无国家信息)"
fi fi
@@ -365,16 +364,10 @@ do_show() {
"$C_CYAN" "$IPV4_COUNT" "$C_RESET" \ "$C_CYAN" "$IPV4_COUNT" "$C_RESET" \
"$C_YELLOW" "$IPV6_COUNT" "$C_RESET" "$C_YELLOW" "$IPV6_COUNT" "$C_RESET"
printf "%b%-45s %-15s%b\n" "$C_YELLOW" "IP 地址" "国家" "$C_RESET" printf "%b%-45s%b\n" "$C_YELLOW" "IP 地址" "$C_RESET"
echo "-------------------------------------------------------------" echo "---------------------------------------------"
awk -F'|' '{ awk '{printf "%-45s\n", $1}' "$PERSIST_FILE"
if (NF == 2) {
printf "%-45s %-15s\n", $1, $2
} else {
printf "%-45s %-15s\n", $1, "-"
}
}' "$PERSIST_FILE"
echo "" echo ""
msg "$C_CYAN" "📌 文件位置: $PERSIST_FILE" msg "$C_CYAN" "📌 文件位置: $PERSIST_FILE"
@@ -523,11 +516,11 @@ do_del() {
nft delete element $NFT_TABLE $NFT_SET "{ $DEL_ELEMENT }" >/dev/null 2>&1 nft delete element $NFT_TABLE $NFT_SET "{ $DEL_ELEMENT }" >/dev/null 2>&1
fi fi
# 从持久化文件删除(支持带|和不带|的格式) # 从持久化文件删除(支持原始输入格式)
if [ -f "$PERSIST_FILE" ]; then if [ -f "$PERSIST_FILE" ]; then
# 转义特殊字符用于sed # 转义特殊字符用于sed
ESCAPED=$(echo "$INPUT" | sed 's/[.[\/]/\\&/g') ESCAPED=$(echo "$INPUT" | sed 's/[.[\/]/\\&/g')
sed -i "/^$ESCAPED\(|.*\)\?$/d" "$PERSIST_FILE" sed -i "/^$ESCAPED$/d" "$PERSIST_FILE"
fi fi
log "[手动解封] IP=$INPUT" log "[手动解封] IP=$INPUT"
@@ -539,9 +532,7 @@ do_restore() {
# 恢复黑名单 # 恢复黑名单
if [ -f "$PERSIST_FILE" ]; then if [ -f "$PERSIST_FILE" ]; then
count=0 count=0
while IFS='|' read -r ip _; do while IFS= read -r ip; do [ -n "$ip" ] && ban_ip "$ip" 2 && count=$((count+1)); done < "$PERSIST_FILE"
[ -n "$ip" ] && ban_ip "$ip" 2 && count=$((count+1))
done < "$PERSIST_FILE"
log "[系统恢复] 已从磁盘恢复 $count 个黑名单 IP" log "[系统恢复] 已从磁盘恢复 $count 个黑名单 IP"
msg "$C_GREEN" "✅ 已从磁盘恢复 $count 个黑名单 IP" msg "$C_GREEN" "✅ 已从磁盘恢复 $count 个黑名单 IP"
fi fi
@@ -575,6 +566,7 @@ do_install() {
if [ "$CURRENT" != "$INSTALL_PATH" ]; then cp "$0" "$INSTALL_PATH" && chmod +x "$INSTALL_PATH"; fi if [ "$CURRENT" != "$INSTALL_PATH" ]; then cp "$0" "$INSTALL_PATH" && chmod +x "$INSTALL_PATH"; fi
mkdir -p "$RECORD_DIR" && chmod 700 "$RECORD_DIR" mkdir -p "$RECORD_DIR" && chmod 700 "$RECORD_DIR"
touch "$PERSIST_FILE" && chmod 600 "$PERSIST_FILE" touch "$PERSIST_FILE" && chmod 600 "$PERSIST_FILE"
touch "$COUNTRY_FILE" && chmod 600 "$COUNTRY_FILE"
touch "$LOG_FILE" && chmod 666 "$LOG_FILE" touch "$LOG_FILE" && chmod 666 "$LOG_FILE"
check_and_install_env; init_nft_rules; do_restore check_and_install_env; init_nft_rules; do_restore
PAM_FILE="/etc/pam.d/sshd" PAM_FILE="/etc/pam.d/sshd"