diff --git a/block_blacklist.sh b/block_blacklist.sh new file mode 100755 index 0000000..a03b9f8 --- /dev/null +++ b/block_blacklist.sh @@ -0,0 +1,217 @@ +#!/bin/sh + +# 用户定义的变量 +username="用户名" +password="密码" +host="127.0.0.1" +port=9091 +chain="OUTPUT" +custom_chain_ipv4="CUSTOM_CHAIN_IPV4" +custom_chain_ipv6="CUSTOM_CHAIN_IPV6" +log_path="/tmp/block_xunlei.log" +interval_hour=4 # 时间是4小时的整数倍时重置防火墙规则 +DEBUG=0 # 默认禁用调试 +block_clients="xunlei +xl +thunder +gt0002 +xl0012 +xfplay +dandanplay +dl3760 +qq +hp +dt +xm +go +taibei +sp +StellarPlayer +flashget +torrentstorm +github +ljyun +cacao +offline +anacrolix +unknown +trafficConsume +-tt +-gt +-sd +-xf +-qd +-bn +-dl +qbittorrent/3.3.15 +Transmission 2.9 +BitComet 2.04" + +# 打印自定义链规则 +print_chain_rules() { + echo "当前IPv4自定义链规则:" + iptables -nL $custom_chain_ipv4 + echo "当前IPv6自定义链规则:" + ip6tables -nL $custom_chain_ipv6 +} + +print_log() { + echo -e "当前时间: $(date '+%Y-%m-%d %H:%M:%S')\n" + cat $log_path +} + +# 清空自定义链函数和日志 +flush_chains() { + echo "清空自定义链 $custom_chain_ipv4 和 $custom_chain_ipv6" + iptables -F $custom_chain_ipv4 # 清空IPv4自定义链 + ip6tables -F $custom_chain_ipv6 # 清空IPv6自定义链 + echo "清空日志" + echo "" >$log_path +} + +# 处理参数函数 +process_args() { + while [ $# -gt 0 ]; do + case "$1" in + --debug) + DEBUG=1 + echo "调试模式已启用" + ;; + --chain) + print_chain_rules + exit 0 + ;; + --log) + print_log + exit 0 + ;; + --flush) + flush_chains + exit 0 + ;; + --help) + echo " --debug Enable debug mode" + echo " --chain Print chain rules" + echo " --log Print log" + echo " --flush Flush chains and log" + echo " --help Show this help message" + exit 0 + ;; + *) + echo "Invalid option: $1" >&2 + exit 1 + ;; + esac + shift + done +} + +# 处理传入的参数 +process_args "$@" + +# 主脚本逻辑部分 + +# 调试输出函数 +debug_echo() { + if [ "$DEBUG" -eq 1 ]; then + echo "$@" + fi +} + +# 检查时间是否为4小时的整数倍 +check_interval() { + local minute=$(date "+%M") + local hour=$(date "+%H") + if [ "$minute" -eq 00 ] && [ $(($hour % $interval_hour)) -eq 0 ] && [ "$DEBUG" -eq 0 ]; then + debug_echo "当前时间是4小时的整数倍" + flush_chains + fi +} + +# 检查并创建自定义链并获取规则 +create_chains_and_get_rules() { + debug_echo "检查并创建自定义链(如果不存在)并获取当前规则..." + + ipv4_rules=$(iptables -nL $custom_chain_ipv4 2>/dev/null) + if [ -z "$ipv4_rules" ]; then + debug_echo "创建IPv4自定义链 $custom_chain_ipv4" + iptables -N $custom_chain_ipv4 + else + debug_echo "当前IPv4自定义链规则: $ipv4_rules" + fi + + ipv6_rules=$(ip6tables -nL $custom_chain_ipv6 2>/dev/null) + if [ -z "$ipv6_rules" ]; then + debug_echo "创建IPv6自定义链 $custom_chain_ipv6" + ip6tables -N $custom_chain_ipv6 + else + debug_echo "当前IPv6自定义链规则: $ipv6_rules" + fi +} + +# 确保自定义链在主链中被调用函数 +ensure_chain_calls() { + debug_echo "确保自定义链在主链中被调用..." + iptables -C $chain -j $custom_chain_ipv4 & + >/dev/null || ( + debug_echo "添加 $custom_chain_ipv4 到 $chain" + iptables -A $chain -j $custom_chain_ipv4 + ) + ip6tables -C $chain -j $custom_chain_ipv6 & + >/dev/null || ( + debug_echo "添加 $custom_chain_ipv6 到 $chain" + ip6tables -A $chain -j $custom_chain_ipv6 + ) +} + +# 检查是否为私有地址函数 +is_private_ip() { + local ip=$1 + if echo "$ip" | grep -q ":"; then + echo $ip | grep -qE '^fc00:|^fd00:|^fe80:' + else + echo $ip | grep -qE '^10\.|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-1]\.|^192\.168\.|^127\.0\.0\.1' + fi +} + +# 获取所有传输任务的对等节点IP地址 +debug_echo "获取传输任务对等节点的IP地址..." +ips=$(transmission-remote $host:$port --auth $username:$password -t all --info-peers | grep -v "^Address" | grep -v "^$") +debug_echo "$ips" + +# 执行函数 +check_interval +create_chains_and_get_rules +ensure_chain_calls + + +# 遍历指定的客户端名称 +echo "$block_clients" | while IFS= read -r client; do + debug_echo "处理客户端 $client: " # 输出正在处理的客户端名称 + # 获取与当前客户端匹配的IP地址 + client_ips=$(echo "$ips" | grep -F -i -- "$client" | cut -d " " -f 1) + for ip in $client_ips; do + # 检查当前IP是否已经在规则中 + if (echo "$ip" | grep -q ":" && echo "$ipv6_rules" | grep -q "$ip") || (echo "$ip" | grep -qv ":" && echo "$ipv4_rules" | grep -q "$ip"); then + debug_echo "$ip 已在规则中" + else + debug_echo "$ip 不在规则中" + # 检查是否为私有地址 + if is_private_ip "$ip"; then + debug_echo "$ip 是私有地址, 忽略." + else + # 添加规则 + [ "$DEBUG" -eq 0 ] && echo -e "$client\t\t$ip\t\t$(date '+%Y-%m-%d %H:%M:%S')\n" >>$log_path + if echo "$ip" | grep -q ":"; then + debug_echo "添加IPv6地址 $ip 到自定义链 $custom_chain_ipv6" + [ "$DEBUG" -eq 0 ] && ip6tables -I $custom_chain_ipv6 -d $ip -j DROP + else + debug_echo "添加IPv4地址 $ip 到自定义链 $custom_chain_ipv4" + [ "$DEBUG" -eq 0 ] && iptables -I $custom_chain_ipv4 -d $ip -j DROP + fi + fi + fi + done +done + +echo "脚本执行完毕." diff --git a/block_xunlei.sh b/block_xunlei.sh deleted file mode 100755 index a6ab562..0000000 --- a/block_xunlei.sh +++ /dev/null @@ -1,99 +0,0 @@ -#!/bin/sh - -# 显示当前日期和时间 -echo "当前日期和时间: $(date)" - -# 定义变量:用户名、密码、主机地址和端口 -username="用户名" -password="密码" -host="127.0.0.1" -port=9091 -chain="OUTPUT" # 定义主链名称 -custom_chain_ipv4="CUSTOM_CHAIN_IPV4" # 定义IPv4自定义链名称 -custom_chain_ipv6="CUSTOM_CHAIN_IPV6" # 定义IPv6自定义链名称 - -# 获取所有传输任务的对等节点IP地址 -echo "获取传输任务对等节点的IP地址..." -ips=$(transmission-remote $host:$port --auth $username:$password -t all --info-peers) -echo "获取的IP地址: $ips" - -# 获取当前分钟和小时 -minute=$(date "+%M") -hour=$(date "+%H") - -# 如果当前时间是每4小时的半小时(例如,0:30,4:30等) -if [ "$minute" -eq 30 ] && [ $(($hour % 4)) -eq 0 ]; then - echo "当前时间是每4小时的半小时, 清空自定义链 $custom_chain_ipv4 和 $custom_chain_ipv6" - iptables -F $custom_chain_ipv4 # 清空IPv4自定义链 - ip6tables -F $custom_chain_ipv6 # 清空IPv6自定义链 -fi - -# 检查并创建自定义链(如果不存在) -echo "检查并创建自定义链(如果不存在)..." -iptables -L $custom_chain_ipv4 &> /dev/null || (echo "创建IPv4自定义链 $custom_chain_ipv4"; iptables -N $custom_chain_ipv4) -ip6tables -L $custom_chain_ipv6 &> /dev/null || (echo "创建IPv6自定义链 $custom_chain_ipv6"; ip6tables -N $custom_chain_ipv6) - -# 确保自定义链在主链中被调用 -echo "确保自定义链在主链中被调用..." -iptables -C $chain -j $custom_chain_ipv4 &> /dev/null || (echo "添加 $custom_chain_ipv4 到 $chain"; iptables -A $chain -j $custom_chain_ipv4) -ip6tables -C $chain -j $custom_chain_ipv6 &> /dev/null || (echo "添加 $custom_chain_ipv6 到 $chain"; ip6tables -A $chain -j $custom_chain_ipv6) - -# 获取当前的自定义链规则 -echo "获取当前自定义链规则..." -ipv4_rules=$(iptables -nL $custom_chain_ipv4) -ipv6_rules=$(ip6tables -nL $custom_chain_ipv6) -echo "当前IPv4自定义链规则: $ipv4_rules" -echo "当前IPv6自定义链规则: $ipv6_rules" - -# 检查是否为私有 IPv4 地址 -is_private_ipv4() { - local ip=$1 - # Check for private IPv4 addresses - ipcalc -n $ip | grep -q 'Network: 10.0.0.0/8\|172.16.0.0/12\|192.168.0.0/16' -} - -# 检查是否为私有 IPv6 地址 -is_private_ipv6() { - local ip=$1 - # Check for private IPv6 addresses - echo $ip | grep -qE '^fc00:|^fd00:|^fe80:' -} - -# 遍历指定的客户端名称 -for client in xunlei xl thunder gt0002 xl0012 xfplay dandanplay dl3760 qq hp dt xm go taibei sp StellarPlayer flashget torrentstorm github ljyun cacao offline anacrolix unknown trafficConsume "-tt" "qbittorrent/3.3.15" -do - echo -n "处理客户端 $client: " # 输出正在处理的客户端名称 - # 获取与当前客户端匹配的IP地址 - for i in $(echo "$ips" | grep -F -i -- "$client" | cut -d " " -f 1) - do - # 检查当前IP是否已经在规则中 - if echo "$ipv4_rules" | grep -q $i || echo "$ipv6_rules" | grep -q $i; then - echo -n "$i 已在规则中, " # 如果在规则中,输出IP - else - echo -n "$i 不在规则中, " # 如果不在规则中,输出IP并说明未在规则中 - # 检查是否为IPv6地址 - if echo "$i" | grep -q ":" ; then - # 如果是IPv6地址,检查是否为私有地址 - if is_private_ipv6 $i; then - echo "$i 是私有IPv6地址, 忽略." - else - # 如果是IPv6地址,添加DROP规则到IPv6自定义链 - echo "添加IPv6地址 $i 到自定义链 $custom_chain_ipv6" - ip6tables -I $custom_chain_ipv6 -d $i -j DROP - fi - else - # 如果是IPv4地址,检查是否为私有地址 - if is_private_ipv4 $i; then - echo "$i 是私有IPv4地址, 忽略." - else - # 如果是IPv4地址,添加DROP规则到IPv4自定义链 - echo "添加IPv4地址 $i 到自定义链 $custom_chain_ipv4" - iptables -I $custom_chain_ipv4 -d $i -j DROP - fi - fi - fi - done - echo "" # 输出换行符 -done - -echo "脚本执行完毕." \ No newline at end of file