fix: 🐛 chains rules check
This commit is contained in:
parent
9b688c7ce0
commit
664cea5103
|
@ -2,7 +2,7 @@ name: Update Blacklist
|
||||||
|
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 0 * * *' # 每天午夜运行一次
|
- cron: '30 15 * * *' # 中国时间+8
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
|
@ -74,9 +74,9 @@ debug_echo_pass() {
|
||||||
# 打印自定义链规则
|
# 打印自定义链规则
|
||||||
print_chain_rules() {
|
print_chain_rules() {
|
||||||
echo_info "当前IPv4自定义链规则:"
|
echo_info "当前IPv4自定义链规则:"
|
||||||
iptables -nL $custom_chain_ipv4
|
iptables -nL $custom_chain_ipv4 --line-numbers
|
||||||
echo_info "当前IPv6自定义链规则:"
|
echo_info "当前IPv6自定义链规则:"
|
||||||
ip6tables -nL $custom_chain_ipv6
|
ip6tables -nL $custom_chain_ipv6 --line-numbers
|
||||||
}
|
}
|
||||||
|
|
||||||
print_log() {
|
print_log() {
|
||||||
|
@ -84,10 +84,13 @@ print_log() {
|
||||||
}
|
}
|
||||||
|
|
||||||
# 清空自定义链函数和日志
|
# 清空自定义链函数和日志
|
||||||
flush_chains() {
|
reset_chains() {
|
||||||
echo_info "清空自定义链 $custom_chain_ipv4 和 $custom_chain_ipv6"
|
echo_info "清空自定义链 $custom_chain_ipv4 和 $custom_chain_ipv6"
|
||||||
iptables -F $custom_chain_ipv4 # 清空IPv4自定义链
|
iptables -F $custom_chain_ipv4 # 清空IPv4自定义链
|
||||||
ip6tables -F $custom_chain_ipv6 # 清空IPv6自定义链
|
ip6tables -F $custom_chain_ipv6 # 清空IPv6自定义链
|
||||||
|
}
|
||||||
|
|
||||||
|
clean_log() {
|
||||||
echo_info "清空日志"
|
echo_info "清空日志"
|
||||||
echo "" >$log_path
|
echo "" >$log_path
|
||||||
}
|
}
|
||||||
|
@ -104,20 +107,25 @@ process_args() {
|
||||||
print_chain_rules
|
print_chain_rules
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
|
--resetchain)
|
||||||
|
reset_chains
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
--log)
|
--log)
|
||||||
print_log
|
print_log
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
--flush)
|
--cleanlog)
|
||||||
flush_chains
|
clean_log
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
--help)
|
--help)
|
||||||
echo " --debug Enable debug mode"
|
echo " --debug Enable debug mode"
|
||||||
echo " --chain Print chain rules"
|
echo " --chain Print chain rules"
|
||||||
echo " --log Print log"
|
echo " --resetchain Reset chain rules"
|
||||||
echo " --flush Flush chains and log"
|
echo " --log Print log"
|
||||||
echo " --help Show this help message"
|
echo " --cleanlog Clean log"
|
||||||
|
echo " --help Show this help message"
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
@ -197,7 +205,7 @@ is_private_ip() {
|
||||||
|
|
||||||
# 获取所有传输任务的对等节点IP地址
|
# 获取所有传输任务的对等节点IP地址
|
||||||
debug_echo_info "获取传输任务对等节点的IP地址..."
|
debug_echo_info "获取传输任务对等节点的IP地址..."
|
||||||
ips=$(transmission-remote $host:$port --auth $username:$password -t all --info-peers | grep -v "^Address" | grep -v "^$")
|
ips=$(transmission-remote $host:$port --auth $username:$password -t all --info-peers | grep -v "^Address" | grep -v "^$" | awk '!seen[$1]++')
|
||||||
debug_echo_default "$ips"
|
debug_echo_default "$ips"
|
||||||
|
|
||||||
# 执行函数
|
# 执行函数
|
||||||
|
@ -205,23 +213,31 @@ check_interval
|
||||||
create_chains_and_get_rules
|
create_chains_and_get_rules
|
||||||
ensure_chain_calls
|
ensure_chain_calls
|
||||||
|
|
||||||
|
# 初始化一个变量来记录已经处理过的IP地址,使用换行符分隔
|
||||||
|
processed_ips=""
|
||||||
|
|
||||||
# 遍历所有IP地址
|
# 遍历所有IP地址
|
||||||
echo "$ips" | while IFS= read -r line; do
|
echo "$ips" | while IFS= read -r line; do
|
||||||
ip=$(echo "$line" | cut -d " " -f 1)
|
ip=$(echo "$line" | cut -d " " -f 1)
|
||||||
client=$(echo "$line" | awk '{for(i=6;i<=NF;++i)printf "%s ",$i;print ""}' | xargs)
|
client=$(echo "$line" | awk '{for(i=6;i<=NF;++i)printf "%s ",$i;print ""}' | xargs)
|
||||||
|
|
||||||
# 跳过无效的IP
|
|
||||||
if [ -z "$ip" ]; then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# 转化成/64,/24掩码
|
# 转化成/64,/24掩码
|
||||||
if echo "$ip" | grep -q ":"; then
|
if echo "$ip" | grep -q ":"; then
|
||||||
ip=$(echo "$ip" | awk -F: '{printf "%s:%s:%s:%s::/64", $1, $2, $3, $4}')
|
ip=$(echo "$ip" | awk -F: '{
|
||||||
|
# 如果第四组为:,用"0000"替代
|
||||||
|
if ($4 == ":") $4="0000";
|
||||||
|
printf "%s:%s:%s:%s::/64", $1, $2, $3, $4
|
||||||
|
}')
|
||||||
else
|
else
|
||||||
ip=$(echo "$ip" | cut -d '.' -f 1-3).0/24
|
ip=$(echo "$ip" | cut -d '.' -f 1-3).0/24
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# 检查IP是否已在本地缓存中
|
||||||
|
if echo "$processed_ips" | grep -q "^$ip$"; then
|
||||||
|
echo_pass "$ip 已在本地缓存中,跳过处理"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
|
||||||
# 初始化标志
|
# 初始化标志
|
||||||
in_special_cases=0
|
in_special_cases=0
|
||||||
in_whitelist=0
|
in_whitelist=0
|
||||||
|
@ -243,7 +259,7 @@ echo "$ips" | while IFS= read -r line; do
|
||||||
# 如果在特殊情况或不在白名单中,检查并加入屏蔽规则
|
# 如果在特殊情况或不在白名单中,检查并加入屏蔽规则
|
||||||
if [ "$in_special_cases" -eq 1 ] || [ "$in_whitelist" -eq 0 ]; then
|
if [ "$in_special_cases" -eq 1 ] || [ "$in_whitelist" -eq 0 ]; then
|
||||||
# 检查当前IP是否已经在规则中
|
# 检查当前IP是否已经在规则中
|
||||||
if (echo "$ip" | grep -q ":" && echo "$ipv6_rules" | grep -q "$ip") || (echo "$ip" | grep -qv ":" && echo "$ipv4_rules" | grep -q "$ip"); then
|
if (echo "$ip" | grep -q "::" && echo "$ipv6_rules" | grep -q "$ip") || (echo "$ip" | grep -q "." && echo "$ipv4_rules" | grep -q "$ip"); then
|
||||||
echo_pass "$ip 已在规则中"
|
echo_pass "$ip 已在规则中"
|
||||||
else
|
else
|
||||||
echo_err "$ip 不在规则中"
|
echo_err "$ip 不在规则中"
|
||||||
|
@ -253,7 +269,9 @@ echo "$ips" | while IFS= read -r line; do
|
||||||
else
|
else
|
||||||
# 添加规则
|
# 添加规则
|
||||||
[ "$DEBUG" -eq 0 ] && echo -e "$(date '+%Y-%m-%d %H:%M:%S')\t$client\t$ip" >>$log_path
|
[ "$DEBUG" -eq 0 ] && echo -e "$(date '+%Y-%m-%d %H:%M:%S')\t$client\t$ip" >>$log_path
|
||||||
if echo "$ip" | grep -q ":"; then
|
# 将已处理的IP加入本地缓存,使用换行符分隔
|
||||||
|
processed_ips="${processed_ips}${ip}\n"
|
||||||
|
if echo "$ip" | grep -q "::"; then
|
||||||
echo_err "添加IPv6地址 $ip 到自定义链 $custom_chain_ipv6"
|
echo_err "添加IPv6地址 $ip 到自定义链 $custom_chain_ipv6"
|
||||||
[ "$DEBUG" -eq 0 ] && ip6tables -I $custom_chain_ipv6 -d $ip -j DROP
|
[ "$DEBUG" -eq 0 ] && ip6tables -I $custom_chain_ipv6 -d $ip -j DROP
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue