## Main Features
* banIP supports the following fully pre-configured domain blocklist feeds (free for private usage, for commercial use please check their individual licenses).
- **Please note:** the columns "INP" and "FWD" show for which chains the feeds are suitable in common scenarios, e.g. the first entry should be limited to forward chain - see the config options 'ban\_blockforward' and 'ban\_blockinput' below.
+ **Please note:** the columns "WAN-INP", "WAN-FWD" and "LAN_FWD" show for which chains the feeds are suitable in common scenarios, e.g. the first entry should be limited to the LAN forward chain - see the config options 'ban\_blockinput', 'ban\_blockforwardwan' and 'ban\_blockforwardlan' below.
-| Feed | Focus | INP | FWD | Information |
-| :------------------ | :----------------------------: | :-: | :-: | :-------------------------------------------------------------------- |
-| adaway | adaway IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| adguard | adguard IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| adguardtrackers | adguardtracker IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| antipopads | antipopads IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| asn | ASN IPs | | x | [Link](https://asn.ipinfo.app) |
-| backscatterer | backscatterer IPs | x | x | [Link](https://www.uceprotect.net/en/index.php) |
-| bogon | bogon prefixes | x | x | [Link](https://team-cymru.com) |
-| country | country blocks | x | | [Link](https://www.ipdeny.com/ipblocks) |
-| cinsscore | suspicious attacker IPs | x | x | [Link](https://cinsscore.com/#list) |
-| darklist | blocks suspicious attacker IPs | x | x | [Link](https://darklist.de) |
-| debl | fail2ban IP blacklist | x | x | [Link](https://www.blocklist.de) |
-| doh | public DoH-Provider | | x | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
-| drop | spamhaus drop compilation | x | x | [Link](https://www.spamhaus.org) |
-| dshield | dshield IP blocklist | x | x | [Link](https://www.dshield.org) |
-| edrop | spamhaus edrop compilation | x | x | [Link](https://www.spamhaus.org) |
-| feodo | feodo tracker | x | x | [Link](https://feodotracker.abuse.ch) |
-| firehol1 | firehol level 1 compilation | x | x | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
-| firehol2 | firehol level 2 compilation | x | x | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
-| firehol3 | firehol level 3 compilation | x | x | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
-| firehol4 | firehol level 4 compilation | x | x | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
-| greensnow | suspicious server IPs | x | x | [Link](https://greensnow.co) |
-| iblockads | Advertising IPs | | x | [Link](https://www.iblocklist.com) |
-| iblockspy | Malicious spyware IPs | x | x | [Link](https://www.iblocklist.com) |
-| myip | real-time IP blocklist | x | x | [Link](https://myip.ms) |
-| nixspam | iX spam protection | x | x | [Link](http://www.nixspam.org) |
-| oisdnsfw | OISD-nsfw IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| oisdsmall | OISD-small IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| proxy | open proxies | x | | [Link](https://iplists.firehol.org/?ipset=proxylists) |
-| ssbl | SSL botnet IPs | x | x | [Link](https://sslbl.abuse.ch) |
-| stevenblack | stevenblack IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
-| talos | talos IPs | x | x | [Link](https://talosintelligence.com/reputation_center) |
-| threat | emerging threats | x | x | [Link](https://rules.emergingthreats.net) |
-| threatview | malicious IPs | x | x | [Link](https://threatview.io) |
-| tor | tor exit nodes | x | | [Link](https://github.com/SecOps-Institute/Tor-IP-Addresses) |
-| uceprotect1 | spam protection level 1 | x | x | [Link](http://www.uceprotect.net/en/index.php) |
-| uceprotect2 | spam protection level 2 | x | x | [Link](http://www.uceprotect.net/en/index.php) |
-| uceprotect3 | spam protection level 3 | x | x | [Link](http://www.uceprotect.net/en/index.php) |
-| urlhaus | urlhaus IDS IPs | x | x | [Link](https://urlhaus.abuse.ch) |
-| urlvir | malware related IPs | x | x | [Link](https://iplists.firehol.org/?ipset=urlvir) |
-| webclient | malware related IPs | x | x | [Link](https://iplists.firehol.org/?ipset=firehol_webclient) |
-| voip | VoIP fraud blocklist | x | x | [Link](https://voipbl.org) |
-| yoyo | yoyo IPs | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| Feed | Focus | WAN-INP | WAN-FWD | LAN-FWD | Information |
+| :------------------ | :----------------------------- | :-----: | :-----: | :-----: | :----------------------------------------------------------- |
+| adaway | adaway IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| adguard | adguard IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| adguardtrackers | adguardtracker IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| antipopads | antipopads IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| asn | ASN IPs | | | x | [Link](https://asn.ipinfo.app) |
+| backscatterer | backscatterer IPs | x | x | | [Link](https://www.uceprotect.net/en/index.php) |
+| bogon | bogon prefixes | x | x | | [Link](https://team-cymru.com) |
+| country | country blocks | x | x | | [Link](https://www.ipdeny.com/ipblocks) |
+| cinsscore | suspicious attacker IPs | x | x | | [Link](https://cinsscore.com/#list) |
+| darklist | blocks suspicious attacker IPs | x | x | | [Link](https://darklist.de) |
+| debl | fail2ban IP blacklist | x | x | | [Link](https://www.blocklist.de) |
+| doh | public DoH-Provider | | | x | [Link](https://github.com/dibdot/DoH-IP-blocklists) |
+| drop | spamhaus drop compilation | x | x | | [Link](https://www.spamhaus.org) |
+| dshield | dshield IP blocklist | x | x | | [Link](https://www.dshield.org) |
+| edrop | spamhaus edrop compilation | x | x | | [Link](https://www.spamhaus.org) |
+| feodo | feodo tracker | x | x | x | [Link](https://feodotracker.abuse.ch) |
+| firehol1 | firehol level 1 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level1) |
+| firehol2 | firehol level 2 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level2) |
+| firehol3 | firehol level 3 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level3) |
+| firehol4 | firehol level 4 compilation | x | x | | [Link](https://iplists.firehol.org/?ipset=firehol_level4) |
+| greensnow | suspicious server IPs | x | x | x | [Link](https://greensnow.co) |
+| iblockads | Advertising IPs | | | x | [Link](https://www.iblocklist.com) |
+| iblockspy | Malicious spyware IPs | x | x | x | [Link](https://www.iblocklist.com) |
+| myip | real-time IP blocklist | x | x | | [Link](https://myip.ms) |
+| nixspam | iX spam protection | x | x | | [Link](http://www.nixspam.org) |
+| oisdnsfw | OISD-nsfw IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| oisdsmall | OISD-small IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| proxy | open proxies | x | | | [Link](https://iplists.firehol.org/?ipset=proxylists) |
+| ssbl | SSL botnet IPs | x | x | x | [Link](https://sslbl.abuse.ch) |
+| stevenblack | stevenblack IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
+| talos | talos IPs | x | x | | [Link](https://talosintelligence.com/reputation_center) |
+| threat | emerging threats | x | x | x | [Link](https://rules.emergingthreats.net) |
+| threatview | malicious IPs | x | x | x | [Link](https://threatview.io) |
+| tor | tor exit nodes | x | x | x | [Link](https://github.com/SecOps-Institute/Tor-IP-Addresses) |
+| uceprotect1 | spam protection level 1 | x | x | | [Link](http://www.uceprotect.net/en/index.php) |
+| uceprotect2 | spam protection level 2 | x | x | | [Link](http://www.uceprotect.net/en/index.php) |
+| uceprotect3 | spam protection level 3 | x | x | | [Link](http://www.uceprotect.net/en/index.php) |
+| urlhaus | urlhaus IDS IPs | x | x | | [Link](https://urlhaus.abuse.ch) |
+| urlvir | malware related IPs | x | x | x | [Link](https://iplists.firehol.org/?ipset=urlvir) |
+| webclient | malware related IPs | x | x | x | [Link](https://iplists.firehol.org/?ipset=firehol_webclient) |
+| voip | VoIP fraud blocklist | x | x | | [Link](https://voipbl.org) |
+| yoyo | yoyo IPs | | | x | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
* zero-conf like automatic installation & setup, usually no manual changes needed
* all sets are handled in a separate nft table/namespace 'banIP'
| ban_logterm | list | regex | various regex for logfile parsing (default: dropbear, sshd, luci, nginx, asterisk) |
| ban_autodetect | option | 1 | auto-detect wan interfaces, devices and subnets |
| ban_debug | option | 0 | enable banIP related debug logging |
-| ban_loginput | option | 1 | log drops in the input chain |
-| ban_logforward | option | 0 | log rejects in the forward chain |
+| ban_loginput | option | 1 | log drops in the wan-input chain |
+| ban_logforwardwan | option | 1 | log drops in the wan-forward chain |
+| ban_logforwardlan | option | 0 | log rejects in the lan-forward chain |
| ban_autoallowlist | option | 1 | add wan IPs/subnets automatically to the local allowlist |
| ban_autoblocklist | option | 1 | add suspicious attacker IPs automatically to the local blocklist |
| ban_allowlistonly | option | 0 | restrict the internet access from/to a small number of secure websites/IPs |
| ban_feed | list | - | external download feeds, e.g. 'yoyo', 'doh', 'country' or 'talos' (see feed table) |
| ban_asn | list | - | ASNs for the 'asn' feed, e.g.'32934' |
| ban_country | list | - | country iso codes for the 'country' feed, e.g. 'ru' |
-| ban_blockinput | list | - | limit a feed to the input chain, e.g. 'country' |
-| ban_blockforward | list | - | limit a feed to the forward chain, e.g. 'doh' |
+| ban_blockinput | list | - | limit a feed to the wan-input chain, e.g. 'country' |
+| ban_blockforwardwan | list | - | limit a feed to the wan-forward chain, e.g. 'debl' |
+| ban_blockforwardlan | list | - | limit a feed to the lan-forward chain, e.g. 'doh' |
| ban_fetchcmd | option | - / autodetect | 'uclient-fetch', 'wget', 'curl' or 'aria2c' |
| ban_fetchparm | option | - / autodetect | set the config options for the selected download utility |
| ban_fetchinsecure | option | 0 | don't check SSL server certificates during download |
:::
::: banIP Set Statistics
:::
- Timestamp: 2023-02-08 22:12:40
+ Timestamp: 2023-02-25 08:35:37
------------------------------
- auto-added to allowlist: 1
- auto-added to blocklist: 0
+ auto-added to allowlist: 0
+ auto-added to blocklist: 4
- Set | Set Elements | Chain Input | Chain Forward | Input Packets | Forward Packets
- ---------------------+---------------+---------------+---------------+---------------+----------------
- allowlistvMAC | 0 | n/a | OK | n/a | 0
- allowlistv4 | 1 | OK | OK | 0 | 0
- allowlistv6 | 0 | OK | OK | 0 | 0
- blocklistvMAC | 0 | n/a | OK | n/a | 0
- blocklistv4 | 0 | OK | OK | 0 | 0
- blocklistv6 | 0 | OK | OK | 0 | 0
- dohv4 | 542 | n/a | OK | n/a | 22
- adguardv4 | 23007 | n/a | OK | n/a | 18
- yoyov4 | 1936 | n/a | OK | n/a | 1
- oisdbasicv4 | 26000 | n/a | OK | n/a | 325
- ---------------------+---------------+---------------+---------------+---------------+----------------
- 10 | 51486 | 4 | 10 | 0 | 366
+ Set | Elements | WAN-Input (packets) | WAN-Forward (packets) | LAN-Forward (packets)
+ ---------------------+--------------+-----------------------+-----------------------+------------------------
+ allowlistvMAC | 0 | - | - | OK: 0
+ allowlistv4 | 15 | OK: 0 | OK: 0 | OK: 0
+ allowlistv6 | 1 | OK: 0 | OK: 0 | OK: 0
+ torv4 | 800 | OK: 0 | OK: 0 | OK: 0
+ torv6 | 432 | OK: 0 | OK: 0 | OK: 0
+ countryv6 | 34282 | OK: 0 | OK: 1 | -
+ countryv4 | 35508 | OK: 1872 | OK: 0 | -
+ dohv6 | 343 | - | - | OK: 0
+ dohv4 | 540 | - | - | OK: 3
+ firehol1v4 | 1670 | OK: 296 | OK: 0 | OK: 16
+ deblv4 | 12402 | OK: 4 | OK: 0 | OK: 0
+ deblv6 | 41 | OK: 0 | OK: 0 | OK: 0
+ adguardv6 | 12742 | - | - | OK: 161
+ adguardv4 | 23183 | - | - | OK: 212
+ adguardtrackersv6 | 169 | - | - | OK: 0
+ adguardtrackersv4 | 633 | - | - | OK: 0
+ adawayv6 | 2737 | - | - | OK: 15
+ adawayv4 | 6542 | - | - | OK: 137
+ oisdsmallv6 | 10569 | - | - | OK: 0
+ oisdsmallv4 | 18800 | - | - | OK: 74
+ stevenblackv6 | 11901 | - | - | OK: 4
+ stevenblackv4 | 16776 | - | - | OK: 139
+ yoyov6 | 215 | - | - | OK: 0
+ yoyov4 | 309 | - | - | OK: 0
+ antipopadsv4 | 1872 | - | - | OK: 0
+ urlhausv4 | 7431 | OK: 0 | OK: 0 | OK: 0
+ antipopadsv6 | 2081 | - | - | OK: 2
+ blocklistvMAC | 0 | - | - | OK: 0
+ blocklistv4 | 1174 | OK: 1 | OK: 0 | OK: 0
+ blocklistv6 | 40 | OK: 0 | OK: 0 | OK: 0
+ ---------------------+--------------+-----------------------+-----------------------+------------------------
+ 30 | 203208 | 12 (2173) | 12 (1) | 28 (763)
```
**banIP runtime information**
```
-~# etc/init.d/banip status
+~# /etc/init.d/banip status
::: banIP runtime information
+ status : active
- + version : 0.8.0
- + element_count : 51486
- + active_feeds : allowlistvMAC, allowlistv4, allowlistv6, blocklistvMAC, blocklistv4, blocklistv6, dohv4, adguardv4
- , yoyov4, oisdbasicv4
+ + version : 0.8.1-1
+ + element_count : 206644
+ + active_feeds : allowlistvMAC, allowlistv4, allowlistv6, torv4, torv6, countryv6, countryv4, dohv4, dohv6, firehol1v4, deblv4, deblv6,
+ adguardv6, adguardv4, adguardtrackersv6, adguardtrackersv4, adawayv6, adawayv4, oisdsmallv6, oisdsmallv4, stevenblack
+ v6, stevenblackv4, yoyov6, yoyov4, antipopadsv4, urlhausv4, antipopadsv6, blocklistvMAC, blocklistv4, blocklistv6
+ active_devices : eth2
- + active_interfaces : wan
- + active_subnets : 192.168.98.107/24
- + run_info : base_dir: /tmp, backup_dir: /tmp/banIP-backup, report_dir: /tmp/banIP-report, feed_archive: /etc/b
- anip/banip.feeds.gz
- + run_flags : protocol (4/6): ✔/✘, log (inp/fwd): ✔/✘, deduplicate: ✔, split: ✘, allowed only: ✘
- + last_run : action: start, duration: 0m 15s, date: 2023-02-08 22:12:46
- + system_info : cores: 2, memory: 3614, device: PC Engines apu1, OpenWrt SNAPSHOT r21997-b5193291bd
+ + active_interfaces : wan, wan6
+ + active_subnets : 91.61.199.218/24, 2a02:910c:0:80:e542:4b0c:846d:1d33/128
+ + run_info : base_dir: /tmp, backup_dir: /mnt/data/banIP-backup, report_dir: /mnt/data/banIP-report, feed_archive: /etc/banip/banip
+ .feeds.gz
+ + run_flags : proto (4/6): ✔/✔, log (wan-inp/wan-fwd/lan-fwd): ✔/✔/✔, deduplicate: ✔, split: ✘, allowed only: ✘
+ + last_run : action: restart, duration: 1m 6s, date: 2023-02-25 08:55:55
+ + system_info : cores: 2, memory: 1826, device: Turris Omnia, OpenWrt SNAPSHOT r22125-52ddb38469
```
**banIP search information**
ban_logterm=""
ban_country=""
ban_asn=""
-ban_loginput="0"
-ban_logforward="0"
+ban_loginput="1"
+ban_logforwardwan="1"
+ban_logforwardlan="0"
ban_allowlistonly="0"
ban_autoallowlist="1"
ban_autoblocklist="1"
ban_autodetect=""
ban_feed=""
ban_blockinput=""
-ban_blockforward=""
+ban_blockforwardwan=""
+ban_blockforwardlan=""
ban_protov4="0"
ban_protov6="0"
ban_ifv4=""
# load config
#
f_conf() {
- unset ban_dev ban_ifv4 ban_ifv6 ban_feed ban_blockinput ban_blockforward ban_logterm ban_country ban_asn
+ unset ban_dev ban_ifv4 ban_ifv6 ban_feed ban_blockinput ban_blockforwardwan ban_blockforwardlan ban_logterm ban_country ban_asn
config_cb() {
option_cb() {
local option="${1}"
"ban_blockinput")
eval "${option}=\"$(printf "%s" "${ban_blockinput}")${value} \""
;;
- "ban_blockforward")
- eval "${option}=\"$(printf "%s" "${ban_blockforward}")${value} \""
+ "ban_blockforwardwan")
+ eval "${option}=\"$(printf "%s" "${ban_blockforwardwan}")${value} \""
+ ;;
+ "ban_blockforwardlan")
+ eval "${option}=\"$(printf "%s" "${ban_blockforwardlan}")${value} \""
;;
"ban_logterm")
eval "${option}=\"$(printf "%s" "${ban_logterm}")${value}\\|\""
fi
printf "%s\n" "add table inet banIP"
printf "%s\n" "add chain inet banIP wan-input { type filter hook input priority ${ban_nftpriority}; policy accept; }"
+ printf "%s\n" "add chain inet banIP wan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }"
printf "%s\n" "add chain inet banIP lan-forward { type filter hook forward priority ${ban_nftpriority}; policy accept; }"
- # default input rules
+ # default wan-input rules
#
printf "%s\n" "add rule inet banIP wan-input ct state established,related counter accept"
printf "%s\n" "add rule inet banIP wan-input iifname != { ${ban_dev// /, } } counter accept"
+ printf "%s\n" "add rule inet banIP wan-input meta nfproto ipv4 udp sport 67-68 udp dport 67-68 counter accept"
+ printf "%s\n" "add rule inet banIP wan-input meta nfproto ipv6 udp sport 547 udp dport 546 counter accept"
printf "%s\n" "add rule inet banIP wan-input meta nfproto ipv4 icmp type { echo-request } limit rate 1000/second counter accept"
printf "%s\n" "add rule inet banIP wan-input meta nfproto ipv6 icmpv6 type { echo-request } limit rate 1000/second counter accept"
printf "%s\n" "add rule inet banIP wan-input meta nfproto ipv6 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} limit rate 1000/second ip6 hoplimit 1 counter accept"
printf "%s\n" "add rule inet banIP wan-input meta nfproto ipv6 icmpv6 type { nd-neighbor-advert, nd-neighbor-solicit, nd-router-advert} limit rate 1000/second ip6 hoplimit 255 counter accept"
- # default forward rules
+ # default wan-forward rules
+ #
+ printf "%s\n" "add rule inet banIP wan-forward ct state established,related counter accept"
+ printf "%s\n" "add rule inet banIP wan-forward iifname != { ${ban_dev// /, } } counter accept"
+
+ # default lan-forward rules
#
printf "%s\n" "add rule inet banIP lan-forward ct state established,related counter accept"
printf "%s\n" "add rule inet banIP lan-forward oifname != { ${ban_dev// /, } } counter accept"
}
f_down() {
- local nft_loginput nft_logforward start_ts end_ts tmp_raw tmp_load tmp_file split_file input_handles forward_handles handle
+ local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file input_handles forwardwan_handles forwardlan_handles handle
local cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"
start_ts="$(date +%s)"
tmp_flush="${ban_tmpfile}.${feed}.flush"
tmp_nft="${ban_tmpfile}.${feed}.nft"
- [ "${ban_loginput}" = "1" ] && nft_loginput="log level ${ban_loglevel} prefix \"banIP_drp/${feed}: \""
- [ "${ban_logforward}" = "1" ] && nft_logforward="log level ${ban_loglevel} prefix \"banIP_rej/${feed}: \""
+ [ "${ban_loginput}" = "1" ] && log_input="log level ${ban_loglevel} prefix \"banIP/inp-wan/drp/${feed}: \""
+ [ "${ban_logforwardwan}" = "1" ] && log_forwardwan="log level ${ban_loglevel} prefix \"banIP/fwd-wan/drp/${feed}: \""
+ [ "${ban_logforwardlan}" = "1" ] && log_forwardlan="log level ${ban_loglevel} prefix \"banIP/fwd-lan/rej/${feed}: \""
# set source block direction
#
if printf "%s" "${ban_blockinput}" | "${ban_grepcmd}" -q "${feed%v*}"; then
feed_direction="input"
- elif printf "%s" "${ban_blockforward}" | "${ban_grepcmd}" -q "${feed%v*}"; then
- feed_direction="forward"
+ fi
+ if printf "%s" "${ban_blockforwardwan}" | "${ban_grepcmd}" -q "${feed%v*}"; then
+ feed_direction="${feed_direction} forwardwan"
+ fi
+ if printf "%s" "${ban_blockforwardlan}" | "${ban_grepcmd}" -q "${feed%v*}"; then
+ feed_direction="${feed_direction} forwardlan"
fi
# chain/rule maintenance
#
if [ "${ban_action}" = "reload" ] && "${ban_nftcmd}" -t list set inet banIP "${feed}" >/dev/null 2>&1; then
input_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP wan-input 2>/dev/null)"
- forward_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP lan-forward 2>/dev/null)"
+ forwardwan_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP wan-forward 2>/dev/null)"
+ forwardlan_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP lan-forward 2>/dev/null)"
{
printf "%s\n" "flush set inet banIP ${feed}"
handle="$(printf "%s\n" "${input_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}")"
[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP wan-input handle ${handle}"
- handle="$(printf "%s\n" "${forward_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}")"
+ handle="$(printf "%s\n" "${forwardwan_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}")"
+ [ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP wan-forward handle ${handle}"
+ handle="$(printf "%s\n" "${forwardlan_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}")"
[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP lan-forward handle ${handle}"
} >"${tmp_flush}"
fi
if [ "${proto}" = "MAC" ]; then
"${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s, ",tolower($1)}' "${ban_allowlist}" >"${tmp_file}"
printf "%s\n" "add set inet banIP ${feed} { type ether_addr; policy memory; $(f_getelements "${tmp_file}") }"
- if [ "${feed_direction}" != "input" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ether saddr @${feed} counter accept"
- fi
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr @${feed} counter accept"
elif [ "${proto}" = "4" ]; then
"${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{printf "%s, ",$1}' "${ban_allowlist}" >"${tmp_file}"
printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval; auto-merge; policy memory; $(f_getelements "${tmp_file}") }"
- if [ "${feed_direction}" != "forward" ]; then
+ if [ -z "${feed_direction##*input*}" ]; then
if [ "${ban_allowlistonly}" = "1" ]; then
- printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${nft_loginput} counter drop"
+ printf "%s\n" "add rule inet banIP wan-input ip saddr != @${feed} ${log_input} counter drop"
else
printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} counter accept"
fi
fi
- if [ "${feed_direction}" != "input" ]; then
+ if [ -z "${feed_direction##*forwardwan*}" ]; then
+ if [ "${ban_allowlistonly}" = "1" ]; then
+ printf "%s\n" "add rule inet banIP wan-forward ip saddr != @${feed} ${log_forwardwan} counter drop"
+ else
+ printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} counter accept"
+ fi
+ fi
+ if [ -z "${feed_direction##*forwardlan*}" ]; then
if [ "${ban_allowlistonly}" = "1" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${nft_logforward} counter reject with icmp type admin-prohibited"
+ printf "%s\n" "add rule inet banIP lan-forward ip daddr != @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited"
else
printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} counter accept"
fi
"${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s\n",$1}' "${ban_allowlist}" |
"${ban_awkcmd}" '/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\/(1?[0-2][0-8]|[0-9][0-9]))?)([[:space:]]|$)/{printf "%s, ",tolower($1)}' >"${tmp_file}"
printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval; auto-merge; policy memory; $(f_getelements "${tmp_file}") }"
- if [ "${feed_direction}" != "forward" ]; then
+ if [ -z "${feed_direction##*input*}" ]; then
if [ "${ban_allowlistonly}" = "1" ]; then
- printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${nft_loginput} counter drop"
+ printf "%s\n" "add rule inet banIP wan-input ip6 saddr != @${feed} ${log_input} counter drop"
else
printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} counter accept"
fi
fi
- if [ "${feed_direction}" != "input" ]; then
+ if [ -z "${feed_direction##*forwardwan*}" ]; then
+ if [ "${ban_allowlistonly}" = "1" ]; then
+ printf "%s\n" "add rule inet banIP wan-forward ip6 saddr != @${feed} ${log_forwardwan} counter drop"
+ else
+ printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} counter accept"
+ fi
+ fi
+ if [ -z "${feed_direction##*forwardlan*}" ]; then
if [ "${ban_allowlistonly}" = "1" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${nft_logforward} counter reject with icmpv6 type admin-prohibited"
+ printf "%s\n" "add rule inet banIP lan-forward ip6 daddr != @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
else
printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} counter accept"
fi
if [ "${proto}" = "MAC" ]; then
"${ban_awkcmd}" '/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s, ",tolower($1)}' "${ban_blocklist}" >"${tmp_file}"
printf "%s\n" "add set inet banIP ${feed} { type ether_addr; policy memory; $(f_getelements "${tmp_file}") }"
- if [ "${feed_direction}" != "input" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ether saddr @${feed} ${nft_logforward} counter reject"
- fi
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ether saddr @${feed} ${log_forwardlan} counter reject"
elif [ "${proto}" = "4" ]; then
if [ "${ban_deduplicate}" = "1" ]; then
"${ban_awkcmd}" '/^(([0-9]{1,3}\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\/(1?[0-9]|2?[0-9]|3?[0-2]))?)([[:space:]]|$)/{printf "%s,\n",$1}' "${ban_blocklist}" >"${tmp_raw}"
fi
"${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}"
printf "%s\n" "add set inet banIP ${feed} { type ipv4_addr; flags interval, timeout; auto-merge; policy memory; $(f_getelements "${tmp_file}") }"
- if [ "${feed_direction}" != "forward" ]; then
- printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${nft_loginput} counter drop"
- fi
- if [ "${feed_direction}" != "input" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${nft_logforward} counter reject with icmp type admin-prohibited"
- fi
+ [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop"
+ [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop"
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited"
elif [ "${proto}" = "6" ]; then
if [ "${ban_deduplicate}" = "1" ]; then
"${ban_awkcmd}" '!/^([0-9A-f]{2}:){5}[0-9A-f]{2}([[:space:]]|$)/{printf "%s\n",$1}' "${ban_blocklist}" |
fi
"${ban_awkcmd}" '{ORS=" ";print}' "${tmp_split}" 2>/dev/null >"${tmp_file}"
printf "%s\n" "add set inet banIP ${feed} { type ipv6_addr; flags interval, timeout; auto-merge; policy memory; $(f_getelements "${tmp_file}") }"
- if [ "${feed_direction}" != "forward" ]; then
- printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${nft_loginput} counter drop"
- fi
- if [ "${feed_direction}" != "input" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${nft_logforward} counter reject with icmpv6 type admin-prohibited"
- fi
+ [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop"
+ [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop"
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
fi
} >"${tmp_nft}"
feed_rc="${?}"
# input and forward rules
#
- if [ "${feed_direction}" != "forward" ]; then
- printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${nft_loginput} counter drop"
- fi
- if [ "${feed_direction}" != "input" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${nft_logforward} counter reject with icmp type admin-prohibited"
- fi
+ [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip saddr @${feed} ${log_input} counter drop"
+ [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip saddr @${feed} ${log_forwardwan} counter drop"
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip daddr @${feed} ${log_forwardlan} counter reject with icmp type admin-prohibited"
} >"${tmp_nft}"
elif [ "${feed_rc}" = "0" ] && [ "${proto}" = "6" ]; then
{
# input and forward rules
#
- if [ "${feed_direction}" != "forward" ]; then
- printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${nft_loginput} counter drop"
- fi
- if [ "${feed_direction}" != "input" ]; then
- printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${nft_logforward} counter reject with icmpv6 type admin-prohibited"
- fi
+ [ -z "${feed_direction##*input*}" ] && printf "%s\n" "add rule inet banIP wan-input ip6 saddr @${feed} ${log_input} counter drop"
+ [ -z "${feed_direction##*forwardwan*}" ] && printf "%s\n" "add rule inet banIP wan-forward ip6 saddr @${feed} ${log_forwardwan} counter drop"
+ [ -z "${feed_direction##*forwardlan*}" ] && printf "%s\n" "add rule inet banIP lan-forward ip6 daddr @${feed} ${log_forwardlan} counter reject with icmpv6 type admin-prohibited"
} >"${tmp_nft}"
fi
fi
# remove disabled feeds
#
f_rmset() {
- local tmp_del table_sets input_handles forward_handles handle sets feed feed_log feed_rc
+ local tmp_del table_sets input_handles forwardwan_handles forwardlan_handles handle sets feed feed_log feed_rc
tmp_del="${ban_tmpfile}.final.delete"
table_sets="$("${ban_nftcmd}" -t list table inet banIP 2>/dev/null | "${ban_awkcmd}" '/^[[:space:]]+set [[:alnum:]]+ /{printf "%s ",$2}' 2>/dev/null)"
input_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP wan-input 2>/dev/null)"
- forward_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP lan-forward 2>/dev/null)"
+ forwardwan_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP wan-forward 2>/dev/null)"
+ forwardlan_handles="$("${ban_nftcmd}" -t --handle --numeric list chain inet banIP lan-forward 2>/dev/null)"
{
printf "%s\n\n" "#!/usr/sbin/nft -f"
for feed in ${table_sets}; do
printf "%s\n" "flush set inet banIP ${feed}"
handle="$(printf "%s\n" "${input_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}" 2>/dev/null)"
[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP wan-input handle ${handle}"
- handle="$(printf "%s\n" "${forward_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}" 2>/dev/null)"
+ handle="$(printf "%s\n" "${forwardwan_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}" 2>/dev/null)"
+ [ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP wan-forward handle ${handle}"
+ handle="$(printf "%s\n" "${forwardlan_handles}" | "${ban_awkcmd}" "/@${feed} /{print \$NF}" 2>/dev/null)"
[ -n "${handle}" ] && printf "%s\n" "delete rule inet banIP lan-forward handle ${handle}"
printf "%s\n\n" "delete set inet banIP ${feed}"
fi
fi
json_close_array
json_add_string "run_info" "base_dir: ${ban_basedir}, backup_dir: ${ban_backupdir}, report_dir: ${ban_reportdir}, feed_archive: ${ban_feedarchive}"
- json_add_string "run_flags" "protocol (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (inp/fwd): $(f_char ${ban_loginput})/$(f_char ${ban_logforward}), deduplicate: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), allowed only: $(f_char ${ban_allowlistonly})"
+ json_add_string "run_flags" "protocol (4/6): $(f_char ${ban_protov4})/$(f_char ${ban_protov6}), log (wan-inp/wan-fwd/lan-fwd): $(f_char ${ban_loginput})/$(f_char ${ban_logforwardwan})/$(f_char ${ban_logforwardlan}), deduplicate: $(f_char ${ban_deduplicate}), split: $(f_char ${split}), allowed only: $(f_char ${ban_allowlistonly})"
json_add_string "last_run" "${runtime:-"-"}"
json_add_string "system_info" "cores: ${ban_cores}, memory: ${ban_memory}, device: ${ban_sysver}"
json_dump >"${ban_basedir}/ban_runtime.json"
fi
value="$(
printf "%s" "${value}" |
- awk '{NR=1;max=98;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-24s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}'
+ awk '{NR=1;max=118;if(length($0)>max+1)while($0){if(NR==1){print substr($0,1,max)}else{printf"%-24s%s\n","",substr($0,1,max)}{$0=substr($0,max+1);NR=NR+1}}else print}'
)"
printf " + %-17s : %s\n" "${key}" "${value:-"-"}"
done
# banIP table statistics
#
f_report() {
- local report_jsn report_txt set nft_raw nft_sets set_cnt set_input set_forward set_cntinput set_cntforward output="${1}"
- local detail set_details jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforward sum_setelements sum_cntinput sum_cntforward
+ local report_jsn report_txt set tmp_val nft_raw nft_sets set_cnt set_input set_forwardwan set_forwardlan set_cntinput set_cntforwardwan set_cntforwardlan output="${1}"
+ local detail set_details jsnval timestamp autoadd_allow autoadd_block sum_sets sum_setinput sum_setforwardwan sum_setforwardlan sum_setelements sum_cntinput sum_cntforwardwan sum_cntforwardlan
[ -z "${ban_dev}" ] && f_conf
f_mkdir "${ban_reportdir}"
nft_sets="$(printf "%s" "${nft_raw}" | jsonfilter -qe '@.nftables[*].set.name')"
sum_sets="0"
sum_setinput="0"
- sum_setforward="0"
+ sum_setforwardwan="0"
+ sum_setforwardlan="0"
sum_setelements="0"
sum_cntinput="0"
- sum_cntforward="0"
+ sum_cntforwardwan="0"
+ sum_cntforwardlan="0"
timestamp="$(date "+%Y-%m-%d %H:%M:%S")"
: >"${report_jsn}"
{
set_cnt="$("${ban_nftcmd}" -j list set inet banIP "${set}" 2>/dev/null | jsonfilter -qe '@.nftables[*].set.elem[*]' | wc -l 2>/dev/null)"
sum_setelements="$((sum_setelements + set_cnt))"
set_cntinput="$(printf "%s" "${nft_raw}" | jsonfilter -qe "@.nftables[@.rule.chain=\"wan-input\"][@.expr[*].match.right=\"@${set}\"].expr[*].counter.packets")"
- set_cntforward="$(printf "%s" "${nft_raw}" | jsonfilter -qe "@.nftables[@.rule.chain=\"lan-forward\"][@.expr[*].match.right=\"@${set}\"].expr[*].counter.packets")"
+ set_cntforwardwan="$(printf "%s" "${nft_raw}" | jsonfilter -qe "@.nftables[@.rule.chain=\"wan-forward\"][@.expr[*].match.right=\"@${set}\"].expr[*].counter.packets")"
+ set_cntforwardlan="$(printf "%s" "${nft_raw}" | jsonfilter -qe "@.nftables[@.rule.chain=\"lan-forward\"][@.expr[*].match.right=\"@${set}\"].expr[*].counter.packets")"
if [ -n "${set_cntinput}" ]; then
set_input="OK"
sum_setinput="$((sum_setinput + 1))"
sum_cntinput="$((sum_cntinput + set_cntinput))"
else
- set_input="n/a"
- set_cntinput="n/a"
+ set_input="-"
+ set_cntinput=""
+ fi
+ if [ -n "${set_cntforwardwan}" ]; then
+ set_forwardwan="OK"
+ sum_setforwardwan="$((sum_setforwardwan + 1))"
+ sum_cntforwardwan="$((sum_cntforwardwan + set_cntforwardwan))"
+ else
+ set_forwardwan="-"
+ set_cntforwardwan=""
fi
- if [ -n "${set_cntforward}" ]; then
- set_forward="OK"
- sum_setforward="$((sum_setforward + 1))"
- sum_cntforward="$((sum_cntforward + set_cntforward))"
+ if [ -n "${set_cntforwardlan}" ]; then
+ set_forwardlan="OK"
+ sum_setforwardlan="$((sum_setforwardlan + 1))"
+ sum_cntforwardlan="$((sum_cntforwardlan + set_cntforwardlan))"
else
- set_forward="n/a"
- set_cntforward="n/a"
+ set_forwardlan="-"
+ set_cntforwardlan=""
fi
[ "${sum_sets}" -gt "0" ] && printf "%s\n" ","
printf "\t\t%s\n" "\"${set}\": {"
printf "\t\t\t%s\n" "\"cnt_elements\": \"${set_cnt}\","
- printf "\t\t\t%s\n" "\"input\": \"${set_input}\","
- printf "\t\t\t%s\n" "\"forward\": \"${set_forward}\","
printf "\t\t\t%s\n" "\"cnt_input\": \"${set_cntinput}\","
- printf "\t\t\t%s\n" "\"cnt_forward\": \"${set_cntforward}\""
+ printf "\t\t\t%s\n" "\"input\": \"${set_input}\","
+ printf "\t\t\t%s\n" "\"cnt_forwardwan\": \"${set_cntforwardwan}\","
+ printf "\t\t\t%s\n" "\"wan_forward\": \"${set_forwardwan}\","
+ printf "\t\t\t%s\n" "\"cnt_forwardlan\": \"${set_cntforwardlan}\","
+ printf "\t\t\t%s\n" "\"lan_forward\": \"${set_forwardlan}\""
printf "\t\t%s" "}"
sum_sets="$((sum_sets + 1))"
done
printf "\t%s\n" "\"autoadd_block\": \"$("${ban_grepcmd}" -c "added on ${timestamp% *}" "${ban_blocklist}")\","
printf "\t%s\n" "\"sum_sets\": \"${sum_sets}\","
printf "\t%s\n" "\"sum_setinput\": \"${sum_setinput}\","
- printf "\t%s\n" "\"sum_setforward\": \"${sum_setforward}\","
+ printf "\t%s\n" "\"sum_setforwardwan\": \"${sum_setforwardwan}\","
+ printf "\t%s\n" "\"sum_setforwardlan\": \"${sum_setforwardlan}\","
printf "\t%s\n" "\"sum_setelements\": \"${sum_setelements}\","
printf "\t%s\n" "\"sum_cntinput\": \"${sum_cntinput}\","
- printf "\t%s\n" "\"sum_cntforward\": \"${sum_cntforward}\""
+ printf "\t%s\n" "\"sum_cntforwardwan\": \"${sum_cntforwardwan}\","
+ printf "\t%s\n" "\"sum_cntforwardlan\": \"${sum_cntforwardlan}\""
printf "%s\n" "}"
} >>"${report_jsn}"
json_get_var autoadd_block "autoadd_block" >/dev/null 2>&1
json_get_var sum_sets "sum_sets" >/dev/null 2>&1
json_get_var sum_setinput "sum_setinput" >/dev/null 2>&1
- json_get_var sum_setforward "sum_setforward" >/dev/null 2>&1
+ json_get_var sum_setforwardwan "sum_setforwardwan" >/dev/null 2>&1
+ json_get_var sum_setforwardlan "sum_setforwardlan" >/dev/null 2>&1
json_get_var sum_setelements "sum_setelements" >/dev/null 2>&1
json_get_var sum_cntinput "sum_cntinput" >/dev/null 2>&1
- json_get_var sum_cntforward "sum_cntforward" >/dev/null 2>&1
+ json_get_var sum_cntforwardwan "sum_cntforwardwan" >/dev/null 2>&1
+ json_get_var sum_cntforwardlan "sum_cntforwardlan" >/dev/null 2>&1
{
printf "%s\n%s\n%s\n" ":::" "::: banIP Set Statistics" ":::"
printf "%s\n" " Timestamp: ${timestamp}"
json_select "sets" >/dev/null 2>&1
json_get_keys nft_sets >/dev/null 2>&1
if [ -n "${nft_sets}" ]; then
- printf "%-25s%-16s%-16s%-16s%-16s%s\n" " Set" "| Set Elements" "| Chain Input" "| Chain Forward" "| Input Packets" "| Forward Packets"
- printf "%s\n" " ---------------------+---------------+---------------+---------------+---------------+----------------"
+ printf "%-25s%-15s%-24s%-24s%s\n" " Set" "| Elements" "| WAN-Input (packets)" "| WAN-Forward (packets)" "| LAN-Forward (packets)"
+ printf "%s\n" " ---------------------+--------------+-----------------------+-----------------------+------------------------"
for set in ${nft_sets}; do
printf " %-21s" "${set}"
json_select "${set}"
json_get_keys set_details
for detail in ${set_details}; do
json_get_var jsnval "${detail}" >/dev/null 2>&1
- printf "%-16s" "| ${jsnval}"
+ case "${detail}" in
+ "cnt_elements")
+ printf "%-15s" "| ${jsnval}"
+ ;;
+ "cnt_input" | "cnt_forwardwan" | "cnt_forwardlan")
+ [ -n "${jsnval}" ] && tmp_val=": ${jsnval}"
+ ;;
+ *)
+ printf "%-24s" "| ${jsnval}${tmp_val}"
+ tmp_val=""
+ ;;
+ esac
done
printf "\n"
json_select ".."
done
- printf "%s\n" " ---------------------+---------------+---------------+---------------+---------------+----------------"
- printf "%-25s%-16s%-16s%-16s%-16s%s\n" " ${sum_sets}" "| ${sum_setelements}" "| ${sum_setinput}" "| ${sum_setforward}" "| ${sum_cntinput}" "| ${sum_cntforward}"
+ printf "%s\n" " ---------------------+--------------+-----------------------+-----------------------+------------------------"
+ printf "%-25s%-15s%-24s%-24s%s\n" " ${sum_sets}" "| ${sum_setelements}" "| ${sum_setinput} (${sum_cntinput})" "| ${sum_setforwardwan} (${sum_cntforwardwan})" "| ${sum_setforwardlan} (${sum_cntforwardlan})"
fi
} >>"${report_txt}"
fi
projects / feed / packages.git / commitdiff