From 82082e405066e34443864264e61df2b45ab2858f Mon Sep 17 00:00:00 2001 From: Starlight-0208 <89368027+Starlight0208@users.noreply.github.com> Date: Wed, 25 Feb 2026 19:45:45 +0800 Subject: [PATCH] =?UTF-8?q?feat(core):=20=E6=9B=B4=E6=96=B0USTC=E9=BB=91?= =?UTF-8?q?=E5=90=8D=E5=8D=95IP=E8=87=AA=E5=8A=A8=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E8=84=9A=E6=9C=AC?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 修改README.md文档,更新使用说明,简化操作步骤为运行update.sh自动创建data目录 - 将数据文件存储路径从根目录改为data子目录,统一管理数据文件 - 重构update.sh脚本,添加详细的状态提示和进度显示 - 优化clear.sh脚本,改进iptables规则删除逻辑,支持批量删除并显示删除结果 - 修改blacklist.py文件处理逻辑,统一使用data目录进行文件读写操作 - 增强错误处理机制,添加下载状态检查和处理进度反馈 - 改进iptables规则添加逻辑,避免重复添加相同规则 --- README.md | 6 +- blacklist.py | 15 +++-- clear.sh | 77 +++++++++++++------------ update.sh | 159 +++++++++++++++++++++++++++++++++------------------ 4 files changed, 156 insertions(+), 101 deletions(-) diff --git a/README.md b/README.md index 4f2a319..1c4575a 100644 --- a/README.md +++ b/README.md @@ -18,11 +18,9 @@ 1. 下载并解压该项目到指定文件夹 -2. 在程序目录下创建一个`dst`文件夹,用于临时存放处理好的ip列表 +2. 运行`update.sh`,程序会自动创建data目录,下载最新数据并配置规则 -3. 运行`update.sh`,程序会自动下载最新版本数据并替换本地数据 - -4. 稍等片刻即可完成配置 +3. 稍等片刻即可完成配置 ### 删除规则 diff --git a/blacklist.py b/blacklist.py index 2480236..02583b7 100644 --- a/blacklist.py +++ b/blacklist.py @@ -1,4 +1,9 @@ -with open("blacklist_ustc.txt", "r") as f: +import os + +DATA_DIR = "data" +os.makedirs(DATA_DIR, exist_ok=True) + +with open(os.path.join(DATA_DIR, "blacklist_ustc.txt"), "r") as f: ips = f.read() f.close() ipv4 = [] @@ -20,15 +25,15 @@ print(f"IPv4 Count: {len(ipv4)}") print(f"IPv6 Count: {len(ipv6)}") print(f"IPv4 Net Count: {len(ipv4_net)}") print(f"IPv6 Net Count: {len(ipv6_net)}") -with open("ipv4_list.txt", "w") as fp: +with open(os.path.join(DATA_DIR, "ipv4_list.txt"), "w") as fp: fp.write("\n".join(ipv4)) fp.close -with open("ipv4_net_list.txt", "w") as fp: +with open(os.path.join(DATA_DIR, "ipv4_net_list.txt"), "w") as fp: fp.write("\n".join(ipv4_net)) fp.close -with open("ipv6_list.txt", "w") as fp: +with open(os.path.join(DATA_DIR, "ipv6_list.txt"), "w") as fp: fp.write("\n".join(ipv6)) fp.close -with open("ipv6_net_list.txt", "w") as fp: +with open(os.path.join(DATA_DIR, "ipv6_net_list.txt"), "w") as fp: fp.write("\n".join(ipv6_net)) fp.close \ No newline at end of file diff --git a/clear.sh b/clear.sh index e954f30..96a75f4 100644 --- a/clear.sh +++ b/clear.sh @@ -1,42 +1,47 @@ #!/bin/sh +echo "========================================" +echo " iptables-autoconf - Clear Rules " +echo "========================================" +echo "" -# ipv4 list test -id_v4=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v4 | awk '{print $1}'` -if [ -z $id_v4 ] -then - echo "Cannot find IPv4 ipset rule on iptables" -else - iptables --delete INPUT $id_v4 - echo "Deleted IPv4 ipset" -fi +delete_rule() { + local pattern="$1" + local count=$(iptables -t filter -L INPUT --line-numbers 2>/dev/null | grep "$pattern " | wc -l) + + if [ "$count" -eq 0 ]; then + echo " - $pattern: no rules found" + return + fi + + local rule_nums=$(iptables -t filter -L INPUT --line-numbers 2>/dev/null | grep "$pattern " | awk '{print $1}' | sort -rn) + local deleted=0 + + for num in $rule_nums; do + if iptables -t filter -D INPUT $num 2>/dev/null; then + deleted=$((deleted + 1)) + fi + done + + echo " - $pattern: removed $deleted rule(s)" +} -# # ipv6 list test -id_v6=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v6 | awk '{print $1}'` -if [ -z $id_v6 ] -then - echo "Cannot find IPv6 ipset rule on iptables" -else - iptables --delete INPUT $id_v4_net - echo "Deleted IPv4 Net ipset" -fi +echo "[1/2] Removing iptables INPUT rules..." +echo " [IPv4 single]:" +delete_rule "ustc_blacklist_v4" +echo " [IPv4 CIDR]:" +delete_rule "ustc_blacklist_v4_net" +echo " [IPv6 single]:" +delete_rule "ustc_blacklist_v6" +echo " [IPv6 CIDR]:" +delete_rule "ustc_blacklist_v6_net" -# ipv4 net list test -id_v4_net=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v4_net | awk '{print $1}'` -if [ -z $id_v4_net ] -then - echo "Cannot find IPv4 Net ipset rule on iptables" -else - iptables --delete INPUT $id_v6 - echo "Deleted IPv6 ipset" -fi +echo "" +echo "[2/2] Current iptables rules:" +echo "----------------------------------------" +iptables -t filter -L INPUT --line-numbers -v 2>/dev/null | head -15 +echo "----------------------------------------" -# ipv6 net list test -id_v6_net=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v6_net | awk '{print $1}'` -if [ -z $id_v6_net ] -then - echo "Cannot find IPv6 Net ipset rule on iptables" -else - iptables --delete INPUT $id_v6_net - echo "Deleted IPv6 Net ipset" -fi \ No newline at end of file +echo "" +echo " Cleanup completed!" +echo "========================================" diff --git a/update.sh b/update.sh index 3d35b01..4a2aa91 100644 --- a/update.sh +++ b/update.sh @@ -1,67 +1,114 @@ #!/bin/sh -# create ipset +DATA_DIR="data" + +echo "========================================" +echo " iptables-autoconf - USTC Blacklist " +echo "========================================" +echo "" + +echo "[1/6] Initializing..." +mkdir -p "$DATA_DIR" + +echo " [OK] Data directory: $DATA_DIR" + +echo "" +echo "[2/6] Initializing ipset..." ipset create ustc_blacklist_v4 hash:ip --exist ipset create ustc_blacklist_v4_net hash:net --exist ipset create ustc_blacklist_v6 hash:ip --exist ipset create ustc_blacklist_v6_net hash:net --exist -# flush ipset + +echo " Flushing existing ipset entries..." ipset flush ustc_blacklist_v4 ipset flush ustc_blacklist_v4_net ipset flush ustc_blacklist_v6 ipset flush ustc_blacklist_v6_net - -# delete data if exist -[ -f "blacklist_ustc.txt" ] && rm blacklist_ustc.txt -wget http://blackip.ustc.edu.cn/list.php?txt -O blacklist_ustc.txt - -# get wget command status -if [ $? -eq 0 ] -then - echo "Blacklist file downloaded." - # processing data - echo "Processing data..." - python3 proceed.py - # add the host foreach in file to ipset - # ipv4 - echo "Processing ipv4 list." - for addr in `cat dst/ipv4_list.txt` - do - ipset add ustc_blacklist_v4 $addr - done - echo "finshed." - # ipv4_net - echo "Processing ipv4 net list." - for addr in `cat dst/ipv4_net_list.txt` - do - ipset add ustc_blacklist_v4_net $addr - done - echo "finshed." - # ipv6 - echo "Processing ipv6 list." - for addr in `cat dst/ipv6_list.txt` - do - ipset add ustc_blacklist_v6 $addr - done - echo "finshed." - # ipv6 net - echo "Processing ipv6 net list." - for addr in `cat dst/ipv6_net_list.txt` - do - ipset add ustc_blacklist_v6_net $addr - done - echo "finshed." -else - echo "Failed to fetch the blacklist file." -fi - -# config iptables -iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4 src --jump DROP -iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4_net src --jump DROP -iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6 src --jump DROP -iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6_net src --jump DROP +echo " [OK] ipset initialized" -# echo -echo "iptable updated." -echo "listing options..." -iptables --table filter --list --line-numbers \ No newline at end of file +echo "" +echo "[3/6] Downloading blacklist from USTC..." +[ -f "$DATA_DIR/blacklist_ustc.txt" ] && rm "$DATA_DIR/blacklist_ustc.txt" +wget -q http://blackip.ustc.edu.cn/list.php?txt -O "$DATA_DIR/blacklist_ustc.txt" + +if [ $? -ne 0 ]; then + echo " [ERROR] Failed to download blacklist file" + exit 1 +fi + +file_size=$(wc -c < "$DATA_DIR/blacklist_ustc.txt") +echo " [OK] Downloaded ($((file_size/1024)) KB)" + +echo "" +echo "[4/6] Processing blacklist data..." +python3 blacklist.py +echo " [OK] Data processed" + +echo "" +echo "[5/6] Adding entries to ipset..." + +echo " - IPv4 single addresses..." +count_v4=0 +for addr in $(cat "$DATA_DIR/ipv4_list.txt" 2>/dev/null); do + ipset add ustc_blacklist_v4 $addr 2>/dev/null && count_v4=$((count_v4 + 1)) +done +echo " Added $count_v4 entries" + +echo " - IPv4 CIDR networks..." +count_v4_net=0 +for addr in $(cat "$DATA_DIR/ipv4_net_list.txt" 2>/dev/null); do + ipset add ustc_blacklist_v4_net $addr 2>/dev/null && count_v4_net=$((count_v4_net + 1)) +done +echo " Added $count_v4_net entries" + +echo " - IPv6 single addresses..." +count_v6=0 +for addr in $(cat "$DATA_DIR/ipv6_list.txt" 2>/dev/null); do + ipset add ustc_blacklist_v6 $addr 2>/dev/null && count_v6=$((count_v6 + 1)) +done +echo " Added $count_v6 entries" + +echo " - IPv6 CIDR networks..." +count_v6_net=0 +for addr in $(cat "$DATA_DIR/ipv6_net_list.txt" 2>/dev/null); do + ipset add ustc_blacklist_v6_net $addr 2>/dev/null && count_v6_net=$((count_v6_net + 1)) +done +echo " Added $count_v6_net entries" + +echo " [OK] All entries added to ipset" + +echo "" +echo "[6/6] Configuring iptables rules..." + +add_rule() { + local set_name="$1" + if iptables -C INPUT -m set --match-set "$set_name" src -j DROP 2>/dev/null; then + echo " - $set_name: already exists, skipped" + else + iptables -A INPUT -m set --match-set "$set_name" src -j DROP + echo " - $set_name: added" + fi +} + +add_rule "ustc_blacklist_v4" +add_rule "ustc_blacklist_v4_net" +add_rule "ustc_blacklist_v6" +add_rule "ustc_blacklist_v6_net" +echo " [OK] iptables configured" + +echo "" +echo "[7/7] Summary" +echo "----------------------------------------" +echo " Blocked entries:" +echo " IPv4 single: $count_v4" +echo " IPv4 CIDR: $count_v4_net" +echo " IPv6 single: $count_v6" +echo " IPv6 CIDR: $count_v6_net" +echo " ----------------------------" +echo " Total: $((count_v4 + count_v4_net + count_v6 + count_v6_net))" +echo "" +echo " Current iptables rules:" +iptables -t filter -L INPUT --line-numbers -v | grep -E "ustc_blacklist|num=1" | head -10 +echo "========================================" +echo " Update completed successfully!" +echo "========================================"