feat(core): 更新USTC黑名单IP自动配置脚本

- 修改README.md文档，更新使用说明，简化操作步骤为运行update.sh自动创建data目录
- 将数据文件存储路径从根目录改为data子目录，统一管理数据文件
- 重构update.sh脚本，添加详细的状态提示和进度显示
- 优化clear.sh脚本，改进iptables规则删除逻辑，支持批量删除并显示删除结果
- 修改blacklist.py文件处理逻辑，统一使用data目录进行文件读写操作
- 增强错误处理机制，添加下载状态检查和处理进度反馈
- 改进iptables规则添加逻辑，避免重复添加相同规则

README.md

@@ -18,11 +18,9 @@
 
 1. 下载并解压该项目到指定文件夹
 
-2. 在程序目录下创建一个`dst`文件夹，用于临时存放处理好的ip列表
+2. 运行`update.sh`，程序会自动创建data目录，下载最新数据并配置规则
 
-3. 运行`update.sh`，程序会自动下载最新版本数据并替换本地数据
-
-4. 稍等片刻即可完成配置
+3. 稍等片刻即可完成配置
 
 ### 删除规则
 

blacklist.py

@@ -1,4 +1,9 @@
-with open("blacklist_ustc.txt", "r") as f:
+import os
+
+DATA_DIR = "data"
+os.makedirs(DATA_DIR, exist_ok=True)
+
+with open(os.path.join(DATA_DIR, "blacklist_ustc.txt"), "r") as f:
     ips = f.read()
     f.close()
 ipv4 = []
@@ -20,15 +25,15 @@ print(f"IPv4 Count: {len(ipv4)}")
 print(f"IPv6 Count: {len(ipv6)}")
 print(f"IPv4 Net Count: {len(ipv4_net)}")
 print(f"IPv6 Net Count: {len(ipv6_net)}")
-with open("ipv4_list.txt", "w") as fp:
+with open(os.path.join(DATA_DIR, "ipv4_list.txt"), "w") as fp:
     fp.write("\n".join(ipv4))
     fp.close
-with open("ipv4_net_list.txt", "w") as fp:
+with open(os.path.join(DATA_DIR, "ipv4_net_list.txt"), "w") as fp:
     fp.write("\n".join(ipv4_net))
     fp.close
-with open("ipv6_list.txt", "w") as fp:
+with open(os.path.join(DATA_DIR, "ipv6_list.txt"), "w") as fp:
     fp.write("\n".join(ipv6))
     fp.close
-with open("ipv6_net_list.txt", "w") as fp:
+with open(os.path.join(DATA_DIR, "ipv6_net_list.txt"), "w") as fp:
     fp.write("\n".join(ipv6_net))
     fp.close

clear.sh

@@ -1,42 +1,47 @@
 #!/bin/sh
 
+echo "========================================"
+echo "  iptables-autoconf - Clear Rules      "
+echo "========================================"
+echo ""
 
-# ipv4 list test
-id_v4=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v4 | awk '{print $1}'`
-if [ -z $id_v4 ]
-then 
-    echo "Cannot find IPv4 ipset rule on iptables"
-else
-    iptables --delete INPUT $id_v4
-    echo "Deleted IPv4 ipset"
+delete_rule() {
+    local pattern="$1"
+    local count=$(iptables -t filter -L INPUT --line-numbers 2>/dev/null | grep "$pattern " | wc -l)
+    
+    if [ "$count" -eq 0 ]; then
+        echo "  - $pattern: no rules found"
+        return
     fi
     
-# # ipv6 list test
-id_v6=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v6 | awk '{print $1}'`
-if [ -z $id_v6 ]
-then 
-    echo "Cannot find IPv6 ipset rule on iptables"
-else
-    iptables --delete INPUT $id_v4_net
-    echo "Deleted IPv4 Net ipset"
-fi
+    local rule_nums=$(iptables -t filter -L INPUT --line-numbers 2>/dev/null | grep "$pattern " | awk '{print $1}' | sort -rn)
+    local deleted=0
     
-# ipv4 net list test
-id_v4_net=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v4_net | awk '{print $1}'`
-if [ -z $id_v4_net ]
-then 
-    echo "Cannot find IPv4 Net ipset rule on iptables"
-else
-    iptables --delete INPUT $id_v6
-    echo "Deleted IPv6 ipset"
+    for num in $rule_nums; do
+        if iptables -t filter -D INPUT $num 2>/dev/null; then
+            deleted=$((deleted + 1))
         fi
+    done
     
-# ipv6 net list test
-id_v6_net=`iptables --table filter --list --line-numbers | grep ustc_blacklist_v6_net | awk '{print $1}'`
-if [ -z $id_v6_net ]
-then 
-    echo "Cannot find IPv6 Net ipset rule on iptables"
-else
-    iptables --delete INPUT $id_v6_net
-    echo "Deleted IPv6 Net ipset"
-fi
+    echo "  - $pattern: removed $deleted rule(s)"
+}
+
+echo "[1/2] Removing iptables INPUT rules..."
+echo "  [IPv4 single]:"
+delete_rule "ustc_blacklist_v4"
+echo "  [IPv4 CIDR]:"
+delete_rule "ustc_blacklist_v4_net"
+echo "  [IPv6 single]:"
+delete_rule "ustc_blacklist_v6"
+echo "  [IPv6 CIDR]:"
+delete_rule "ustc_blacklist_v6_net"
+
+echo ""
+echo "[2/2] Current iptables rules:"
+echo "----------------------------------------"
+iptables -t filter -L INPUT --line-numbers -v 2>/dev/null | head -15
+echo "----------------------------------------"
+
+echo ""
+echo "  Cleanup completed!"
+echo "========================================"

update.sh

@@ -1,67 +1,114 @@
 #!/bin/sh
 
-# create ipset
+DATA_DIR="data"
+
+echo "========================================"
+echo "  iptables-autoconf - USTC Blacklist   "
+echo "========================================"
+echo ""
+
+echo "[1/6] Initializing..."
+mkdir -p "$DATA_DIR"
+
+echo "      [OK] Data directory: $DATA_DIR"
+
+echo ""
+echo "[2/6] Initializing ipset..."
 ipset create ustc_blacklist_v4 hash:ip --exist
 ipset create ustc_blacklist_v4_net hash:net --exist
 ipset create ustc_blacklist_v6 hash:ip --exist
 ipset create ustc_blacklist_v6_net hash:net --exist
-# flush ipset             
+
+echo "      Flushing existing ipset entries..."
 ipset flush ustc_blacklist_v4
 ipset flush ustc_blacklist_v4_net
 ipset flush ustc_blacklist_v6
 ipset flush ustc_blacklist_v6_net
+echo "      [OK] ipset initialized"
 
-# delete data if exist                                            
-[ -f "blacklist_ustc.txt" ] && rm blacklist_ustc.txt              
-wget http://blackip.ustc.edu.cn/list.php?txt -O blacklist_ustc.txt
+echo ""
+echo "[3/6] Downloading blacklist from USTC..."
+[ -f "$DATA_DIR/blacklist_ustc.txt" ] && rm "$DATA_DIR/blacklist_ustc.txt"
+wget -q http://blackip.ustc.edu.cn/list.php?txt -O "$DATA_DIR/blacklist_ustc.txt"
 
-# get wget command status
-if [ $? -eq 0 ]                      
-then                                       
-    echo "Blacklist file downloaded."      
-    # processing data                      
-    echo "Processing data..."              
-    python3 proceed.py                     
-    # add the host foreach in file to ipset
-    # ipv4
-    echo "Processing ipv4 list."
-    for addr in `cat dst/ipv4_list.txt`                    
-    do                                        
-        ipset add ustc_blacklist_v4 $addr        
-    done
-    echo "finshed."
-    # ipv4_net
-    echo "Processing ipv4 net list."
-    for addr in `cat dst/ipv4_net_list.txt`                    
-    do                                        
-        ipset add ustc_blacklist_v4_net $addr        
-    done
-    echo "finshed."
-    # ipv6
-    echo "Processing ipv6 list."
-    for addr in `cat dst/ipv6_list.txt`                    
-    do                                        
-        ipset add ustc_blacklist_v6 $addr        
-    done
-    echo "finshed."
-    # ipv6 net
-    echo "Processing ipv6 net list."
-    for addr in `cat dst/ipv6_net_list.txt`                    
-    do                                        
-        ipset add ustc_blacklist_v6_net $addr        
-    done
-    echo "finshed."                        
-else                                                                                         
-    echo "Failed to fetch the blacklist file."                                               
+if [ $? -ne 0 ]; then
+    echo "      [ERROR] Failed to download blacklist file"
+    exit 1
 fi
 
-# config iptables                                                                            
-iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4 src --jump DROP
-iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v4_net src --jump DROP
-iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6 src --jump DROP
-iptables --table filter --append INPUT --match set --match-set ustc_blacklist_v6_net src --jump DROP
+file_size=$(wc -c < "$DATA_DIR/blacklist_ustc.txt")
+echo "      [OK] Downloaded ($((file_size/1024)) KB)"
 
-# echo
-echo "iptable updated."
-echo "listing options..."
-iptables --table filter --list --line-numbers
+echo ""
+echo "[4/6] Processing blacklist data..."
+python3 blacklist.py
+echo "      [OK] Data processed"
+
+echo ""
+echo "[5/6] Adding entries to ipset..."
+
+echo "      - IPv4 single addresses..."
+count_v4=0
+for addr in $(cat "$DATA_DIR/ipv4_list.txt" 2>/dev/null); do
+    ipset add ustc_blacklist_v4 $addr 2>/dev/null && count_v4=$((count_v4 + 1))
+done
+echo "        Added $count_v4 entries"
+
+echo "      - IPv4 CIDR networks..."
+count_v4_net=0
+for addr in $(cat "$DATA_DIR/ipv4_net_list.txt" 2>/dev/null); do
+    ipset add ustc_blacklist_v4_net $addr 2>/dev/null && count_v4_net=$((count_v4_net + 1))
+done
+echo "        Added $count_v4_net entries"
+
+echo "      - IPv6 single addresses..."
+count_v6=0
+for addr in $(cat "$DATA_DIR/ipv6_list.txt" 2>/dev/null); do
+    ipset add ustc_blacklist_v6 $addr 2>/dev/null && count_v6=$((count_v6 + 1))
+done
+echo "        Added $count_v6 entries"
+
+echo "      - IPv6 CIDR networks..."
+count_v6_net=0
+for addr in $(cat "$DATA_DIR/ipv6_net_list.txt" 2>/dev/null); do
+    ipset add ustc_blacklist_v6_net $addr 2>/dev/null && count_v6_net=$((count_v6_net + 1))
+done
+echo "        Added $count_v6_net entries"
+
+echo "      [OK] All entries added to ipset"
+
+echo ""
+echo "[6/6] Configuring iptables rules..."
+
+add_rule() {
+    local set_name="$1"
+    if iptables -C INPUT -m set --match-set "$set_name" src -j DROP 2>/dev/null; then
+        echo "      - $set_name: already exists, skipped"
+    else
+        iptables -A INPUT -m set --match-set "$set_name" src -j DROP
+        echo "      - $set_name: added"
+    fi
+}
+
+add_rule "ustc_blacklist_v4"
+add_rule "ustc_blacklist_v4_net"
+add_rule "ustc_blacklist_v6"
+add_rule "ustc_blacklist_v6_net"
+echo "      [OK] iptables configured"
+
+echo ""
+echo "[7/7] Summary"
+echo "----------------------------------------"
+echo "  Blocked entries:"
+echo "    IPv4 single:    $count_v4"
+echo "    IPv4 CIDR:      $count_v4_net"
+echo "    IPv6 single:    $count_v6"
+echo "    IPv6 CIDR:      $count_v6_net"
+echo "    ----------------------------"
+echo "    Total:          $((count_v4 + count_v4_net + count_v6 + count_v6_net))"
+echo ""
+echo "  Current iptables rules:"
+iptables -t filter -L INPUT --line-numbers -v | grep -E "ustc_blacklist|num=1" | head -10
+echo "========================================"
+echo "  Update completed successfully!"
+echo "========================================"