86 lines
3.2 KiB
Bash
86 lines
3.2 KiB
Bash
#!/bin/bash
|
|
###############################################################################
|
|
# AdGuard Shield - Cron-basierter Unban-Timer
|
|
# Kann als Alternative zum Haupt-Script für das Entsperren genutzt werden.
|
|
# Wird z.B. alle 5 Minuten per Cron aufgerufen um abgelaufene Sperren zu prüfen.
|
|
#
|
|
# Crontab-Eintrag:
|
|
# */5 * * * * /opt/adguard-shield/unban-expired.sh
|
|
###############################################################################
|
|
|
|
set -euo pipefail
|
|
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
CONFIG_FILE="${SCRIPT_DIR}/adguard-shield.conf"
|
|
|
|
if [[ ! -f "$CONFIG_FILE" ]]; then
|
|
exit 1
|
|
fi
|
|
source "$CONFIG_FILE"
|
|
|
|
BAN_HISTORY_FILE="${BAN_HISTORY_FILE:-/var/log/adguard-shield-bans.log}"
|
|
LOG_PREFIX="[$(date '+%Y-%m-%d %H:%M:%S')] [UNBAN-TIMER]"
|
|
NOW=$(date '+%s')
|
|
|
|
# History-Eintrag schreiben
|
|
log_ban_history() {
|
|
local action="$1"
|
|
local client_ip="$2"
|
|
local domain="${3:-}"
|
|
local count="${4:-}"
|
|
local reason="${5:-}"
|
|
local protocol="${6:-}"
|
|
local timestamp
|
|
timestamp="$(date '+%Y-%m-%d %H:%M:%S')"
|
|
|
|
if [[ ! -f "$BAN_HISTORY_FILE" ]]; then
|
|
echo "# AdGuard Shield - Ban History" > "$BAN_HISTORY_FILE"
|
|
echo "# Format: ZEITSTEMPEL | AKTION | CLIENT-IP | DOMAIN | ANFRAGEN | SPERRDAUER | PROTOKOLL | GRUND" >> "$BAN_HISTORY_FILE"
|
|
echo "#────────────────────────────────────────────────────────────────────────────────────────────────" >> "$BAN_HISTORY_FILE"
|
|
fi
|
|
|
|
[[ -z "$protocol" ]] && protocol="-"
|
|
|
|
printf "%-19s | %-6s | %-39s | %-30s | %-8s | %-10s | %-10s | %s\n" \
|
|
"$timestamp" "$action" "$client_ip" "${domain:--}" "${count:--}" "-" "$protocol" "${reason:-expired}" \
|
|
>> "$BAN_HISTORY_FILE"
|
|
}
|
|
|
|
unban_count=0
|
|
|
|
for state_file in "${STATE_DIR}"/*.ban; do
|
|
[[ -f "$state_file" ]] || continue
|
|
|
|
ban_until_epoch=$(grep '^BAN_UNTIL_EPOCH=' "$state_file" | cut -d= -f2)
|
|
client_ip=$(grep '^CLIENT_IP=' "$state_file" | cut -d= -f2)
|
|
domain=$(grep '^DOMAIN=' "$state_file" | cut -d= -f2)
|
|
is_permanent=$(grep '^IS_PERMANENT=' "$state_file" | cut -d= -f2)
|
|
protocol=$(grep '^PROTOCOL=' "$state_file" | cut -d= -f2)
|
|
|
|
# Permanente Sperren nicht automatisch aufheben
|
|
if [[ "$is_permanent" == "true" || "$ban_until_epoch" == "0" ]]; then
|
|
continue
|
|
fi
|
|
|
|
if [[ -n "$ban_until_epoch" && "$NOW" -ge "$ban_until_epoch" ]]; then
|
|
echo "$LOG_PREFIX Entsperre abgelaufene Sperre: $client_ip" >> "$LOG_FILE"
|
|
|
|
# iptables Regel entfernen
|
|
if [[ "$client_ip" == *:* ]]; then
|
|
ip6tables -D "$IPTABLES_CHAIN" -s "$client_ip" -j DROP 2>/dev/null || true
|
|
else
|
|
iptables -D "$IPTABLES_CHAIN" -s "$client_ip" -j DROP 2>/dev/null || true
|
|
fi
|
|
|
|
# Ban-History Eintrag
|
|
log_ban_history "UNBAN" "$client_ip" "$domain" "-" "expired-cron" "${protocol:-}"
|
|
|
|
rm -f "$state_file"
|
|
unban_count=$((unban_count + 1))
|
|
fi
|
|
done
|
|
|
|
if [[ $unban_count -gt 0 ]]; then
|
|
echo "$LOG_PREFIX $unban_count Sperren aufgehoben" >> "$LOG_FILE"
|
|
fi
|