sillicon 和 london 是 hostname。比较懒写得粗糙。
由于完全根据我的系统量身打造,需要 polybar, geoiplookup, parallel. 服务器端 v2ray,ufw. 由于我不在墙内,而翻墙的人不在大城市,直接封 16-bit block.
其实这种情况下用白名单会好的多,但我没搞清楚移动互联网的 ip 到底怎么分配的。
#!/bin/sh
BIN_NAME=${0##*/}
ban(){
ssh sillicon "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*|/16|g' | sort -u | xargs ufw insert 10 deny from ; echo "" > /var/log/v2ray/access.log" 2>/dev/null
ssh london "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*|/16|g' | sort -u | xargs ufw insert 10 deny from ; echo "" > /var/log/v2ray/access.log " 2>/dev/null
}
list(){
ssh sillicon "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}"
ssh london "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}"
}
notify_l(){
l1=$(ssh sillicon "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}")
l2=$(ssh london "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}")
[ -z $l2 ] && [ -z $l1 ] && echo "" > /tmp/iplist && polybar-msg hook gfwip 1 && exit 0
notify-send "New suspicious IP found \n Run _$BIN_NAME_ to check";
echo "Sillicon\n${l1}\nLondon\n${l2}" > /tmp/iplist ;
polybar-msg hook gfwip 1
}
check(){
cat /tmp/iplist | grep -v -e \[a-z\] -e ^$ | parallel "geoiplookup {}"
}
help(){
cat <<EOF
$BIN_NAME l list
$BIN_NAME b ban
$BIN_NAME c check
$BIN_NAME n list and notify (for scripting)
EOF
}
case $1 in
l* ) list ;;
b* ) ban ;;
n* ) notify_l ;;
c* ) check ;;
*) help ;;
esac
其中 polybar-msg 对应 polybar 的 hook module
[module/gfwip] type = custom/ipc hook-0 = echo sIP: $(cat /tmp/iplist | grep -v -e \[a-z\] -e ^$ -c) initial = 1
最后在 crontab 中加入
*/50 * * * * bangfw n