GFW主动探测IP拦截

silliconlondon 是 hostname。比较懒写得粗糙。

由于完全根据我的系统量身打造,需要 polybar, geoiplookup, parallel. 服务器端 v2rayufw. 由于我不在墙内,而翻墙的人不在大城市,直接封 16-bit block.

其实这种情况下用白名单会好的多,但我没搞清楚移动互联网的 ip 到底怎么分配的。

#!/bin/sh

BIN_NAME=${0##*/}

ban(){
        ssh sillicon "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*|/16|g' | sort -u | xargs ufw insert 10 deny from ; echo "" > /var/log/v2ray/access.log" 2>/dev/null
        ssh london "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*|/16|g' | sort -u | xargs ufw insert 10 deny from ; echo "" > /var/log/v2ray/access.log " 2>/dev/null
}

list(){
        ssh sillicon "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}"
        ssh london "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}"
}

notify_l(){
        l1=$(ssh sillicon "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}")
        l2=$(ssh london "grep invalid /var/log/v2ray/access.log | awk '{print \$3}' | sed 's|:.*||g' | sort -u" 2>/dev/null | parallel "echo {}; geoiplookup {}")
        [ -z $l2 ] && [ -z $l1 ] && echo "" > /tmp/iplist && polybar-msg hook gfwip 1 && exit 0
        notify-send "New suspicious IP found \n Run _$BIN_NAME_ to check";
        echo "Sillicon\n${l1}\nLondon\n${l2}" > /tmp/iplist ;
        polybar-msg hook gfwip 1
}

check(){
        cat /tmp/iplist | grep -v -e \[a-z\] -e ^$ | parallel "geoiplookup {}"
}

help(){
cat <<EOF
$BIN_NAME l      list
$BIN_NAME b      ban
$BIN_NAME c      check

$BIN_NAME n      list and notify (for scripting)
EOF
}

case $1 in
        l* ) list ;;
        b* ) ban ;;
        n* ) notify_l ;;
        c* ) check ;;
        *) help ;;
esac

其中 polybar-msg 对应 polybar 的 hook module

[module/gfwip]
type = custom/ipc
hook-0 = echo sIP: $(cat /tmp/iplist | grep -v -e \[a-z\] -e ^$ -c)
initial = 1

最后在 crontab 中加入

*/50 * * * * bangfw n