Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:illuusio
firewalld-ipdeny-ipsets
firewalld-ipdeny-ipsets.py
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File firewalld-ipdeny-ipsets.py of Package firewalld-ipdeny-ipsets
#!/usr/bin/python3 # # SPDX-License-Identifier: MIT # # Copyright © 2024 Ilmi Solutions Oy # # Permission is hereby granted, free of charge, # to any person obtaining a copy of this softwae # and associated documentation files (the “Software”), # to deal in the Software without restriction, # including without limitation the rights to use, # copy, modify, merge, publish, distribute, sublicense, # and/or sell copies of the Software, and to permit persons # to whom the Software is furnished to do so, # subject to the following conditions: # # The above copyright notice and this permission notice # shall be included in all copies or substantial portions # of the Software. # # THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF # ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED # TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR # A PARTICULAR PURPOSE AND NONINFRINGEMENT. # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS # BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, # WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE # OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. import json import sys from pprint import pprint from os.path import exists import json with open("domain_suffixes.json", "r", encoding="utf-8") as domain_suffixes: suffixes = json.load(domain_suffixes) with open("land_areas.json", "r", encoding="utf-8") as land_areas: areas = json.load(land_areas) domain_suffixes.close() land_areas.close() all_country_names = [] combination_name = {} combination_name["domains"] = {} combination_name["regions"] = {} combination_name["organizations"] = {} combination_domains = combination_name["domains"] combination_regions = combination_name["regions"] combination_orgs = combination_name["organizations"] for area_element in areas: for land_name in areas[area_element]: if land_name in suffixes: # print(area_element + ": " + land_name + " [" + suffixes[land_name] + "]") if land_name not in combination_domains: combination_domains[land_name] = suffixes[land_name] if area_element.startswith("region-"): reg_name = area_element.replace("region-", "") if reg_name not in combination_regions: combination_regions[reg_name] = [] combination_regions[reg_name].append(land_name) elif area_element.startswith("org-"): org_name = area_element.replace("org-", "") if org_name not in combination_orgs: combination_orgs[org_name] = [] combination_orgs[org_name].append(land_name) # pprint(combination_name) print(json.dumps(combination_name, sort_keys=True, indent=4)) sys.exit(0) for area_element in areas: readme = open("README." + area_element, "w", encoding="utf-8") area_lands = [] print( "%package " + area_element + "\n" "Summary: IPDENY.com FirewallD meta package: " + area_element + "\n" "Group: Productivity/Networking/Security\n" "Requires: firewalld" ) for land_name in areas[area_element]: if land_name in suffixes: if land_name not in all_country_names: all_country_names.append(land_name) print("Requires: firewalld-ipdeny-ipsets-" + suffixes[land_name]) area_lands.append(land_name + " (." + suffixes[land_name] + ")") print("\n%description " + area_element) print("Domains IPV4:") readme.write("Domains IPV4:\n") for land_name in area_lands: print(" * " + land_name) readme.write(" * " + land_name + "\n") readme.close() print("\n") country_area_lands = [] print( "%package non-aligned\n" "Summary: IPDENY.com FirewallD meta package: non-aligned\n" "Group: Productivity/Networking/Security\n" "Requires: firewalld\n" ) for country_element in suffixes: if country_element not in all_country_names: print("Requires: firewalld-ipdeny-ipsets-" + suffixes[country_element]) country_area_lands.append(country_element) print("\n%description non-aligned") print("Domains IPV4:") for land_name in country_area_lands: print(" * " + land_name + "(." + suffixes[land_name] + ")") print("\n") for suffix in suffixes: if not exists("all-zones/" + suffixes[suffix] + ".zone"): print("Can't locate all-zones/" + suffixes[suffix] + ".zone", file=sys.stderr) print("%package " + suffixes[suffix]) print( "Summary: IPDENY.com enable " + suffix + " (." + suffixes[suffix] + ")" ) print("Group: Productivity/Networking/Security") print("Requires: firewalld") print("Requires: firewalld-ipdeny-ipsets = %{version}") print("\n%description " + suffixes[suffix]) print("Blocklists for " + suffix) print("\nIf you want to use this add to zone as root or with sudo: ") print( "\n$ firewall-cmd --quiet --permanent --zone=<ZONE> \\" '--add-rich-rule="rule source ipset=ipdeny-' + suffixes[suffix] + '-%{version}_%{release} drop"' ) print("To use this package there have to be FirewallD up and running!") print("You HAVE TO RELOAD firewall by yourself!") print("After RELOAD it drop packages from thos IP addresses") print("and if you are communicating from banned IPv4 block") print("_YOU CAN'T COMMUNICATE WITH YOUR SERVER ANYMORE_") print("Don't take risks and be safe!") print("IPdeny offers country GEO IP address block downloads free of charge.") print("Our country based IP zone files can be easily used in your applications and") print("web sites to minimize on-line fraud, SPAM, floods and") print("sometimes brute force attacks.\n") zone = "drop" print("%post") print("if [ -x %{_bindir}/firewall-cmd ]") print("then") print( " %{_bindir}/firewall-cmd --quiet --permanent --new-ipset=ipdeny_com_%{version}_%{release} --type=hash:net --option=family=inet --option=hashsize=4096 --option=maxelem=500000" ) print( " %{_bindir}/firewall-cmd --quiet --permanent --ipset=ipdeny_com_%{version}_%{release} --set-description='FirewallD IPDENY.COM Blocklist conversion %{version}'" ) print( " %{_bindir}/firewall-cmd --quiet --permanent --ipset=ipdeny_com_%{version}_%{release} --set-short='Firewalld IPDENY.COM'" ) print( " %{_bindir}/firewall-cmd --quiet --permanent --zone=" + zone + " --add-source=ipset:ipdeny_com_%{version}_%{release}" ) print(" %{_bindir}/sleep 2") print( " %{_bindir}/rm -f %{_sysconfdir}/firewalld/ipsets/ipdeny_com_%{version}_%{release}.xml.old" ) print("else") print(" : %{nil}") print("fi\n") print("%postun") print("if [ -x %{_bindir}/firewall-cmd ]") print("then") print( " %{_bindir}/firewall-cmd --quiet --permanent --zone=" + zone + " --remove-source=ipset:ipdeny_com_%{version}_%{release}" ) print( " %{_bindir}/firewall-cmd --quiet --permanent --delete-ipset=ipdeny_com_%{version}_%{release}" ) print(" %{_bindir}/sleep 2") print( " %{_bindir}/rm -f %{_sysconfdir}/firewalld/ipsets/ipdeny_com_%{version}_%{release}.xml.old" ) print("else") print(" : %{nil}") print("fi\n") for suffix in suffixes: print("%post " + suffixes[suffix] + "") print("test -f %{_bindir}/firewall-cmd && \\") print( "%{_bindir}/firewall-cmd --quiet --permanent --ipset=ipdeny_com_%{version}_%{release} --add-entries-from-file=%{_datadir}/ipdeny/" + suffixes[suffix] + ".zone || \\" ) print(": %{nil}") print("%{_bindir}/sleep 2") print( "%{_bindir}/rm -f %{_sysconfdir}/firewalld/ipsets/ipdeny_com_%{version}_%{release}.xml.old\n" ) print("%preun " + suffixes[suffix] + "") print( "if [ -x %{_bindir}/firewall-cmd ] && [ -r %{_datadir}/ipdeny/" + suffixes[suffix] + ".zone ]" ) print("then") print(" for ENTRY in $(cat %{_datadir}/ipdeny/" + suffixes[suffix] + ".zone)") print(" do") print( ' %{_bindir}/firewall-cmd --quiet --permanent --ipset=ipdeny_com_%{version}_%{release} --remove-entry="${ENTRY}"' ) print(" done") print(" %{_bindir}/sleep 2") print( " %{_bindir}/rm -f %{_sysconfdir}/firewalld/ipsets/ipdeny_com_%{version}_%{release}.xml.old" ) print("else") print(" : %{nil}") print("fi\n") print( "%files\n" "%license Copyrights.txt\n" "%dir %{_datadir}/ipdeny\n" "%{_datadir}/ipdeny/version\n" ) for area_element in areas: print("%files " + area_element) print("%doc README." + area_element + "\n") for suffix in suffixes: print("%files " + suffixes[suffix]) print("%{_datadir}/ipdeny/" + suffixes[suffix] + ".zone.xz\n")
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor