Znachor/OpenWrt-Tools
Znachor/OpenWrt-Tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Added network whitelist

Browse source
This commit is contained in:
Filip Znachor 2022-04-14 02:28:58 +02:00 committed by Filip Znachor
parent 4a15a1c897
commit 8a6853bd41
1 changed files with 43 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
DynDNS/dyndns.lua
View file

@ -1,4 +1,4 @@
-- Configuration -- Configuration Start
local lookup_dhcp_leases = true local lookup_dhcp_leases = true
local dhcp_leases_file = "/tmp/dhcp.leases" local dhcp_leases_file = "/tmp/dhcp.leases"
@ -7,19 +7,24 @@ local lookup_ip_neigh = true
local non_fqdn = true local non_fqdn = true
local network_domain = ".lan" local network_domain = ".lan"
local whitelisted_networks = {"192.168.0.0/16", "172.16.0.0/12", "10.0.0.0/8", "fd00::/8"}
local output_file = "/tmp/dyndns" local output_file = "/tmp/dyndns"
local reload_command = "/etc/init.d/dnsmasq reload" local reload_command = "/etc/init.d/dnsmasq reload"
-- Configuration End
local ip = require("ip")
function split(inputstr, sep) function split(inputstr, sep)
if sep == nil then if sep == nil then
sep = "%s" sep = "%s"
end end
local t={} local t = {}
for str in string.gmatch(inputstr, "([^"..sep.."]+)") do for str in string.gmatch(inputstr, "([^"..sep.."]+)") do
table.insert(t, str) table.insert(t, str)
end end
return t return t
end end
@ -38,25 +43,22 @@ function contains(tab, val)
return false return false
end end
function ipv4(ip) whitelisted_networks_v4 = {}
local chunks = {ip:match("(%d+)%.(%d+)%.(%d+)%.(%d+)")} whitelisted_networks_v6 = {}
if (#chunks == 4) then for index, value in ipairs(whitelisted_networks) do
for _,v in pairs(chunks) do local parsed_ip = ip.parse(value)
if (tonumber(v) < 0 or tonumber(v) > 255) then local ip_kind = parsed_ip:kind()
return false if ip_kind == "ipv4" then table.insert(whitelisted_networks_v4, parsed_ip) end
end if ip_kind == "ipv6" then table.insert(whitelisted_networks_v6, parsed_ip) end
end
return true
else
return false
end
end end
function ipv6(ip) function ip_match(parsed_ip)
local _, chunks = ip:gsub("[%a%d]+%:?", "") local ip_kind = parsed_ip:kind()
if chunks == 8 then if ip_kind == "ipv4" then whitelisted_list = whitelisted_networks_v4 end
return true if ip_kind == "ipv6" then whitelisted_list = whitelisted_networks_v6 end
end for index, value in ipairs(whitelisted_list) do
if parsed_ip:match(value) then return true end
end
return false return false
end end
@ -80,8 +82,8 @@ function pairs_by_keys(t, f)
table.insert(a, n) table.insert(a, n)
end end
table.sort(a, f) table.sort(a, f)
local i = 0 -- iterator variable local i = 0
local iter = function () -- iterator function local iter = function ()
i = i + 1 i = i + 1
if a[i] == nil then if a[i] == nil then
return nil return nil
@ -117,7 +119,7 @@ function compare_tables(a,b)
end end
array = {} local array = {}
if lookup_dhcp_leases then if lookup_dhcp_leases then
@ -125,7 +127,7 @@ if lookup_dhcp_leases then
local dhcp_table = split(dhcp_file:read('*all'), "\r\n") local dhcp_table = split(dhcp_file:read('*all'), "\r\n")
dhcp_file:close() dhcp_file:close()
for key,value in pairs(dhcp_table) do for key, value in pairs(dhcp_table) do
local dhcp_lease = split(value, " ") local dhcp_lease = split(value, " ")
local mac = dhcp_lease[2] local mac = dhcp_lease[2]
if not array[mac] then if not array[mac] then
@ -145,7 +147,7 @@ if lookup_ip_neigh then
local neigh_table = split(neigh_file:read('*all'), "\r\n") local neigh_table = split(neigh_file:read('*all'), "\r\n")
neigh_file:close() neigh_file:close()
for key,value in pairs(neigh_table) do for key, value in pairs(neigh_table) do
local neigh = split(value, " ") local neigh = split(value, " ")
local mac = neigh[5] local mac = neigh[5]
local ip = neigh[1] local ip = neigh[1]
@ -161,30 +163,32 @@ if lookup_ip_neigh then
end end
config = "" local config = ""
for key,value in pairs(array) do for i1, value in pairs(array) do
local mac = key local ip_list = value["ip"]
local ip = value["ip"]
local hostname = value["hostname"] local hostname = value["hostname"]
if hostname ~= "?" and hostname ~= "*" then if hostname ~= "?" and hostname ~= "*" then
for key,value in pairs(ip) do for i2, ip_addr in pairs(ip_list) do
line = value parsed_ip = ip.parse(ip_addr)
if non_fqdn then line = line .. " " .. hostname end if ip_match(parsed_ip) then
if network_domain then line = line .. " " .. (hostname .. network_domain) end local line = ip_addr
if line ~= value then config = config .. "\r\n" .. line end if non_fqdn then line = line .. " " .. hostname end
if network_domain then line = line .. " " .. (hostname .. network_domain) end
if line ~= ip_addr then config = config .. "\r\n" .. line end
end
end end
end end
end end
config_file = read_file(output_file) local config_file = read_file(output_file)
if config_file == nil then config_file = "" end if config_file == nil then config_file = "" end
c1 = sort_table(split(config_file, "\r\n")) local c1 = sort_table(split(config_file, "\r\n"))
c2 = sort_table(split(config, "\r\n")) local c2 = sort_table(split(config, "\r\n"))
if not compare_tables(c1, c2) then if not compare_tables(c1, c2) then
file = io.open(output_file, "w") local file = io.open(output_file, "w")
file:write(config) file:write(config)
file:close() file:close()
os.execute(reload_command) os.execute(reload_command)