... Хук: /usr/local/Reductor/userinfo/hooks/billing_redirect.sh
{code}
#!/bin/bash
ipset_prepare() {
if [ "${billing['negbal']}" = '1' ]; then
if [ -n "${billing['subnet']}" ]; then
ipset create auth bitmap:ip,mac range "${billing['subnet']}" 2>/dev/null || true
else
ipset create auth iphash 2>/dev/null || true
fi
ipset flush auth
for ipset in negbal blocked; do
ipset create $ipset hash:net 2>/dev/null || true
ipset flush $ipset
done
while read net; do
ipset add negbal $net || true
done < /usr/local/Reductor/userinfo/hooks/negbal.list || true
fi
}
{code}
|
{code}
|
chmod a+x /app/reductor/cfg/userinfo/hooks/billing_redirect.sh /usr/local/Reductor/userinfo/hooks/billing_redirect.sh
|
{code}
Список сетей для блокировки: cat /usr/local/Reductor/userinfo/hooks/negbal.list
|
... \\
{code}
10.30.30.0/24
{code}
Маски шире /16 не поддерживаются, разбейте сеть на более мелкие.
Опции для работы в конфиге: 10.50.140.73 - IP адрес заглушки настроенной по доке: [https://github.com/carbonsoft/reductor_blockpages]\\
{code}
declare -A billing
billing['negbal']='1'
billing['ip']=''
billing['negbal_ip']='10.50.140.73'
billing['negbal_dns_ip']='10.50.140.73'
billing['negbal_url']='http://10.50.140.73/'
billing['blocked_ip']=''
billing['blocked_dns_ip']=''
billing['blocked_url']=''
billing['noauth_ip']=''
billing['noauth_dns_ip']=''
billing['noauth_url']=''
billing['subnet']=''
billing['nocheckauth']='1'
billing['justsync']='0'
billing['other_traffic']='1'
{code}
|
