Хук: /usr/local/Reductor/userinfo/hooks/billing_redirect.sh
#!/bin/bash
ipset_prepare() {
if [ "${billing['negbal']}" = '1' ]; then
if [ -n "${billing['subnet']}" ]; then
ipset create auth bitmap:ip,mac range "${billing['subnet']}" 2>/dev/null || true
else
ipset create auth iphash 2>/dev/null || true
fi
ipset flush auth
for ipset in negbal blocked; do
ipset create $ipset hash:net 2>/dev/null || true
ipset flush $ipset
done
while read net; do
ipset add negbal $net || true
done < /usr/local/Reductor/userinfo/hooks/negbal.list || true
fi
}
chmod a+x /usr/local/Reductor/userinfo/hooks/billing_redirect.sh
Список сетей для блокировки: cat /usr/local/Reductor/userinfo/hooks/negbal.list
10.30.30.0/24
Маски шире /16 не поддерживаются, разбейте сеть на более мелкие.
Опции для работы в конфиге: 10.50.140.73 - IP адрес заглушки настроенной по доке: https://github.com/carbonsoft/reductor_blockpages
declare -A billing
billing['negbal']='1'
billing['ip']=''
billing['negbal_ip']='10.50.140.73'
billing['negbal_dns_ip']='10.50.140.73'
billing['negbal_url']='http://10.50.140.73/'
billing['blocked_ip']=''
billing['blocked_dns_ip']=''
billing['blocked_url']=''
billing['noauth_ip']=''
billing['noauth_dns_ip']=''
billing['noauth_url']=''
billing['subnet']=''
billing['nocheckauth']='1'
billing['justsync']='0'
billing['other_traffic']='1'
После произвести рестарт:
service reductor restart