Хук: /usr/local/Reductor/userinfo/hooks/billing_redirect.sh
#!/bin/bash ipset_prepare() { if [ "${billing['negbal']}" = '1' ]; then if [ -n "${billing['subnet']}" ]; then ipset create auth bitmap:ip,mac range "${billing['subnet']}" 2>/dev/null || true else ipset create auth iphash 2>/dev/null || true fi ipset flush auth for ipset in negbal blocked; do ipset create $ipset hash:net 2>/dev/null || true ipset flush $ipset done while read net; do ipset add negbal $net || true done < /usr/local/Reductor/userinfo/hooks/negbal.list || true fi }
chmod a+x /usr/local/Reductor/userinfo/hooks/billing_redirect.sh
Список сетей для блокировки: cat /usr/local/Reductor/userinfo/hooks/negbal.list
10.30.30.0/24
Маски шире /16 не поддерживаются, разбейте сеть на более мелкие.
Опции для работы в конфиге: 10.50.140.73 - IP адрес заглушки настроенной по доке: https://github.com/carbonsoft/reductor_blockpages
declare -A billing
billing['negbal']='1'
billing['ip']=''
billing['negbal_ip']='10.50.140.73'
billing['negbal_dns_ip']='10.50.140.73'
billing['negbal_url']='http://10.50.140.73/'
billing['blocked_ip']=''
billing['blocked_dns_ip']=''
billing['blocked_url']=''
billing['noauth_ip']=''
billing['noauth_dns_ip']=''
billing['noauth_url']=''
billing['subnet']=''
billing['nocheckauth']='1'
billing['justsync']='0'
billing['other_traffic']='1'
После произвести рестарт:
service reductor restart