commit - 88f3e13dadb91d43520a3e4ceff3b61170d32759
commit + d43799e55479f2dbf3803867f54643b5506e7636
blob - 20656c482a7d12328bafbce1863ef45312abbb33
blob + 439ccc2c83acb045c82728bf7ad56dfda4afc213
--- http-ban.sh
+++ http-ban.sh
#!/bin/sh
-: ${HTTPBAN_WHITELIST:=127.0.0.1}
-: ${HTTPBAN_LIMIT_500:=10}
-: ${HTTPBAN_LIMIT_400:=10}
-: ${HTTPBAN_LIMIT_300:=10}
-: ${HTTPBAN_TABLE:=httpban}
+: "${HTTPBAN_WHITELIST:=127.0.0.1}"
+: "${HTTPBAN_LIMIT_500:=10}"
+: "${HTTPBAN_LIMIT_400:=10}"
+: "${HTTPBAN_LIMIT_300:=10}"
+: "${HTTPBAN_TABLE:=httpban}"
alias log="logger -st http-ban"
alias show="doas /sbin/pfctl -t players -T show"
awk -vtrig="${1:-10}" ' $1 >= trig { print $2 }'
}
+# shellcheck disable=SC2086,SC2046
block() {
set -- $HTTPBAN_WHITELIST
- set -- $(for ip; do printf -- '-e %s ' "$ip" done)
+ set -- $(for ip; do printf -- '-e %s ' "$ip"; done)
{
access | IN_500_HOSTS | limit "$HTTPBAN_LIMIT_500"
- access | IN_400_HOSTS | limit "$HTTPBAN_LIMIT_400"
+ access | IN_400_HOSTS | limit "$HTTPBAN_LIMIT_400"
access | IN_300_HOSTS | limit "$HTTPBAN_LIMIT_300"
} | sort | uniq | {
- test -n "$*" && grep -v "$@" || cat
+ if test -n "$*"; then grep -v "$@" else cat; fi
}
}
# Diff processing
show | sort | awk '{ print $1 }' >/tmp/http-ban.current
-DIFF=$(comm /tmp/http-ban.new /tmp/http-ban.current)
NEW=$(comm -23 /tmp/http-ban.new /tmp/http-ban.current)
GRACE=$(comm -13 /tmp/http-ban.new /tmp/http-ban.current)
