From 5eae4ecb43e3f4cdd1fd5c874d0b6ac20d323b82 Mon Sep 17 00:00:00 2001
From: Oliver Ladner <waste@lugh.ch>
Date: Wed, 27 May 2015 08:36:29 +0200
Subject: [PATCH] rbl: sanity checks, fix IPv6 geoip lookup, extend duration to
 4 days

---
 rbl_expire.sh   |  4 ++--
 rbl_generate.sh | 11 ++++++++---
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/rbl_expire.sh b/rbl_expire.sh
index c5c532c..e590c13 100755
--- a/rbl_expire.sh
+++ b/rbl_expire.sh
@@ -2,7 +2,7 @@
 #
 # Expire old RBL records
 
-maxage=48 # in hours
+maxage=96 # in hours
 rblfile="/var/lib/rbldns/list"
 
 egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' $rblfile | while read -r ip delimiter timestamp foo; do
@@ -10,7 +10,7 @@ egrep '^[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'
         	expiration=$(echo "$(date +%s)-$timestamp" | bc)
 
         	if [ "$expiration" -gt "$(($maxage * 3600))" ]; then
-        	        #echo "entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
+        	        #echo "DEBUG: entry $ip older than $maxage hours (expired $(($expiration / 3600)) hours ago)"
         	        sed -i "/^$ip.*# $timestamp.*$/d" $rblfile || echo "Error while deleting $ip: $?"
         	fi
 	fi
diff --git a/rbl_generate.sh b/rbl_generate.sh
index 6875dd1..786dd0a 100755
--- a/rbl_generate.sh
+++ b/rbl_generate.sh
@@ -58,7 +58,7 @@ fi
 
 # fail2ban
 for ip in ${iptables_banned[@]}; do
-	if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
+	if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
 		# Add IP
 		geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
 		printf "%s # $(date +%s) # Service login attempts/misconfiguration # %s\n" "$ip" "$geoip" >> $rblfile
@@ -67,9 +67,14 @@ done
 
 # SPAM
 for ip in ${spamtrap[@]}; do
-	if [[ $(grep -c $ip $rblfile) -lt 1 ]]; then
+	if [[ $(grep -c "$ip" $rblfile) -lt 1 ]]; then
 		# Add IP
-		geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
+		# IPv4 or IPv6 switch
+		if [ $(echo "$ip" | grep -c ':') -gt 0 ]; then
+			geoip=$(geoiplookup6 $ip | sed 's/GeoIP Country V6 Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
+		else
+			geoip=$(geoiplookup $ip | sed 's/GeoIP Country Edition: //' | awk {' if($1=="IP") print $0; else print $2,$3,$4,$5,$6,$7,$8'})
+		fi
 		printf "%s # $(date +%s) # SPAM mail to trap address #         %s\n" "$ip" "$geoip" >> $rblfile
 	fi
 done