8-ipset实现网站过滤

作者: Creator_Ly | 来源:发表于2020-05-11 12:40 被阅读0次

8-ipset实现网站过滤
基于django做HTTP代理服务器
过滤器实现网站计数
redis几种特殊的数据结构
Flume学习系列(四)---- Interceptors（拦截
22. 过滤器
adb logcat使用
DFA算法以及敏感词过滤代码实现
防盗链之基于springboot过滤器实现
ReactiveCocoa学习笔记<三> RACSignal基本

iptables只能根据ip地址进行转发，不能识别域名，而dnsmasq-full不仅可以实现域名-IP的映射，还可以把这个映射关系存储在ipset中，所以使用dnsmasq+ipset就可以实现iptables对域名的转发，可以实现很多功能

原理很简单，就是Dnsmasq接收到一个DNS查询请求，首先匹配配置文件中的域名列表，如果匹配成功某域名，就把IP的查询结果存储在一个或几个ipset集合中，然后使用iptables对这个ipset中的全部ip进行匹配并做相应的处理，如DROP或者REDIRECT或者设置mark

Dnsmasq+ipset+iptables基于域名的流量管理:
https://blog.csdn.net/lvshaorong/article/details/52981169

iptables -t mangle -I PREROUTING -m set --match-set wechat dst -j DROP
iptables -t mangle -D PREROUTING -m set --match-set wechat dst -j DROP
iptables -t mangle -I PREROUTING -m set --match-set video dst -j DROP
iptables -t mangle -D PREROUTING -m set --match-set video dst -j DROP

zipset/Makefile

include $(TOPDIR)/rules.mk

PKG_NAME:=zipset
PKG_VERSION:=1.0
PKG_RELEASE:=2019.07.31

PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)

include $(INCLUDE_DIR)/package.mk

define Package/$(PKG_NAME)
  SECTION:=ZIHOME
  CATEGORY:=ZIHOME
  DEPENDS:=+dnsmasq_full_ipset +ipset
  TITLE:=ZIHOME ipset scripts
  PKGARCH:=all
  SUBMENU:=net
endef

define Package/$(PKG_NAME)/description
 ZIHOME ipset.
endef

define Build/Prepare
endef

define Build/Configure
endef

define Build/Compile
endef

define Package/$(PKG_NAME)/install
    $(INSTALL_DIR) $(1)
    $(CP) ./files/* $(1)/
endef

$(eval $(call BuildPackage,$(PKG_NAME)))

zipset/files/etc/init.d/zipset

#!/bin/sh /etc/rc.common

START=40

start()
{
    local f n

    cd /etc/zihome-dnsmasq.d || return 0
    files="$(ls)"
    for f in *.ipset; do
        if [ ! -f $f ]; then
            continue
        fi
        n=${f%.ipset}
        ipset -! create $n hash:net || continue
        ipset flush $n || continue
    done
}

stop()
{
    local f n

    cd /etc/zihome-dnsmasq.d || return 0
    files="$(ls)"
    for f in *.ipset; do
        if [ ! -f $f ]; then
            continue
        fi
        n=${f%.ipset}
        ipset flush $n 2>/dev/null
        ipset destroy $n 2>/dev/null
    done
}

zipset/files/etc/zihome-dnsmasq.d/wechat.ipset

ipset=/v.qq.com/video
ipset=/video.qq.com/video
ipset=/ke.qq.com/video
ipset=/iqiyi.com/video
ipset=/tv.sohu.com/video
ipset=/youku.com/video
ipset=/tudou.com/video
ipset=/mgtv.com/video
ipset=/tv.cctv.com/video
ipset=/v.baidu.com/video
ipset=/bilibili.com/video
ipset=/v.pptv.com/video
ipset=/v.ifeng.com/video
ipset=/baofeng.com/video
ipset=/douyin.com/video
ipset=/ixigua.com/video

爱奇艺

123.125.111.85
36.110.238.90
124.64.199.173
111.202.75.89
119.249.58.216
124.64.199.37
111.202.75.27
124.64.199.177
119.249.58.212
119.249.58.218
202.108.14.116
123.125.111.111
124.64.199.179
124.64.198.191
123.125.111.70
123.125.111.84
111.206.70.152
111.206.70.132
111.206.70.153
119.249.58.213
101.72.202.218
202.108.14.117
119.249.58.217
111.202.75.109
101.72.202.211
111.202.74.189
124.64.199.232
119.249.58.211
202.108.14.140
101.72.202.214
101.72.202.213
119.249.58.215
111.206.70.130
111.202.75.18
111.202.75.68
123.125.115.196
101.72.202.216
119.249.58.214
125.39.12.5
111.206.13.22
111.202.75.57
111.206.23.96
111.202.74.192
101.72.202.217
123.125.111.100
123.125.111.81
202.108.14.143
124.64.199.181
106.38.219.16
111.206.23.97
123.125.84.228
124.64.199.175
111.202.75.29
61.240.130.161
111.202.74.191
111.206.70.199
111.202.75.92
101.227.21.91
123.125.111.117
111.202.75.9
111.206.70.161
111.206.70.144
124.64.198.209
123.125.111.71
111.206.70.214
116.211.189.222
124.64.198.195
101.227.21.92
202.108.14.150
111.202.74.190
101.72.202.212
61.240.130.162
111.206.70.205
202.108.14.145
111.202.75.80
111.202.75.102
111.206.70.133
101.72.202.215

抖音与西瓜一起

124.165.219.248
175.20.90.213
119.249.58.214
175.20.82.250
121.18.239.211
124.165.219.245
111.161.117.1
116.136.150.1
124.166.234.58
139.215.130.233
124.166.234.53
218.60.51.3
175.20.82.246
221.195.244.230
222.161.248.244
120.52.72.102
218.60.51.5
125.39.12.5
222.161.248.242
221.195.195.241
139.215.130.231
124.165.219.244
60.215.125.100
175.20.82.243
103.135.80.130
60.221.194.224
124.165.219.250
221.194.147.230
139.215.130.232
101.28.133.99
60.9.4.222
119.249.58.216
124.165.219.242
218.24.17.1
221.195.195.243
222.161.248.245
124.163.195.218
175.20.90.215
139.215.130.226
222.161.248.248
121.29.9.87
221.195.195.249
119.249.58.212
60.28.125.1
182.118.0.248
119.249.58.218
222.161.248.250
124.166.234.55
221.195.195.242
222.161.248.243
175.20.90.211
139.215.225.60
221.195.195.240
175.20.90.214
175.20.90.218
218.60.51.6
124.165.219.243
61.134.110.35
218.60.51.7
116.136.135.224
124.166.236.226
119.249.58.213
139.215.130.227
175.20.90.212
124.165.219.249
175.20.82.248
124.166.234.59
101.28.134.46
139.215.130.228
101.28.134.48
124.165.219.246
139.215.130.229
175.20.90.217
218.60.51.4
218.60.51.2
139.215.130.230
116.136.134.84
120.52.72.103
119.249.48.185
175.20.82.245
119.249.58.211
218.60.51.1
103.135.80.131
60.28.124.1
60.222.12.2
221.195.195.244
61.240.28.1
119.249.58.217
175.20.82.242
110.249.197.232
222.161.248.246
60.215.125.102
175.20.82.249
119.249.58.215
101.72.202.216
221.195.195.250
103.135.80.129
222.161.248.249
221.194.149.1