banip: update 1.8.0-3

* support the new possible nft expiry options in the backend as well

Signed-off-by: Dirk Brenken <redacted>

diff --git a/net/banip/Makefile b/net/banip/Makefile
index b0c14909adf5278bf40e06b8c2af4b9f45d45c6e..14b3603bc2ccc6e1d89d66b772948040f83d3f3b 100644 (file)
--- a/net/banip/Makefile
+++ b/net/banip/Makefile
@@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=banip
 PKG_VERSION:=1.8.0
-PKG_RELEASE:=1
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
 

diff --git a/net/banip/files/README.md b/net/banip/files/README.md
index d049c98ef028a178ee763323c005b76e5b3ee72f..3ecb881f3e97f22a8a2bc198ccdac68a4552a2ee 100644 (file)
--- a/net/banip/files/README.md
+++ b/net/banip/files/README.md
@@ -189,7 +189,7 @@ Available commands:
 | ban_nftloglevel         | option | warn                          | nft loglevel, values: emerg, alert, crit, err, warn, notice, info, debug                                          |
 | ban_nftpriority         | option | -100                          | nft priority for the banIP table (the prerouting table is fixed to priority -150)                                 |
 | ban_nftpolicy           | option | memory                        | nft policy for banIP-related Sets, values: memory, performance                                                    |
-| ban_nftexpiry           | option | -                             | expiry time for auto added blocklist members, e.g. '5m', '2h' or '1d'                                             |
+| ban_nftexpiry           | option | -                             | expiry time (ms|s|m|h|d|w) for auto added blocklist members, e.g. '5m', '2h' or '1d'                              |
 | ban_nftretry            | option | 5                             | number of Set load attempts in case of an error                                                                   |
 | ban_nftcount            | option | 0                             | enable nft counter for every Set element                                                                          |
 | ban_bcp38               | option | 0                             | block packets with spoofed source IP addresses in all supported chains                                            |

diff --git a/net/banip/files/banip-functions.sh b/net/banip/files/banip-functions.sh
index 54f341c6022be6e29357bf74c7ccfcb9b88f6f36..79bee69496d3cf1ef05c4d3c48fa429b9a87e835 100644 (file)
--- a/net/banip/files/banip-functions.sh
+++ b/net/banip/files/banip-functions.sh
@@ -2153,8 +2153,10 @@ f_mail() {
 # log monitor
 #
 f_monitor() {
-       local daemon logread_cmd loglimit_cmd logread_filter nft_expiry line ip_proto ip proto log_count idx base cidr rdap_log rdap_rc rdap_idx rdap_info
+       local logread_cmd loglimit_cmd logread_filter nft_expiry line ip_proto ip proto log_count idx base cidr rdap_log rdap_rc rdap_idx rdap_info
 
+       # log reading configuration
+       #
        if [ -f "${ban_logreadfile}" ] && [ -x "${ban_logreadcmd}" ] && [ "${ban_logreadcmd##*/}" = "tail" ]; then
                logread_cmd="${ban_logreadcmd} -qf ${ban_logreadfile} 2>/dev/null"
                loglimit_cmd="${ban_logreadcmd} -qn ${ban_loglimit} ${ban_logreadfile} 2>/dev/null"
@@ -2165,9 +2167,13 @@ f_monitor() {
                logread_filter=""
        fi
 
+       # start log monitoring
+       #
        if [ -n "${logread_cmd}" ] && [ -n "${loglimit_cmd}" ] && [ -n "${ban_logterm}" ] && [ "${ban_loglimit}" != "0" ]; then
                f_log "info" "start detached banIP log service (${ban_logreadcmd})"
-               [ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")"
+               if printf "%s" "${ban_nftexpiry}" | grep -qE '^([1-9][0-9]*(ms|s|m|h|d|w))+$'; then
+                       nft_expiry="timeout ${ban_nftexpiry}"
+               fi
 
                # retrieve/cache current allowlist/blocklist content
                #