Skip to content

Commit 2234839

Browse files
vkucukcakarvkucukcakar
committed
format
1 parent ccc6111 commit 2234839

File tree

1 file changed

+25
-22
lines changed

1 file changed

+25
-22
lines changed

README.md

Lines changed: 25 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -22,17 +22,16 @@ Automatic CDN and bogon IP list updater for firewall and server configurations
2222
* Install PHP-CLI with openssl extension if not installed (OS dependent)
2323

2424
* Install ip-list-updater.php to an appropriate location and give execute permission
25-
25+
```
2626
$ cd /usr/local/src/
27-
2827
$ git clone https://github.com/vkucukcakar/ip-list-updater.git
29-
3028
$ cp ip-list-updater/ip-list-updater.php /usr/local/bin/
31-
32-
* Give execute permission if not cloned from github
29+
```
3330

31+
* Give execute permission if not cloned from github
32+
```
3433
$ chmod +x /usr/local/bin/ip-list-updater.php
35-
34+
```
3635

3736
## Usage
3837

@@ -72,73 +71,75 @@ Available options:
7271
### Examples (raw mode)
7372

7473
Short command syntax usage.
75-
74+
```
7675
$ ip-list-updater.php -u -m raw -x 4 -o "/etc/ip-list-updater.txt" -s "cloudflare" -c "/etc/myscript.sh"
77-
76+
```
7877
Long command syntax usage.
79-
78+
```
8079
$ ip-list-updater.php --update --mode="raw" --ipv=4 --output="/etc/ip-list-updater.txt" --sources="https://www.cloudflare.com/ips-v4" --success="/etc/myscript.sh"
81-
80+
```
8281

8382
Doing some magic with bash and raw list. /etc/myscript.sh contents:
84-
83+
```
8584
#!/usr/bin/env bash
8685
for IP in $(cat /etc/ip-list-updater.txt); do
8786
echo $IP
8887
done
88+
```
8989

9090
### Examples (ipset mode)
9191

9292
This example demonstrates how to allow your CDN/reverse proxy IP range through ipset and iptables.
9393

9494
Create a proxylist set, create iptables rule to accept proxylist set for http/https ports, add Cloudflare IPv4 range to proxylist set.
95-
95+
```
9696
$ ipset create proxylist hash:net family inet hashsize 1024 maxelem 131072
9797
$ iptables -I INPUT -p tcp -m multiport --dports 80,443 -m set --match-set proxylist src -j ACCEPT
9898
$ ip-list-updater.php --update --mode="ipset" --setname="proxylist" --ipv=4 --output="/etc/proxylist.txt" --sources="cloudflare"
99-
99+
```
100100
This example demonstrates how to block a bogonlist through ipset and iptables.
101101

102102
Create a bogonlist set, create iptables rule to drop bogonlist set, add Spamhaus IPv4 list to bogonlist set.
103-
103+
```
104104
$ ipset create bogonlist hash:net family inet hashsize 1024 maxelem 131072
105105
$ iptables -I INPUT -m set --match-set bogonlist src -j DROP
106106
$ ip-list-updater.php --update --mode="ipset" --setname="bogonlist" --ipv=4 --output="/etc/bogonlist.txt" --sources="spamhaus"
107-
107+
```
108108
### Examples (nginx mode)
109109

110110
This example demonstrates how to make Nginx show correct connnecting IP via ngx_http_realip_module on a reverse proxy/CDN setup.
111111

112112
Add the following to Nginx main configuration file.
113-
113+
```
114114
#real_ip_header X-Real-IP;
115115
#real_ip_header X-Forwarded-For;
116116
real_ip_header CF-Connecting-IP;
117117
include /etc/nginx-cloudflare.conf;
118-
118+
```
119119
Update ip list and create Nginx (module ngx_http_realip_module) configuration file to be included.
120120
Success command will make Nginx reload configuration files without interruption. Make sure nginx path is correct at the success command.
121-
121+
```
122122
$ ip-list-updater.php --update --mode="nginx" --ipv=4 --output="/etc/nginx-cloudflare.conf" --sources="cloudflare" --success="/usr/bin/nginx -s reload"
123-
123+
```
124124
For Cloudflare, both CF-Connecting-IP and X-Forwarded-For can be used. Please refer to your CDN's documentation for the correct header.
125125

126126
### Examples (apache mode)
127127

128128
This example demonstrates how to make Apache show correct connnecting IP via mod_remoteip on a reverse proxy/CDN setup.
129129

130130
Modify the relevant section in Apache configuration file.
131-
131+
```
132132
<IfModule mod_remoteip.c>
133133
#RemoteIPHeader X-Forwarded-For
134134
RemoteIPHeader CF-Connecting-IP
135135
RemoteIPInternalProxyList /etc/apache-cloudflare.lst
136136
</IfModule>
137-
137+
```
138138
Update ip list and create Apache (module mod_remoteip) trusted proxy list file to be included.
139139
Make sure Apache reload success command is correct which may be OS specific.
140-
140+
```
141141
$ ip-list-updater.php --update --mode="apache" --ipv=4 --output="/etc/apache-cloudflare.lst" --sources="cloudflare" --success="apachectl -k graceful"
142+
```
142143

143144
### Examples (A real world example !!!)
144145

@@ -148,9 +149,11 @@ The second line downloads the Cloudflare IPv4 range, updates Ipset named "proxyl
148149

149150
The third line downloads the Cloudflare IP range, updates the server configuration and reloads Nginx with zero downtime by sending a HUP signal to the container by Docker.
150151

152+
```
151153
15 3 * * * root /usr/local/bin/ip-list-updater.php --update --mode="ipset" --setname="bogonlist" --ipv=4 --output="/etc/bogonlist.txt" --sources="spamhaus" --success="ipset save bogonlist -f /etc/sptables/data/bogonlist.save" >/dev/null 2>/var/log/ip-list-updater.log
152154
45 3 * * * root /usr/local/bin/ip-list-updater.php --update --mode="ipset" --setname="proxylist" --ipv=4 --output="/etc/proxylist.txt" --sources="cloudflare" --success="ipset save proxylist -f /etc/sptables/data/proxylist.save" >/dev/null 2>/var/log/ip-list-updater.log
153155
30 3 * * * root /usr/local/bin/ip-list-updater.php --update --mode="nginx" --ipv=all --output="/lemp/configurations/cdn.conf" --sources="cloudflare" --success="docker kill --signal=HUP server-proxy" >/dev/null 2>/var/log/ip-list-updater.log
156+
```
154157

155158
## Caveats
156159

0 commit comments

Comments
 (0)