Created
March 30, 2026 20:27
-
-
Save rm3l/b766c7a3f76c90aee862a1dd8aec84f7 to your computer and use it in GitHub Desktop.
Synology IP Blocklist Updater
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Synology IP Blocklist Updater | |
| # Fetches IP addresses from https://github.com/duggytuxy/Data-Shield_IPv4_Blocklist and adds them to the auto-block deny list | |
| set -eo pipefail | |
| # Configuration | |
| BLOCKLIST_URL="https://raw.githubusercontent.com/duggytuxy/Data-Shield_IPv4_Blocklist/refs/heads/main/prod_data-shield_ipv4_blocklist.txt" | |
| TEMP_FILE="/tmp/blocklist_$$" | |
| SYSLOG_TAG="syno-blocklist" | |
| # Cleanup trap | |
| cleanup() { | |
| rm -f "$TEMP_FILE" | |
| } | |
| trap cleanup EXIT | |
| # Function to log messages to syslog | |
| log() { | |
| logger -t "$SYSLOG_TAG" "$1" | |
| echo "$1" | |
| } | |
| # Function to validate IP address | |
| is_valid_ip() { | |
| local ip=$1 | |
| if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then | |
| local octet1 octet2 octet3 octet4 | |
| IFS='.' read -r octet1 octet2 octet3 octet4 <<< "$ip" | |
| if [ "$octet1" -le 255 ] && [ "$octet2" -le 255 ] && [ "$octet3" -le 255 ] && [ "$octet4" -le 255 ]; then | |
| return 0 | |
| fi | |
| fi | |
| return 1 | |
| } | |
| # Main script | |
| log "=== Starting blocklist update ===" | |
| # Check if running as root | |
| if [ "$EUID" -ne 0 ]; then | |
| log "ERROR: This script must be run as root" | |
| exit 1 | |
| fi | |
| # Download the blocklist | |
| log "Downloading blocklist from $BLOCKLIST_URL" | |
| if ! curl -sSf -o "$TEMP_FILE" "$BLOCKLIST_URL"; then | |
| log "ERROR: Failed to download blocklist" | |
| rm -f "$TEMP_FILE" | |
| exit 1 | |
| fi | |
| # Count total IPs in the file | |
| total_ips=$(grep -v '^#' "$TEMP_FILE" | grep -v '^[[:space:]]*$' | wc -l) | |
| log "Found $total_ips IP addresses in blocklist" | |
| # Function to convert IP to IPv6-mapped format | |
| ip_to_ipv6_mapped() { | |
| local ip=$1 | |
| local octet1 octet2 octet3 octet4 | |
| IFS='.' read -r octet1 octet2 octet3 octet4 <<< "$ip" | |
| printf "0000:0000:0000:0000:0000:FFFF:%02X%02X:%02X%02X" $octet1 $octet2 $octet3 $octet4 | |
| } | |
| # Process and add IPs directly to database | |
| added_count=0 | |
| skipped_count=0 | |
| processed_count=0 | |
| DB_FILE="/etc/synoautoblock.db" | |
| RECORD_TIME=$(date +%s) | |
| while IFS= read -r line || [ -n "$line" ]; do | |
| # Skip comments and empty lines | |
| if [[ "$line" =~ ^#.*$ ]] || [[ -z "${line// }" ]]; then | |
| continue | |
| fi | |
| # Extract IP address (remove any trailing comments or whitespace) | |
| ip=$(echo "$line" | awk '{print $1}') | |
| # Validate IP | |
| if ! is_valid_ip "$ip"; then | |
| skipped_count=$((skipped_count + 1)) | |
| continue | |
| fi | |
| # Convert IP to IPv6-mapped format | |
| ipv6_mapped=$(ip_to_ipv6_mapped "$ip") | |
| # Insert into database (matching the exact schema from existing records) | |
| sqlite3 "$DB_FILE" "INSERT OR IGNORE INTO AutoBlockIP (IP, RecordTime, ExpireTime, Deny, IPStd, Type, Meta) VALUES ('$ip', $RECORD_TIME, 0, 1, '$ipv6_mapped', 0, '');" 2>/dev/null | |
| if [ $? -eq 0 ]; then | |
| added_count=$((added_count + 1)) | |
| else | |
| skipped_count=$((skipped_count + 1)) | |
| fi | |
| processed_count=$((processed_count + 1)) | |
| # Progress update every 5000 IPs | |
| if [ $((processed_count % 5000)) -eq 0 ]; then | |
| log "Progress: $processed_count/$total_ips processed (added: $added_count, skipped: $skipped_count)" | |
| fi | |
| done < "$TEMP_FILE" | |
| # Summary | |
| log "Update complete: Added $added_count, Skipped $skipped_count" | |
| log "=== Blocklist update finished ===" | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment