Modificado con mis cambios personales.

install.sh

@@ -3,14 +3,15 @@
 set -xe
 
 # install prerequisites
-apt install -y ipcalc
+apt install -y ipcalc shellcheck jq
 
-# install lxc-iptag
-curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag -o /usr/local/bin/lxc-iptag && chmod +x /usr/local/bin/lxc-iptag
-curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.conf -o /usr/local/etc/lxc-iptag.conf
+# iddnstall lxc-iptag
+chmod +x lxc-iptag
 
 # configure lxc-iptag systemd
-curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.service -o /etc/systemd/system/lxc-iptag.service
+cp lxc-iptag.service /etc/systemd/system/lxc-iptag.service
+sed -i "s|/usr/local/bin|$(pwd)|g" /etc/systemd/system/lxc-iptag.service
+
 
 # start lxc-iptag
 systemctl daemon-reload

lxc-iptag

@@ -61,7 +61,7 @@ ip_in_cidrs() {
 # Check if IP is valid
 is_valid_ipv4() {
     local ip=$1
-    local regex="^([0-9]{1,3}\.){3}[0-9]{1,3}$"
+    local regex="^([0-9]{1,3}\.){3}[0-9]{1,3}A$"
 
     if [[ $ip =~ $regex ]]; then
         IFS='.' read -r -a parts <<< "$ip"
@@ -98,11 +98,61 @@ fw_net_interface_changed() {
 
 # =============== MAIN =============== #
 
+update_vm_iptags() {
+    vmid_list=$(qm list 2>/dev/null | grep -v VMID | awk '{print $1}')
+    for vmid in ${vmid_list}; do
+        # Check if the VM ID is in the exclusion list
+        if [[ " ${EXCLUSION_LIST[*]} " == *"${vmid}"* ]]; then
+            echo "Skipping ${vmid} as it is in the exclusion list"
+            continue
+        fi
+
+        last_tagged_ips=()
+        current_valid_ips=()
+        next_tags=()
+
+        # Parse current tags
+        mapfile -t current_tags < <(qm config "${vmid}" | grep tags | awk '{print $2}' | sed 's/;/\n/g')
+        for current_tag in "${current_tags[@]}"; do
+            if is_valid_ipv4 "${current_tag}"; then
+                last_tagged_ips+=("${current_tag}")
+                continue
+            fi
+            next_tags+=("${current_tag}")
+        done
+
+        # Get current IPs
+        current_ips_full=$(qm guest cmd "${vmid}" network-get-interfaces | jq -r '.[] | .["ip-addresses"][]? | ."ip-address"')
+        for ip in ${current_ips_full}; do
+            # Check if the IP is in the exclusion list
+            if [[ " ${EXCLUSION_LIST[*]} " == *"${ip}"* ]]; then
+                echo "Skipping IP ${ip} for VM ${vmid} as it is in the exclusion list"
+                continue
+            fi
+
+            if is_valid_ipv4 "${ip}" && ip_in_cidrs "${ip}" "${CIDR_LIST[*]}"; then
+                current_valid_ips+=("${ip}")
+                next_tags+=("${ip}")
+            fi
+        done
+
+        # Skip if no ip change
+        if [[ "$(echo "${last_tagged_ips[@]}" | tr ' ' '\n' | sort -u)" == "$(echo "${current_valid_ips[@]}" | tr ' ' '\n' | sort -u)" ]]; then
+            echo "Skipping ${vmid} cause ip no changes"
+            continue
+        fi
+
+        # Set tags
+        echo "Setting ${vmid} tags from ${current_tags[*]} to ${next_tags[*]}"
+        qm set "${vmid}" -tags "$(IFS=';'; echo "${next_tags[*]}")"
+    done
+}
+
 update_lxc_iptags() {
     vmid_list=$(pct list 2>/dev/null | grep -v VMID | awk '{print $1}')
     for vmid in ${vmid_list}; do
         # Check if the container ID is in the exclusion list
-        if [[ " ${EXCLUSION_LIST[*]} " == *" ${vmid} "* ]]; then
+        if [[ " ${EXCLUSION_LIST[*]} " == *"${vmid}"* ]]; then
             echo "Skipping ${vmid} as it is in the exclusion list"
             continue
         fi
@@ -125,7 +175,7 @@ update_lxc_iptags() {
         current_ips_full=$(lxc-info -n "${vmid}" -i | awk '{print $2}')
         for ip in ${current_ips_full}; do
             # Check if the IP is in the exclusion list
-            if [[ " ${EXCLUSION_LIST[*]} " == *" ${ip} "* ]]; then
+            if [[ " ${EXCLUSION_LIST[*]} " == *"${ip}"* ]]; then
                 echo "Skipping IP ${ip} for container ${vmid} as it is in the exclusion list"
                 continue
             fi
@@ -165,6 +215,7 @@ check() {
         echo "Checking lxc status..."
         last_lxc_status_check_time=${current_time}
         if lxc_status_changed; then
+            update_vm_iptags
             update_lxc_iptags
             last_update_time=${current_time}
             return
@@ -177,6 +228,7 @@ check() {
         echo "Checking fw net interface..."
         last_fw_net_interface_check_time=${current_time}
         if fw_net_interface_changed; then
+            update_vm_iptags
             update_lxc_iptags
             last_update_time=${current_time}
             return
@@ -186,6 +238,7 @@ check() {
     time_since_last_update=$((current_time - last_update_time))
     if [ ${time_since_last_update} -ge ${FORCE_UPDATE_INTERVAL} ]; then
         echo "Force updating lxc iptags..."
+        update_vm_iptags
         update_lxc_iptags
         last_update_time=${current_time}
         return

lxc-iptag.conf

@@ -15,8 +15,5 @@ FORCE_UPDATE_INTERVAL=1800
 
 # Exclusion list for IPs or container IDs
 EXCLUSION_LIST=(
-    # Add IPs or container IDs here
-    # Example:
-    # 192.168.1.100
-    # container_id_1
+    900
 )