From ab67525a6f142fb6c1affffa5860bc551ef17e2c Mon Sep 17 00:00:00 2001 From: keteflips Date: Wed, 20 Aug 2025 19:36:38 +0200 Subject: [PATCH] Modificado con mis cambios personales. --- LICENSE | 0 README.md | 0 img/pve-lxc-iptag.png | Bin install.sh | 11 ++++---- lxc-iptag | 59 +++++++++++++++++++++++++++++++++++++++--- lxc-iptag.conf | 5 +--- lxc-iptag.service | 0 uninstall.sh | 0 8 files changed, 63 insertions(+), 12 deletions(-) mode change 100644 => 100755 LICENSE mode change 100644 => 100755 README.md mode change 100644 => 100755 img/pve-lxc-iptag.png mode change 100644 => 100755 install.sh mode change 100644 => 100755 lxc-iptag.conf mode change 100644 => 100755 lxc-iptag.service mode change 100644 => 100755 uninstall.sh diff --git a/LICENSE b/LICENSE old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/img/pve-lxc-iptag.png b/img/pve-lxc-iptag.png old mode 100644 new mode 100755 diff --git a/install.sh b/install.sh old mode 100644 new mode 100755 index 3774937..8ecb5ca --- a/install.sh +++ b/install.sh @@ -3,14 +3,15 @@ set -xe # install prerequisites -apt install -y ipcalc +apt install -y ipcalc shellcheck jq -# install lxc-iptag -curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag -o /usr/local/bin/lxc-iptag && chmod +x /usr/local/bin/lxc-iptag -curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.conf -o /usr/local/etc/lxc-iptag.conf +# iddnstall lxc-iptag +chmod +x lxc-iptag # configure lxc-iptag systemd -curl -sSL https://raw.githubusercontent.com/gitsang/lxc-iptag/main/lxc-iptag.service -o /etc/systemd/system/lxc-iptag.service +cp lxc-iptag.service /etc/systemd/system/lxc-iptag.service +sed -i "s|/usr/local/bin|$(pwd)|g" /etc/systemd/system/lxc-iptag.service + # start lxc-iptag systemctl daemon-reload diff --git a/lxc-iptag b/lxc-iptag index 7d00ce2..9467839 100755 --- a/lxc-iptag +++ b/lxc-iptag @@ -61,7 +61,7 @@ ip_in_cidrs() { # Check if IP is valid is_valid_ipv4() { local ip=$1 - local regex="^([0-9]{1,3}\.){3}[0-9]{1,3}$" + local regex="^([0-9]{1,3}\.){3}[0-9]{1,3}A$" if [[ $ip =~ $regex ]]; then IFS='.' read -r -a parts <<< "$ip" @@ -98,11 +98,61 @@ fw_net_interface_changed() { # =============== MAIN =============== # +update_vm_iptags() { + vmid_list=$(qm list 2>/dev/null | grep -v VMID | awk '{print $1}') + for vmid in ${vmid_list}; do + # Check if the VM ID is in the exclusion list + if [[ " ${EXCLUSION_LIST[*]} " == *"${vmid}"* ]]; then + echo "Skipping ${vmid} as it is in the exclusion list" + continue + fi + + last_tagged_ips=() + current_valid_ips=() + next_tags=() + + # Parse current tags + mapfile -t current_tags < <(qm config "${vmid}" | grep tags | awk '{print $2}' | sed 's/;/\n/g') + for current_tag in "${current_tags[@]}"; do + if is_valid_ipv4 "${current_tag}"; then + last_tagged_ips+=("${current_tag}") + continue + fi + next_tags+=("${current_tag}") + done + + # Get current IPs + current_ips_full=$(qm guest cmd "${vmid}" network-get-interfaces | jq -r '.[] | .["ip-addresses"][]? | ."ip-address"') + for ip in ${current_ips_full}; do + # Check if the IP is in the exclusion list + if [[ " ${EXCLUSION_LIST[*]} " == *"${ip}"* ]]; then + echo "Skipping IP ${ip} for VM ${vmid} as it is in the exclusion list" + continue + fi + + if is_valid_ipv4 "${ip}" && ip_in_cidrs "${ip}" "${CIDR_LIST[*]}"; then + current_valid_ips+=("${ip}") + next_tags+=("${ip}") + fi + done + + # Skip if no ip change + if [[ "$(echo "${last_tagged_ips[@]}" | tr ' ' '\n' | sort -u)" == "$(echo "${current_valid_ips[@]}" | tr ' ' '\n' | sort -u)" ]]; then + echo "Skipping ${vmid} cause ip no changes" + continue + fi + + # Set tags + echo "Setting ${vmid} tags from ${current_tags[*]} to ${next_tags[*]}" + qm set "${vmid}" -tags "$(IFS=';'; echo "${next_tags[*]}")" + done +} + update_lxc_iptags() { vmid_list=$(pct list 2>/dev/null | grep -v VMID | awk '{print $1}') for vmid in ${vmid_list}; do # Check if the container ID is in the exclusion list - if [[ " ${EXCLUSION_LIST[*]} " == *" ${vmid} "* ]]; then + if [[ " ${EXCLUSION_LIST[*]} " == *"${vmid}"* ]]; then echo "Skipping ${vmid} as it is in the exclusion list" continue fi @@ -125,7 +175,7 @@ update_lxc_iptags() { current_ips_full=$(lxc-info -n "${vmid}" -i | awk '{print $2}') for ip in ${current_ips_full}; do # Check if the IP is in the exclusion list - if [[ " ${EXCLUSION_LIST[*]} " == *" ${ip} "* ]]; then + if [[ " ${EXCLUSION_LIST[*]} " == *"${ip}"* ]]; then echo "Skipping IP ${ip} for container ${vmid} as it is in the exclusion list" continue fi @@ -165,6 +215,7 @@ check() { echo "Checking lxc status..." last_lxc_status_check_time=${current_time} if lxc_status_changed; then + update_vm_iptags update_lxc_iptags last_update_time=${current_time} return @@ -177,6 +228,7 @@ check() { echo "Checking fw net interface..." last_fw_net_interface_check_time=${current_time} if fw_net_interface_changed; then + update_vm_iptags update_lxc_iptags last_update_time=${current_time} return @@ -186,6 +238,7 @@ check() { time_since_last_update=$((current_time - last_update_time)) if [ ${time_since_last_update} -ge ${FORCE_UPDATE_INTERVAL} ]; then echo "Force updating lxc iptags..." + update_vm_iptags update_lxc_iptags last_update_time=${current_time} return diff --git a/lxc-iptag.conf b/lxc-iptag.conf old mode 100644 new mode 100755 index c45e11b..55f5cd0 --- a/lxc-iptag.conf +++ b/lxc-iptag.conf @@ -15,8 +15,5 @@ FORCE_UPDATE_INTERVAL=1800 # Exclusion list for IPs or container IDs EXCLUSION_LIST=( - # Add IPs or container IDs here - # Example: - # 192.168.1.100 - # container_id_1 + 900 ) diff --git a/lxc-iptag.service b/lxc-iptag.service old mode 100644 new mode 100755 diff --git a/uninstall.sh b/uninstall.sh old mode 100644 new mode 100755