Project

General

Profile

Download (5.33 KB) Statistics
| Branch: | Tag: | Revision:
1 14f9c43f Scott Ullrich
#!/bin/sh
2 ac24dc24 Renato Botelho
#
3
# rc.update_bogons.sh
4
#
5
# part of pfSense (https://www.pfsense.org)
6 880ed461 jim-p
# Copyright (c) 2004-2020 Rubicon Communications, LLC (Netgate)
7 ac24dc24 Renato Botelho
# All rights reserved.
8
#
9
# Based on src/etc/rc.d/savecore from FreeBSD
10
#
11 b12ea3fb Renato Botelho
# Licensed under the Apache License, Version 2.0 (the "License");
12
# you may not use this file except in compliance with the License.
13
# You may obtain a copy of the License at
14 ac24dc24 Renato Botelho
#
15 b12ea3fb Renato Botelho
# http://www.apache.org/licenses/LICENSE-2.0
16 ac24dc24 Renato Botelho
#
17 b12ea3fb Renato Botelho
# Unless required by applicable law or agreed to in writing, software
18
# distributed under the License is distributed on an "AS IS" BASIS,
19
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
20
# See the License for the specific language governing permissions and
21
# limitations under the License.
22 14f9c43f Scott Ullrich
23 7c05f800 bcyrill
# Global variables
24
proc_error=""
25
26 7fbb45be Renato Botelho
do_not_send_uniqueid=$(/usr/local/sbin/read_xml_tag.sh boolean system/do_not_send_uniqueid)
27
if [ "${do_not_send_uniqueid}" != "true" ]; then
28
	uniqueid=$(/usr/sbin/gnid)
29
	export HTTP_USER_AGENT="${product}/${product_version}:${uniqueid}"
30
else
31
	export HTTP_USER_AGENT="${product}/${product_version}"
32
fi
33
34 7c05f800 bcyrill
# Download and extract if necessary
35 c98951ce bcyrill
process_url() {
36 7c05f800 bcyrill
	local file=$1
37
	local url=$2
38
	local filename=${url##*/}
39
	local ext=${filename#*.}
40 e173dd74 Phil Davis
41 690b557c Chris Buechler
	/usr/bin/fetch -a -w 600 -T 30 -q -o $file "${url}"
42 e173dd74 Phil Davis
43 7c05f800 bcyrill
	if [ ! -f $file ]; then
44
		echo "Could not download ${url}" | logger
45
		proc_error="true"
46
	fi
47 e173dd74 Phil Davis
48 7c05f800 bcyrill
	case "$ext" in
49
		tar)
50
			mv $file $file.tmp
51
			/usr/bin/tar -xf $file.tmp -O > $file 2> /dev/null
52
			;;
53
		tar.gz)
54 c98951ce bcyrill
			mv $file $file.tmp
55
			/usr/bin/tar -xzf $file.tmp -O > $file 2> /dev/null
56
			;;
57 7c05f800 bcyrill
		tgz)
58
			mv $file $file.tmp
59
			/usr/bin/tar -xzf $file.tmp -O > $file 2> /dev/null
60
			;;
61
		tar.bz2)
62
			mv $file $file.tmp
63
			/usr/bin/tar -xjf $file.tmp -O > $file 2> /dev/null
64
			;;
65
		*)
66
			;;
67
	esac
68 e173dd74 Phil Davis
69 7c05f800 bcyrill
	if [ -f $file.tmp ]; then
70
		rm $file.tmp
71
	fi
72 e173dd74 Phil Davis
73 7c05f800 bcyrill
	if [ ! -f $file ]; then
74
		echo "Could not extract ${filename}" | logger
75
		proc_error="true"
76
	fi
77
}
78
79 9c9b1833 Scott Ullrich
echo "rc.update_bogons.sh is starting up." | logger
80
81 342a2f18 Phil Davis
# Sleep for some time, unless an argument is specified.
82 5de28171 Scott Ullrich
if [ "$1" = "" ]; then
83 e173dd74 Phil Davis
	# Grab a random value
84
	value=`od -A n -d -N2 /dev/random | awk '{ print $1 }'`
85
	echo "rc.update_bogons.sh is sleeping for $value" | logger
86
	sleep $value
87
fi
88 38b65b80 Scott Ullrich
89 9c9b1833 Scott Ullrich
echo "rc.update_bogons.sh is beginning the update cycle." | logger
90
91 92276df6 bcyrill
# Load custom bogon configuration
92
if [ -f /var/etc/bogon_custom ]; then
93
	. /var/etc/bogon_custom
94
fi
95
96
# Set default values if not overriden
97 375fce94 Chris Buechler
v4url=${v4url:-"https://files.pfsense.org/lists/fullbogons-ipv4.txt"}
98
v6url=${v6url:-"https://files.pfsense.org/lists/fullbogons-ipv6.txt"}
99 92276df6 bcyrill
v4urlcksum=${v4urlcksum:-"${v4url}.md5"}
100
v6urlcksum=${v6urlcksum:-"${v6url}.md5"}
101
102 7c05f800 bcyrill
process_url /tmp/bogons "${v4url}"
103
process_url /tmp/bogonsv6 "${v6url}"
104 4a41dff7 smos
105 7c05f800 bcyrill
if [ "$proc_error" != "" ]; then
106 7de4359a Seth Mos
	# Relaunch and sleep
107 7c05f800 bcyrill
	sh /etc/rc.update_bogons.sh &
108 7de4359a Seth Mos
	exit
109
fi
110
111 2076dc46 Ermal
BOGON_V4_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v4urlcksum}" | awk '{ print $4 }'`
112 92276df6 bcyrill
ON_DISK_V4_CKSUM=`md5 /tmp/bogons | awk '{ print $4 }'`
113 2076dc46 Ermal
BOGON_V6_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v6urlcksum}" | awk '{ print $4 }'`
114 92276df6 bcyrill
ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 | awk '{ print $4 }'`
115 342a2f18 Phil Davis
116 92276df6 bcyrill
if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
117 45bc16b9 bcyrill
	ENTRIES_MAX=`pfctl -s memory | awk '/table-entries/ { print $4 }'`
118 e173dd74 Phil Davis
119 3cde94cf bcyrill
	if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ]; then
120 45bc16b9 bcyrill
		ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'`
121
		ENTRIES_V4=`pfctl -vvsTables | awk '/-\tbogons$/ {getline; print $2}'`
122
		LINES_V4=`wc -l /tmp/bogons | awk '{ print $1 }'`
123
		if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V4:-0}+LINES_V4)) ]; then
124
			egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons
125
			RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1`
126
			echo "$RESULT" | awk '{ print "Bogons V4 file downloaded: " $0 }' | logger
127
		else
128
			echo "Not updating IPv4 bogons (increase table-entries limit)" | logger
129
		fi
130 3cde94cf bcyrill
		rm /tmp/bogons
131
	else
132
		echo "Could not download ${v4url} (checksum mismatch)" | logger
133
		checksum_error="true"
134
	fi
135 342a2f18 Phil Davis
136 3cde94cf bcyrill
	if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
137 8550a21c phildd
		BOGONS_V6_TABLE_COUNT=`pfctl -sTables | grep ^bogonsv6$ | wc -l | awk '{ print $1 }'`
138 45bc16b9 bcyrill
		ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'`
139
		LINES_V6=`wc -l /tmp/bogonsv6 | awk '{ print $1 }'`
140 8550a21c phildd
		if [ $BOGONS_V6_TABLE_COUNT -gt 0 ]; then
141 c858c609 phildd
			ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'`
142
			if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then
143 9b0adf13 N0YB
				egrep -iv "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6
144 c858c609 phildd
				RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1`
145
				echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger
146
			else
147
				echo "Not saving or updating IPv6 bogons (increase table-entries limit)" | logger
148
			fi
149 45bc16b9 bcyrill
		else
150 c858c609 phildd
			if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT+LINES_V6)) ]; then
151 9b0adf13 N0YB
				egrep -iv "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6
152 06ac4c7f Chris Buechler
				echo "Bogons V6 file downloaded but not updating IPv6 bogons table because it is not in use." | logger
153 c858c609 phildd
			else
154
				echo "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low)" | logger
155
			fi
156 3cde94cf bcyrill
		fi
157
		rm /tmp/bogonsv6
158
	else
159
		echo "Could not download ${v6url} (checksum mismatch)" | logger
160
		checksum_error="true"
161
	fi
162 342a2f18 Phil Davis
fi
163
164 7c05f800 bcyrill
if [ "$checksum_error" != "" ]; then
165 7de4359a Seth Mos
	# Relaunch and sleep
166 e173dd74 Phil Davis
	sh /etc/rc.update_bogons.sh &
167 342a2f18 Phil Davis
	exit
168 7de4359a Seth Mos
fi
169
170 48e29ac9 sullrich
echo "rc.update_bogons.sh is ending the update cycle." | logger