/etc/rc.update_bogons.sh - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/rc.update_bogons.sh @ 92276df6

1	14f9c43f	Scott Ullrich	#!/bin/sh
2
3			# Update bogons file
4			# Part of the pfSense project
5			# www.pfsense.com
6
7	9c9b1833	Scott Ullrich	echo "rc.update_bogons.sh is starting up." \| logger
8
9	342a2f18	Phil Davis	# Sleep for some time, unless an argument is specified.
10	5de28171	Scott Ullrich	if [ "$1" = "" ]; then
11	9dbb93ba	Chris Buechler	# Grab a random value
12			value=`od -A n -d -N2 /dev/random \| awk '{ print $1 }'`
13			echo "rc.update_bogons.sh is sleeping for $value" \| logger
14			sleep $value
15	fc1e7d9f	Chris Buechler	fi
16	38b65b80	Scott Ullrich
17	9c9b1833	Scott Ullrich	echo "rc.update_bogons.sh is beginning the update cycle." \| logger
18
19	92276df6	bcyrill	# Load custom bogon configuration
20			if [ -f /var/etc/bogon_custom ]; then
21			. /var/etc/bogon_custom
22			fi
23
24			# Set default values if not overriden
25			v4url=${v4url:-"http://files.pfsense.org/lists/fullbogons-ipv4.txt"}
26			v6url=${v6url:-"http://files.pfsense.org/lists/fullbogons-ipv6.txt"}
27			v4urlcksum=${v4urlcksum:-"${v4url}.md5"}
28			v6urlcksum=${v6urlcksum:-"${v6url}.md5"}
29
30			/usr/bin/fetch -q -o /tmp/bogons "${v4url}"
31			/usr/bin/fetch -q -o /tmp/bogonsv6 "${v6url}"
32	331103ae	jim-p	if [ ! -f /tmp/bogons ]; then
33	92276df6	bcyrill	echo "Could not download ${v4url}" \| logger
34	4a41dff7	smos	dl_error="true"
35	e59010af	Scott Ullrich	fi
36	7de4359a	Seth Mos	if [ ! -f /tmp/bogonsv6 ]; then
37	92276df6	bcyrill	echo "Could not download ${v6url}" \| logger
38	4a41dff7	smos	dl_error="true"
39			fi
40
41			if [ "$dl_error" != "" ];then
42	7de4359a	Seth Mos	# Relaunch and sleep
43			sh /etc/rc.update_bogons.sh &
44			exit
45			fi
46
47	92276df6	bcyrill	BOGON_V4_CKSUM=`/usr/bin/fetch -q -o - "${v4urlcksum}" \| awk '{ print $4 }'`
48			ON_DISK_V4_CKSUM=`md5 /tmp/bogons \| awk '{ print $4 }'`
49			BOGON_V6_CKSUM=`/usr/bin/fetch -q -o - "${v6urlcksum}" \| awk '{ print $4 }'`
50			ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 \| awk '{ print $4 }'`
51	342a2f18	Phil Davis
52	92276df6	bcyrill	if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] \|\| [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
53	342a2f18	Phil Davis	# At least one of the downloaded MD5s matches, so mount RW
54			/etc/rc.conf_mount_rw
55			fi
56
57	92276df6	bcyrill	if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ]; then
58	48e29ac9	sullrich	egrep -v "^192.168.0.0/16\|^172.16.0.0/12\|^10.0.0.0/8" /tmp/bogons > /etc/bogons
59			RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1`
60			rm /tmp/bogons
61	27493009	N0YB	echo "$RESULT" \|awk '{ print "Bogons V4 file downloaded: " $0 }' \| logger
62	48e29ac9	sullrich	else
63	92276df6	bcyrill	echo "Could not download ${v4urlcksum} (checksum mismatch)" \| logger
64			checksum_error="true"
65	48e29ac9	sullrich	fi
66
67	92276df6	bcyrill	if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
68	378d3c88	N0YB	egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6
69	7de4359a	Seth Mos	RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1`
70	f6f9f815	jim-p	rm /tmp/bogonsv6
71	27493009	N0YB	echo "$RESULT" \|awk '{ print "Bogons V6 file downloaded: " $0 }' \| logger
72	7de4359a	Seth Mos	else
73	92276df6	bcyrill	echo "Could not download ${v6urlcksum} (checksum mismatch)" \| logger
74			checksum_error="true"
75	342a2f18	Phil Davis	fi
76
77	92276df6	bcyrill	if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] \|\| [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
78	342a2f18	Phil Davis	# We mounted RW, so switch back to RO
79			/etc/rc.conf_mount_ro
80			fi
81
82	92276df6	bcyrill	if [ "$checksum_error" != "" ];then
83	7de4359a	Seth Mos	# Relaunch and sleep
84	342a2f18	Phil Davis	sh /etc/rc.update_bogons.sh &
85			exit
86	7de4359a	Seth Mos	fi
87
88	48e29ac9	sullrich	echo "rc.update_bogons.sh is ending the update cycle." \| logger

Project

General

Profile

pfSense