Revision 92276df6
Added by Cyrill B over 12 years ago
| etc/rc.update_bogons.sh | ||
|---|---|---|
| 7 | 7 |
echo "rc.update_bogons.sh is starting up." | logger |
| 8 | 8 |
|
| 9 | 9 |
# Sleep for some time, unless an argument is specified. |
| 10 |
|
|
| 11 | 10 |
if [ "$1" = "" ]; then |
| 12 | 11 |
# Grab a random value |
| 13 | 12 |
value=`od -A n -d -N2 /dev/random | awk '{ print $1 }'`
|
| ... | ... | |
| 17 | 16 |
|
| 18 | 17 |
echo "rc.update_bogons.sh is beginning the update cycle." | logger |
| 19 | 18 |
|
| 20 |
/usr/bin/fetch -q -o /tmp/bogons "http://files.pfsense.org/lists/fullbogons-ipv4.txt" |
|
| 21 |
/usr/bin/fetch -q -o /tmp/bogonsv6 "http://files.pfsense.org/lists/fullbogons-ipv6.txt" |
|
| 19 |
# Load custom bogon configuration |
|
| 20 |
if [ -f /var/etc/bogon_custom ]; then |
|
| 21 |
. /var/etc/bogon_custom |
|
| 22 |
fi |
|
| 23 |
|
|
| 24 |
# Set default values if not overriden |
|
| 25 |
v4url=${v4url:-"http://files.pfsense.org/lists/fullbogons-ipv4.txt"}
|
|
| 26 |
v6url=${v6url:-"http://files.pfsense.org/lists/fullbogons-ipv6.txt"}
|
|
| 27 |
v4urlcksum=${v4urlcksum:-"${v4url}.md5"}
|
|
| 28 |
v6urlcksum=${v6urlcksum:-"${v6url}.md5"}
|
|
| 29 |
|
|
| 30 |
/usr/bin/fetch -q -o /tmp/bogons "${v4url}"
|
|
| 31 |
/usr/bin/fetch -q -o /tmp/bogonsv6 "${v6url}"
|
|
| 22 | 32 |
if [ ! -f /tmp/bogons ]; then |
| 23 |
echo "Could not download http://files.pfsense.org/lists/fullbogons-ipv4.txt" | logger
|
|
| 33 |
echo "Could not download ${v4url}" | logger
|
|
| 24 | 34 |
dl_error="true" |
| 25 | 35 |
fi |
| 26 | 36 |
if [ ! -f /tmp/bogonsv6 ]; then |
| 27 |
echo "Could not download http://files.pfsense.org/lists/fullbogons-ipv6.txt" | logger
|
|
| 37 |
echo "Could not download ${v6url}" | logger
|
|
| 28 | 38 |
dl_error="true" |
| 29 | 39 |
fi |
| 30 | 40 |
|
| ... | ... | |
| 34 | 44 |
exit |
| 35 | 45 |
fi |
| 36 | 46 |
|
| 37 |
BOGON_V4_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/lists/fullbogons-ipv4.txt.md5" | awk '{ print $4 }'`
|
|
| 38 |
ON_DISK_V4_MD5=`md5 /tmp/bogons | awk '{ print $4 }'`
|
|
| 39 |
BOGON_V6_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/lists/fullbogons-ipv6.txt.md5" | awk '{ print $4 }'`
|
|
| 40 |
ON_DISK_V6_MD5=`md5 /tmp/bogonsv6 | awk '{ print $4 }'`
|
|
| 47 |
BOGON_V4_CKSUM=`/usr/bin/fetch -q -o - "${v4urlcksum}" | awk '{ print $4 }'`
|
|
| 48 |
ON_DISK_V4_CKSUM=`md5 /tmp/bogons | awk '{ print $4 }'`
|
|
| 49 |
BOGON_V6_CKSUM=`/usr/bin/fetch -q -o - "${v6urlcksum}" | awk '{ print $4 }'`
|
|
| 50 |
ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 | awk '{ print $4 }'`
|
|
| 41 | 51 |
|
| 42 |
if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ] || [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then
|
|
| 52 |
if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
|
|
| 43 | 53 |
# At least one of the downloaded MD5s matches, so mount RW |
| 44 | 54 |
/etc/rc.conf_mount_rw |
| 45 | 55 |
fi |
| 46 | 56 |
|
| 47 |
if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ]; then
|
|
| 57 |
if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ]; then
|
|
| 48 | 58 |
egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons |
| 49 | 59 |
RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1` |
| 50 | 60 |
rm /tmp/bogons |
| 51 | 61 |
echo "$RESULT" |awk '{ print "Bogons V4 file downloaded: " $0 }' | logger
|
| 52 | 62 |
else |
| 53 |
echo "Could not download http://files.pfsense.org/lists/fullbogons-ipv4.txt.md5 (md5 mismatch)" | logger
|
|
| 54 |
md5_error="true"
|
|
| 63 |
echo "Could not download ${v4urlcksum} (checksum mismatch)" | logger
|
|
| 64 |
checksum_error="true"
|
|
| 55 | 65 |
fi |
| 56 | 66 |
|
| 57 |
if [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then
|
|
| 67 |
if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
|
|
| 58 | 68 |
egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 |
| 59 | 69 |
RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` |
| 60 | 70 |
rm /tmp/bogonsv6 |
| 61 | 71 |
echo "$RESULT" |awk '{ print "Bogons V6 file downloaded: " $0 }' | logger
|
| 62 | 72 |
else |
| 63 |
echo "Could not download http://files.pfsense.org/lists/fullbogons-ipv6.txt.md5 (md5 mismatch)" | logger
|
|
| 64 |
md5_error="true"
|
|
| 73 |
echo "Could not download ${v6urlcksum} (checksum mismatch)" | logger
|
|
| 74 |
checksum_error="true"
|
|
| 65 | 75 |
fi |
| 66 | 76 |
|
| 67 |
if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ] || [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then
|
|
| 77 |
if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
|
|
| 68 | 78 |
# We mounted RW, so switch back to RO |
| 69 | 79 |
/etc/rc.conf_mount_ro |
| 70 | 80 |
fi |
| 71 | 81 |
|
| 72 |
if [ "$md5_error" != "" ];then
|
|
| 82 |
if [ "$checksum_error" != "" ];then
|
|
| 73 | 83 |
# Relaunch and sleep |
| 74 | 84 |
sh /etc/rc.update_bogons.sh & |
| 75 | 85 |
exit |
Also available in: Unified diff
Add back end support for custom bogon urls