Project

General

Profile

« Previous | Next » 

Revision c858c609

Added by phildd over 12 years ago

Do not bother with bogonsv6 if IPv6 allow is off

Only implement the bogonsv6 table if IPv6 allow is on. Otherwise, if it looks like there would be room for the table in pf, then save the file anyway to /etc/bogonsv6 so it is there if the user switches on IPv6 allow.

View differences:

etc/rc.update_bogons.sh
113 113 
	fi
114 114 

  		




  115
  115
  
    
	if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then


  		




  
  116
  
    
		BOGONS_V6=`pfctl -sTables | grep bogonsv6`


  		




  116
  117
  
    
		ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'`


  		




  117
  
  
    
		ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'`


  		




  118
  118
  
    
		LINES_V6=`wc -l /tmp/bogonsv6 | awk '{ print $1 }'`


  		




  119
  
  
    
		if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then


  		




  120
  
  
    
			egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6


  		




  121
  
  
    
			RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1`


  		




  122
  
  
    
			echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger


  		




  
  119
  
    
		if [ "$BOGONS_V6" = "bogonsv6" ]; then


  		




  
  120
  
    
			ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'`


  		




  
  121
  
    
			if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then


  		




  
  122
  
    
				egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6


  		




  
  123
  
    
				RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1`


  		




  
  124
  
    
				echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger


  		




  
  125
  
    
			else


  		




  
  126
  
    
				echo "Not saving or updating IPv6 bogons (increase table-entries limit)" | logger


  		




  
  127
  
    
			fi


  		




  123
  128
  
    
		else


  		




  124
  
  
    
			echo "Not updating IPv6 bogons (increase table-entries limit)" | logger


  		




  
  129
  
    
			if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT+LINES_V6)) ]; then


  		




  
  130
  
    
				egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6


  		




  
  131
  
    
				echo "Bogons V6 file downloaded but not updating IPv6 bogons table because IPv6 Allow is off" | logger


  		




  
  132
  
    
			else


  		




  
  133
  
    
				echo "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low)" | logger


  		




  
  134
  
    
			fi


  		




  125
  135
  
    
		fi


  		




  126
  136
  
    
		rm /tmp/bogonsv6


  		




  127
  137
  
    
	else


  		












Also available in:  Unified diff