From owner-freebsd-questions@freebsd.org Fri Mar 31 03:56:10 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E898DD2688F for ; Fri, 31 Mar 2017 03:56:10 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-wr0-x231.google.com (mail-wr0-x231.google.com [IPv6:2a00:1450:400c:c0c::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 762DEDAE for ; Fri, 31 Mar 2017 03:56:10 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-wr0-x231.google.com with SMTP id l43so88575727wre.1 for ; Thu, 30 Mar 2017 20:56:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=wuAhENHVXG17ADaCGk2hLPcHPTt9w3PMrFKb09XE6XA=; b=X9srZ4GjBdaVxcFW+wtYUwMBKAfPDXk4PkiutrNHSa63nwOv70Lp0E9M1lm7krsxWf hsPhzQP7oqS+aM3XyMGUJBSk1hcOHYEtuQykqkVg8ybmjp8UIvhMCdcoj5r1j/mUlkMc vusWekkDaG4JEXPaiMrr/22NqEMHYoY6EO+0jOKm7JnXTuwOQeaVeWBaWW+fULkiFGTb CyjTa4k0GUhQIZKJgOEsQljjrdc6HRQlAMZSqxK90ajQu1oxTh5CcbQNJAcRZTcdpdN6 XANAmFBfaWkNgq+gi4TwYXSHT6b8ovoVDWZolW1GKRh+cteM7FBSh5vvNhjiDWs6a6Dx NfXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wuAhENHVXG17ADaCGk2hLPcHPTt9w3PMrFKb09XE6XA=; b=hES9lKR7dyJI3e5Gv+QjTciTxIiYUsesQkJH5yqLj3G0pfFWud1KDDAbIPH/n5KzeV EYrgUZn3QGH4To7oGVzhX8o1JFG+hp01dwnV+qEtRlHyCSdsPQRRTRxikCvm0uBrX/wQ Dtq092MYS0apyUueJbMsnBllsvTI/Jxj8ttRR4SaxaPV11YbAbqunsijTukTGdmeLPAP NYCSnGKuUtKrpp+eYnizZNFFGK2FPqLmT9u45JwByZ3/v2cr1JMQm6vWvHCWM3rMxdgp /OJ0U3M+Ei2GPHrKocSH7Mz6W1b6RoWcxYr9ui2INfhvwdIJsxzNj7NbSWigNPjKxMbc eMIQ== X-Gm-Message-State: AFeK/H3tu86appVz/+4ahELFN4OoKW7OhgtaqUo4gH6Vh/t+WmTAzT6m9p7RLiVRqb3EEIoGtT0kns63uGtYcg== X-Received: by 10.28.0.78 with SMTP id 75mr645060wma.138.1490932568741; Thu, 30 Mar 2017 20:56:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.223.148.35 with HTTP; Thu, 30 Mar 2017 20:56:08 -0700 (PDT) In-Reply-To: References: From: David Mehler Date: Thu, 30 Mar 2017 23:56:08 -0400 Message-ID: Subject: Re: shell script guru To: Ultima Cc: freebsd-questions Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2017 03:56:11 -0000 Hello, My thanks to everyone who helped me. I've got a solution, and have set it in my monthly periodic checks in /etc/periodic/monthly. I've got two solutions both of which retrieve the country database. In pf I have a table that blocks the ip's in the table. Here's the perl script: #!/usr/bin/env perl open(ZONES, ") { chomp; system("wget -4 --no-proxy --no-cookies --no-cache http://ipdeny.com/ipblocks/data/countries/$_.zone"); system("cat $_.zone >>blocked_zones"); unlink($_); sleep(2); } close(ZONES); ssystem("mv blocked_zones /etc/pf"); ssystem("pfctl -f /etc/pf.conf)"; pf.conf: table The zonesfile contains countries in quotes one per line: "al" "cz" "ch" ... etc Here's the script that I put in monthly: #!/bin/sh # # Monthly retrieve the selected country IP block lists # Retrieves dns zones from ipdeny.com # Adds the zones to a country block file # Then adds them to a pf block table # If there is a global system configuration file, suck it in. # if [ -r /etc/defaults/periodic.conf ] then . /etc/defaults/periodic.conf source_periodic_confs fi case "$monthly_country_blocks_enable" in [Yy][Ee][Ss]) cd /tmp echo "Retrieving Zones" for i in "af" "al" "dz" "am" "az" "ba" "br" "kh" "cf" "cn" "co" "cr" "hr" "cu" "cy" "cz" "do" "eg" "fr" "gi" "ht" "ir" "iq" "jp" "jo" "kz" "kp" "kr" "kw" "lb" "li" "ni" "ne" "ng" "om" "pk" "qa" "ro" "ru" "sa" "rs" "so" "za" "sy" "tj" "tr" "tm" "ae" "uz" "vn" "ye" ; do wget -4 --no-proxy --no-cookies --no-cache --append-output=/var/log/wget.log http://ipdeny.com/ipblocks/data/countries/$i.zone cat $i.zone >>/tmp/blocked_countries rm $i.zone sleep 2 done echo "Removing all *.zone files" echo "Moving the temp file in to place" mv /tmp/blocked_countries /etc/pf # Restarting pf pfctl -f /etc/pf.conf echo "Complete" esac exit $rc Hope this is useful to someone else. Thanks again. Dave. On 3/30/17, Ultima wrote: > Curl is probably the correct utility for this job. With curl the cat and rm > command can be negated entirely, although I'm not sure it has the same > option set if explicitly required. Just stdout to the desired file. If a > fresh list each use of the command is needed, add an rm before the for. > > On Thu, Mar 30, 2017 at 8:19 PM, William Dudley wrote: > >> for i in "vn.zone" "uz.zone" "tm.zone" ; >> do >> wget -4 --no-proxy --no-cookies --no-cache \ >> http://ipdeny.com/ipblocks/data/countries/$i >> cat $i >>blocked_zones >> rm $i >> sleep 2 >> done >> >> Like that? >> >> Bill >> >> This email is free of malware because I run Linux. >> >> On Thu, Mar 30, 2017 at 8:02 PM, David Mehler >> wrote: >> >> > Hello, >> > >> > My question is regarding a shell script and pf. >> > >> > What I'm wanting to do is take a selected list of countries and cat >> > them in to a file and use that as pf input. Here's a sequential >> > example: >> > >> > #!/bin/sh >> > # >> > PATH=/bin:/usr/local/bin:/sbin >> > cd /tmp >> > mkdir zones >> > cd zones >> > # -4 = use IPv4 only >> > # --no-proxy = don't care for proxies >> > # --no-cookies = don't accept cookies >> > # --no-cache = no cached files >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/cn.zone # CHINA >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/az.zone # AZERBAIJAN >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/by.zone # BELARUS >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/kz.zone # KAZAKHSTAN >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/kg.zone # KYRGYZSTAN >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/ru.zone # RUSSIAN >> > FEDERATION >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/tj.zone # TAJIKISTAN >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/tm.zone # >> > TURKMENISTAN >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/uz.zone # UZBEKISTAN >> > sleep 2 >> > wget -4 --no-proxy --no-cookies --no-cache \ >> > http://ipdeny.com/ipblocks/data/countries/vn.zone # VIET NAM >> > # >> > cat cn.zone > blocked_zones >> > cat az.zone >> blocked_zones >> > cat by.zone >> blocked_zones >> > cat kz.zone >> blocked_zones >> > cat kg.zone >> blocked_zones >> > cat ru.zone >> blocked_zones >> > cat tj.zone >> blocked_zones >> > cat tm.zone >> blocked_zones >> > cat uz.zone >> blocked_zones >> > cat vn.zone >> blocked_zones >> > # >> > rm *.zone >> > # >> > mv blocked_zones /etc/pf/ >> > pfctl -f /etc/pf.conf >> > >> > There are 250 plus zones just in the ipv4 space, and about the same in >> > the ipv6 space. I do not want to manually take down each domain, three >> > times, that's error prown and very easy to miss one. I thought about >> > doing an array, and feeding that to a loop which would cut down the >> > number of lines of repeative code. >> > >> > Help appreciated. >> > >> > Thanks. >> > Dave. >> > >> > >> > On 3/30/17, Rajarajan Rajamani wrote: >> > > Ask your question and I am sure someone will answer! >> > > >> > > On Mar 30, 2017 7:37 PM, "David Mehler" >> > > wrote: >> > > >> > >> Hello, >> > >> >> > >> Any shell scripting gurus here please contact me offlist. I have a >> > >> question that I can't figure out. >> > >> >> > >> Thanks. >> > >> Dave. >> > >> _______________________________________________ >> > >> freebsd-questions@freebsd.org mailing list >> > >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > >> To unsubscribe, send any mail to "freebsd-questions- >> > >> unsubscribe@freebsd.org" >> > >> >> > > >> > _______________________________________________ >> > freebsd-questions@freebsd.org mailing list >> > https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> > To unsubscribe, send any mail to "freebsd-questions- >> > unsubscribe@freebsd.org" >> > >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to "freebsd-questions- >> unsubscribe@freebsd.org" >> >