Date: Tue, 28 Mar 2017 13:54:21 -0400 From: David Mehler <dave.mehler@gmail.com> To: Ralf Mardorf <ralf.mardorf@rocketmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Two pf questions Message-ID: <CAPORhP6BgEoFSbBX_t4h2DwWaG=10nr06isB80cHA3faRCR0Zg@mail.gmail.com> In-Reply-To: <20170328114541.0ca0d084@archlinux.localdomain> References: <CAPORhP4JA_Jak7fL8Ko7wwoxGob=qLDzPLxtTgekoumqQJEGmA@mail.gmail.com> <20170327170941.59c84eec@archlinux.localdomain> <20170327171959.405bbfbb@archlinux.localdomain> <CALfReyfFyj9Gh1Yy%2BzxWH1kAgq%2BkVAGPpjG92keGWAaoMLNSQg@mail.gmail.com> <20170328111655.121ede18@archlinux.localdomain> <20170328111959.400d4761@archlinux.localdomain> <20170328113501.2a5ebf60@archlinux.localdomain> <20170328114541.0ca0d084@archlinux.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
Thanks for your reply. Your first invocation of sort did it. To get
the final results I added the -n numeric option and it worked just
fine.
For reference my complete script is:
#!/bin/sh
#
# Daily sort unique hits in both the fail2ban and bruteforce tables
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_sorttable_enable" in
[Yy][Ee][Ss])
PATH=/bin:/sbin:/usr/bin
echo "Sorting unique entries in the fail2ban and bruteforce tables"
cp /etc/pf/bruteforce /tmp/foobar.txt
pfctl -t bruteforce -T show >> /tmp/foobar.txt
sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
cp /etc/pf/fail2ban /tmp/foobar1.txt
pfctl -t fail2ban -T show >> /tmp/foobar1.txt
sort -u -n /tmp/foobar1.txt > /etc/pf/fail2ban
echo "Removing temporary files"
rm /tmp/foobar.txt /tmp/foobar1.txt
echo "Restarting pf"
pfctl -f /etc/pf.conf
esac
exit $rc
Any ideas on the nat reflection?
Thanks.
Dave.
On 3/28/17, Ralf Mardorf via freebsd-questions
<freebsd-questions@freebsd.org> wrote:
> On Tue, 28 Mar 2017 11:35:01 +0200, Ralf Mardorf wrote:
>>On Tue, 28 Mar 2017 11:19:59 +0200, Ralf Mardorf via freebsd-questions
>>wrote:
>>>cp /etc/pf/bruteforce /tmp/foobar.txt
>>>pfctl -t bruteforce -T show >> /tmp/foobar.txt
>>>sort -u /tmp/foobar.txt > /etc/pf/bruteforce
>>>
>>>^
>>>^
>>>
>>>>If so, the above example with "sort -u" still might be good.
>>>>Perhaps
>>> ^^^^^^^^^^^^^
>>> ^^^^^^^^^^^^^ the above with the cp to a backup file
>>>
>>>>in addition within a loop until the exit status $? of the last
>>>>command is 0, to ensure that /etc/pf/bruteforcen doesn't get lost, if
>>>>something should went wrong.
>>
>>More clear, something similar to this:
>>
>>cp /etc/pf/bruteforce /tmp/foobar.txt && \
>>pfctl -t bruteforce -T show >> /tmp/foobar.txt && \
>>some_loop
>> sort -u /tmp/foobar.txt > /etc/pf/bruteforce
>> check_exit_status
>>some_loop
>
> My apologies, it's not my day today ;).
>
> I don't know if the exit status available after
>
> sort -u /tmp/foobar.txt > /etc/pf/bruteforce
>
> is from "sort" and/or ">", at least
>
> sort -u /tmp/foobar.txt | tee /etc/pf/bruteforce
>
> ensures that it's the status returned from "tee", but I suspect ">"
> works, too.
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP6BgEoFSbBX_t4h2DwWaG=10nr06isB80cHA3faRCR0Zg>