ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have written this script to download the drop.txt file from http://www.spamhaus.org/drop/ and update and reload my firewall. I think I have every thing right but I am not much of a programmer. Would you please take a look at it to see if it will do what I want it to, that is;
1. download 2 text files
2. merge them
3. replace the data file for the firewall
4. reload the firewall
*Note the script only filters comments that ^;, does not 'egrep -v' or 'sort -u' any IPv4 addresses but more importantly the data DROP and EDROP provide doesn't replace the RBLs like the SBL, XBL and PBL. So if you haven't already then implement a milter first.
I am having issues understanding just what the script is doing. This line in particular
Code:
; [ -s "${_TMPFILE}" ] || \
My guess is that it is saving the tmpfile but I am not a programmer. If the -s is tied to grep it suppress error/warnings and I can't locate it as an option for wget, so what command it is tied to I don't understand.
It also looks like the script is adding the date to the blocked-host file name and the config for arno's scripts would need to be changed also at the time somehow to recognize the new name every time the script is run.
I do believe that arno's understands that ; is a commenting mark. I know that it understands # as a commenting mark. I don't have ready access to a box with arno's installed to check for sure. But I will.
Q: What's the proper way to use the blocked hosts file?
A: Just put the hostname or IP of the host(s) you want to block in "/etc/iptables-blocked-hosts" (default location). You can use comments (starting with the #-character) but it can only be used when the whole line is a comment!
#!/bin/sh --
# set debug and error mode when testing:
set -vx
# Set default behaviour:
LANG=C; LC_ALL=C; export LANG LC_ALL
_TMPFILE=$(mktemp -p /tmp drop_upd.XXXXXXXXXX)
if [ -f "${_TMPFILE}" ]; then
# If the temporary file exists make wget download data quiet and output to stdout
# and redirect stdout to the temporary file.
wget -q http://www.spamhaus.org/drop/drop.txt -O /dev/stdout > "${_TMPFILE}"
wget -q http://www.spamhaus.org/drop/edrop.txt -O /dev/stdout >> "${_TMPFILE}"
if [ ! -s "${_TMPFILE}" ]; then
# If the file is empty then exit.
rm -f "${_TMPFILE}"; exit 1
fi
if [ -f /etc/arno-iptables-firewall/blocked-hosts ]; then
# If this filee xists then make a backup.
cp /etc/arno-iptables-firewall/blocked-hosts /var/cache/$(/bin/date +'%Y%m%d')_blocked-hosts
if [ $? -eq 0 ]; then
# If making a backup succeeded then filter the temporary file for only IPv4-like octets and
# fill the aforementioned file with it. *It would have been better to compare both files and only add
# the differences or use 'sort -u file0 file1'.
egrep -e "^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\." "${_TMPFILE}" > /etc/arno-iptables-firewall/blocked-hosts
if [ $? -eq 0 ]; then
# If populating the file ended OK then restart the service
arno-iptables-firewall force-reload
fi
else
# If making a backup did not succeeded then clean up the mess and exit.
rm -f "${_TMPFILE}"; exit 1
fi
else
# If the temporary file does not exist then exit.
exit 1
fi
# Reached the end of the script. Remove temp file and exit cleanly.
rm -f "${_TMPFILE}"
exit 0
I was having an issue with the egrep command in the script but a guy from our local lug advised me to change it to
Code:
cat "${_TMPFILE}" | sed -e 's/\;.*$//g' > /etc/arno-iptables-firewall/blocked-hosts
and that works fine. But for some reason the wget edrop.txt is overwriting drop.txt when the download takes place. I have looked at the script but don't understand why it would do that, as the edrop line has >> which as I understand it means to append to the file.
I also had to add a fi to the end of the script. fyi
Other than that the script works fine but blocked-hosts only contains the data from edorp.txt
for some reason the wget edrop.txt is overwriting drop.txt when the download takes place.
The second one was actually more of an explanation. I don't script that way anymore. Did you try running the script I posted originally? Else post your unabbreviated script.
#!/bin/sh --
set -vx
LANG=C; LC_ALL=C; export LANG LC_ALL
_TMPFILE=$(mktemp -p /tmp drop_upd.XXXXXXXXXX)
if [ -f "${_TMPFILE}" ]; then
wget -q http://www.spamhaus.org/drop/drop.txt -O /dev/stdout > "${_TMPFILE}"
wget -q http://www.spamhaus.org/drop/edrop.txt -O /dev/stdout >> "${_TMPFILE}"
if [ ! -s "${_TMPFILE}" ]; then
rm -f "${_TMPFILE}"; exit 1
fi
if [ -f /etc/arno-iptables-firewall/blocked-hosts ]; then
cp /etc/arno-iptables-firewall/blocked-hosts /var/cache/$(/bin/date +'%Y%m%d')_blocked-hosts
if [ $? -eq 0 ]; then
cat "${_TMPFILE}" | sed -e 's/\;.*$//g' > /etc/arno-iptables-firewall/blocked-hosts
# why not just sed the ; to # and be done as arno's understands the #?
if [ $? -eq 0 ]; then
arno-iptables-firewall force-reload
fi
else
rm -f "${_TMPFILE}"; exit 1
fi
else
exit 1
fi
rm -f "${_TMPFILE}"
exit 0
fi
between after each wget line to see if the data was actually getting written to the tmpfile but the script does not pause for some reason. I am using sudo.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.