Two pf questions
David Mehler
dave.mehler at gmail.com
Tue Mar 28 17:54:24 UTC 2017
Hello,
Thanks for your reply. Your first invocation of sort did it. To get
the final results I added the -n numeric option and it worked just
fine.
For reference my complete script is:
#!/bin/sh
#
# Daily sort unique hits in both the fail2ban and bruteforce tables
# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_sorttable_enable" in
[Yy][Ee][Ss])
PATH=/bin:/sbin:/usr/bin
echo "Sorting unique entries in the fail2ban and bruteforce tables"
cp /etc/pf/bruteforce /tmp/foobar.txt
pfctl -t bruteforce -T show >> /tmp/foobar.txt
sort -u -n /tmp/foobar.txt > /etc/pf/bruteforce
cp /etc/pf/fail2ban /tmp/foobar1.txt
pfctl -t fail2ban -T show >> /tmp/foobar1.txt
sort -u -n /tmp/foobar1.txt > /etc/pf/fail2ban
echo "Removing temporary files"
rm /tmp/foobar.txt /tmp/foobar1.txt
echo "Restarting pf"
pfctl -f /etc/pf.conf
esac
exit $rc
Any ideas on the nat reflection?
Thanks.
Dave.
On 3/28/17, Ralf Mardorf via freebsd-questions
<freebsd-questions at freebsd.org> wrote:
> On Tue, 28 Mar 2017 11:35:01 +0200, Ralf Mardorf wrote:
>>On Tue, 28 Mar 2017 11:19:59 +0200, Ralf Mardorf via freebsd-questions
>>wrote:
>>>cp /etc/pf/bruteforce /tmp/foobar.txt
>>>pfctl -t bruteforce -T show >> /tmp/foobar.txt
>>>sort -u /tmp/foobar.txt > /etc/pf/bruteforce
>>>
>>>^
>>>^
>>>
>>>>If so, the above example with "sort -u" still might be good.
>>>>Perhaps
>>> ^^^^^^^^^^^^^
>>> ^^^^^^^^^^^^^ the above with the cp to a backup file
>>>
>>>>in addition within a loop until the exit status $? of the last
>>>>command is 0, to ensure that /etc/pf/bruteforcen doesn't get lost, if
>>>>something should went wrong.
>>
>>More clear, something similar to this:
>>
>>cp /etc/pf/bruteforce /tmp/foobar.txt && \
>>pfctl -t bruteforce -T show >> /tmp/foobar.txt && \
>>some_loop
>> sort -u /tmp/foobar.txt > /etc/pf/bruteforce
>> check_exit_status
>>some_loop
>
> My apologies, it's not my day today ;).
>
> I don't know if the exit status available after
>
> sort -u /tmp/foobar.txt > /etc/pf/bruteforce
>
> is from "sort" and/or ">", at least
>
> sort -u /tmp/foobar.txt | tee /etc/pf/bruteforce
>
> ensures that it's the status returned from "tee", but I suspect ">"
> works, too.
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list