shell script guru
David Mehler
dave.mehler at gmail.com
Fri Mar 31 00:02:06 UTC 2017
Hello,
My question is regarding a shell script and pf.
What I'm wanting to do is take a selected list of countries and cat
them in to a file and use that as pf input. Here's a sequential
example:
#!/bin/sh
#
PATH=/bin:/usr/local/bin:/sbin
cd /tmp
mkdir zones
cd zones
# -4 = use IPv4 only
# --no-proxy = don't care for proxies
# --no-cookies = don't accept cookies
# --no-cache = no cached files
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/cn.zone # CHINA
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/az.zone # AZERBAIJAN
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/by.zone # BELARUS
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/kz.zone # KAZAKHSTAN
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/kg.zone # KYRGYZSTAN
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/ru.zone # RUSSIAN FEDERATION
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/tj.zone # TAJIKISTAN
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/tm.zone # TURKMENISTAN
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/uz.zone # UZBEKISTAN
sleep 2
wget -4 --no-proxy --no-cookies --no-cache \
http://ipdeny.com/ipblocks/data/countries/vn.zone # VIET NAM
#
cat cn.zone > blocked_zones
cat az.zone >> blocked_zones
cat by.zone >> blocked_zones
cat kz.zone >> blocked_zones
cat kg.zone >> blocked_zones
cat ru.zone >> blocked_zones
cat tj.zone >> blocked_zones
cat tm.zone >> blocked_zones
cat uz.zone >> blocked_zones
cat vn.zone >> blocked_zones
#
rm *.zone
#
mv blocked_zones /etc/pf/
pfctl -f /etc/pf.conf
There are 250 plus zones just in the ipv4 space, and about the same in
the ipv6 space. I do not want to manually take down each domain, three
times, that's error prown and very easy to miss one. I thought about
doing an array, and feeding that to a loop which would cut down the
number of lines of repeative code.
Help appreciated.
Thanks.
Dave.
On 3/30/17, Rajarajan Rajamani <r.rajamani at gmail.com> wrote:
> Ask your question and I am sure someone will answer!
>
> On Mar 30, 2017 7:37 PM, "David Mehler" <dave.mehler at gmail.com> wrote:
>
>> Hello,
>>
>> Any shell scripting gurus here please contact me offlist. I have a
>> question that I can't figure out.
>>
>> Thanks.
>> Dave.
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "freebsd-questions-
>> unsubscribe at freebsd.org"
>>
>
More information about the freebsd-questions
mailing list