shell script guru

RW rwmaillists at
Fri Mar 31 12:37:08 UTC 2017

On Thu, 30 Mar 2017 23:56:08 -0400
David Mehler wrote:

> Here's the script that I put in monthly:
> #!/bin/sh
> #
> # Monthly retrieve the selected country IP block lists
> # Retrieves dns zones from
> # Adds the zones to a country block file
> # Then adds them to a pf block table
> # If there is a global system configuration file, suck it in.
> #
> if [ -r /etc/defaults/periodic.conf ]
> then
>     . /etc/defaults/periodic.conf
>     source_periodic_confs
> fi
> case "$monthly_country_blocks_enable" in
>     [Yy][Ee][Ss])
> cd /tmp

As a general rule you should use mktemp, there's less to go wrong and
it's more secure. 

> echo "Retrieving Zones"
> for i in "af" "al" "dz" "am" "az" "ba" "br" "kh" "cf" "cn" "co" "cr"
> "hr" "cu" "cy" "cz" "do" "eg" "fr" "gi" "ht" "ir" "iq" "jp" "jo" "kz"
> "kp" "kr" "kw" "lb" "li" "ni" "ne" "ng" "om" "pk" "qa" "ro" "ru" "sa"
> "rs" "so" "za" "sy" "tj" "tr" "tm" "ae" "uz" "vn" "ye" ;
> do
> wget -4 --no-proxy --no-cookies --no-cache
> --append-output=/var/log/wget.log

IIWY I'd cd to a directory where the files can be stored persistently,
so if the something goes wrong you can keep the last good copy of each

fetch "$serverdir/$" && mv $ $i.ips

then after the loop:

cat *.ips > blocked_countries
mv  blocked_countries /etc/pf/

For anything that's BSD specific it's better to use fetch if you
can. If you use wget you should check that it's installed at runtime.

> cat $ >>/tmp/blocked_countries

Note that this will create blocked_countries even if $ doesn't
exist, so your script would install a completely empty file over a
working file if the server/network is down or wget is missing. 

More information about the freebsd-questions mailing list