shell script guru

[RW]

On Thu, 30 Mar 2017 23:56:08 -0400
David Mehler wrote:


> Here's the script that I put in monthly:
> 
> #!/bin/sh
> #
> # Monthly retrieve the selected country IP block lists
> # Retrieves dns zones from ipdeny.com
> # Adds the zones to a country block file
> # Then adds them to a pf block table
> 
> # If there is a global system configuration file, suck it in.
> #
> if [ -r /etc/defaults/periodic.conf ]
> then
>     . /etc/defaults/periodic.conf
>     source_periodic_confs
> fi
> 
> case "$monthly_country_blocks_enable" in
>     [Yy][Ee][Ss])
> cd /tmp

As a general rule you should use mktemp, there's less to go wrong and
it's more secure. 

> echo "Retrieving Zones"
> for i in "af" "al" "dz" "am" "az" "ba" "br" "kh" "cf" "cn" "co" "cr"
> "hr" "cu" "cy" "cz" "do" "eg" "fr" "gi" "ht" "ir" "iq" "jp" "jo" "kz"
> "kp" "kr" "kw" "lb" "li" "ni" "ne" "ng" "om" "pk" "qa" "ro" "ru" "sa"
> "rs" "so" "za" "sy" "tj" "tr" "tm" "ae" "uz" "vn" "ye" ;
> do
> wget -4 --no-proxy --no-cookies --no-cache
> --append-output=/var/log/wget.log
> http://ipdeny.com/ipblocks/data/countries/$i.zone

IIWY I'd cd to a directory where the files can be stored persistently,
so if the something goes wrong you can keep the last good copy of each
file. 


fetch "$serverdir/$i.zone" && mv $i.zone $i.ips

then after the loop:

cat *.ips > blocked_countries
mv  blocked_countries /etc/pf/


For anything that's BSD specific it's better to use fetch if you
can. If you use wget you should check that it's installed at runtime.

> cat $i.zone >>/tmp/blocked_countries

Note that this will create blocked_countries even if $i.zone doesn't
exist, so your script would install a completely empty file over a
working file if the server/network is down or wget is missing.