Mercurial > ~darius > hgwebdir.cgi > update-pg
view update-pg @ 0:58a9d49b4ae5
A script to fetch the peerguardian list and add it to pf in small pieces so we don't
get out of memory errors. Uses tableutil.
| author | darius@midget.dons.net.au |
|---|---|
| date | Fri, 23 Nov 2007 10:11:27 +1030 |
| parents | |
| children | b03231a4dcf0 |
line wrap: on
line source
#!/bin/sh # # Update the peer guardian table in pf # TABLE=peerguardian URL=http://peerguardian.sourceforge.net/lists/p2p.php BASE=/var/db/peerguardian IPSATONCE=10000 if [ ! -w $BASE ]; then echo "Can't write to $BASE, giving up" >&2 exit 1 fi # Fetch new list # Use mirror mode to save bandwidth cd $BASE fetch -dqm $URL if [ $? -ne 0 ]; then echo "Unable to fetch new list" >&2 exit 1 fi if [ -e $BASE/lastupdate -a ! $BASE/lastupdate -ot $BASE/p2p.php ]; then echo "No update required" >&2 exit 0 fi p7zip -d <$BASE/p2p.php | sed "s/.*:\([0-9.-]\)/\1/" | tableutil -c '$whitelist = {203.31.81.0/24, 144.110.0.0/16}; $blacklist = load(text, "/dev/stdin"); $wlinv = invert($whitelist); $blocklist = intersect($wlinv, $blacklist); save(cidr, "/dev/stdout", $blocklist);' >$BASE/p2p-blocklist.txt if [ $? -ne 0 ]; then echo "Couldn't unpack or process blocklist" rm -f $BASE/p2p-blocklist.txt exit 1 fi pfctl -q -T flush -t $TABLE if [ $? -ne 0 ]; then echo "Couldn't flush table" rm -f $BASE/p2p-blocklist.txt exit 1 fi # Do the update in bits or pf can't allocate enough memory len=$((`wc -l <$BASE/p2p-blocklist.txt`)) for i in `jot - $IPSATONCE $len $IPSATONCE` $len; do tail -${i} $BASE/p2p-blocklist.txt >$BASE/partial pfctl -q -t $TABLE -T add -f $BASE/partial if [ $? -ne 0 ]; then echo "Failed to update table" >&2 rm -f $BASE/p2p-blocklist.txt $BASE/partial exit 1 fi done rm -f $BASE/p2p-blocklist.txt $BASE/partial touch $BASE/lastupdate