changeset 0:58a9d49b4ae5

A script to fetch the peerguardian list and add it to pf in small pieces so we don't get out of memory errors. Uses tableutil.
author darius@midget.dons.net.au
date Fri, 23 Nov 2007 10:11:27 +1030 (2007-11-22)
parents
children b03231a4dcf0
files update-pg
diffstat 1 files changed, 59 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/update-pg	Fri Nov 23 10:11:27 2007 +1030
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+#
+# Update the peer guardian table in pf
+#
+
+TABLE=peerguardian
+URL=http://peerguardian.sourceforge.net/lists/p2p.php
+BASE=/var/db/peerguardian
+IPSATONCE=10000
+
+if [ ! -w $BASE ]; then
+	echo "Can't write to $BASE, giving up" >&2
+	exit 1
+fi
+
+# Fetch new list
+# Use mirror mode to save bandwidth
+cd $BASE
+fetch -dqm $URL
+if [ $? -ne 0 ]; then
+	echo "Unable to fetch new list" >&2
+	exit 1
+fi
+
+if [ -e $BASE/lastupdate -a ! $BASE/lastupdate -ot $BASE/p2p.php ]; then
+	echo "No update required" >&2
+	exit 0
+fi
+
+p7zip -d <$BASE/p2p.php | sed "s/.*:\([0-9.-]\)/\1/" | tableutil -c '$whitelist = {203.31.81.0/24, 144.110.0.0/16}; $blacklist = load(text, "/dev/stdin"); $wlinv = invert($whitelist); $blocklist = intersect($wlinv, $blacklist); save(cidr, "/dev/stdout", $blocklist);' >$BASE/p2p-blocklist.txt
+if [ $? -ne 0 ]; then
+	echo "Couldn't unpack or process blocklist"
+	rm -f $BASE/p2p-blocklist.txt
+	exit 1
+fi
+
+pfctl -q -T flush -t $TABLE
+if [ $? -ne 0 ]; then
+	echo "Couldn't flush table"
+	rm -f $BASE/p2p-blocklist.txt
+	exit 1
+fi
+
+# Do the update in bits or pf can't allocate enough memory
+len=$((`wc -l <$BASE/p2p-blocklist.txt`))
+for i in `jot - $IPSATONCE $len $IPSATONCE` $len; do
+	tail -${i} $BASE/p2p-blocklist.txt >$BASE/partial
+	pfctl -q -t $TABLE -T add -f $BASE/partial
+	if [ $? -ne 0 ]; then
+		echo "Failed to update table" >&2
+		rm -f $BASE/p2p-blocklist.txt $BASE/partial
+		exit 1
+	fi
+done
+
+rm -f $BASE/p2p-blocklist.txt $BASE/partial
+touch $BASE/lastupdate
+