ubl-openbsd.sh
· 1.2 KiB · Bash
Raw
#!/bin/sh
#
# Author: Dominic Reich <quick.hat4396@qtztsjosmprqmgtunjyf.com>
# export the blacklist table from pf (pfctl -t blacklist)
# to the blocked.txt file on my http webroot
if [[ $USER == "root" ]]; then
echo >&2 "user must not be root! exiting."
exit 1
fi
# add ips to table blacklist
(for ip in `cat ~/ips`; do echo $ip;done) | xargs doas pfctl -t blacklist -T add
# save sorted table blacklist into file /etc/blacklist
doas pfctl -t blacklist -T show | sort -h | uniq | doas tee /etc/blacklist 1>/dev/null
# continue to update the blocked.txt file in the webserver root
# available at http://bor.oe7drt.com/blocked.txt
BLOCKEDTXT=/home/dominic/pub/blocked/web.txt
FILEBACKUP=3
if [ ${FILEBACKUP} -ne 0 ]; then
cp ${BLOCKEDTXT} ${BLOCKEDTXT}.$(date +%Y%m%d)
fi
BACKUPCOUNT=$(ls ${BLOCKEDTXT}.* | wc -l)
BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP})
if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then
for f in $(ls -tr ${BLOCKEDTXT}.* | head -${BACKUPSTODELETE})
do
rm ${f}
done
fi
rm -f ~/ips
doas pfctl -t blacklist -T show | tee ${BLOCKEDTXT} 1>/dev/null
doas pfctl -t blacklist -T test $(w | tail -1 | awk '{ print $3}')
echo
#doas pfctl -nf /etc/pf.conf
doas pfctl -vf /etc/pf.conf
echo doas pfctl -ss
echo doas pfctl -Fs
| 1 | #!/bin/sh |
| 2 | # |
| 3 | # Author: Dominic Reich <quick.hat4396@qtztsjosmprqmgtunjyf.com> |
| 4 | # export the blacklist table from pf (pfctl -t blacklist) |
| 5 | # to the blocked.txt file on my http webroot |
| 6 | |
| 7 | if [[ $USER == "root" ]]; then |
| 8 | echo >&2 "user must not be root! exiting." |
| 9 | exit 1 |
| 10 | fi |
| 11 | |
| 12 | # add ips to table blacklist |
| 13 | (for ip in `cat ~/ips`; do echo $ip;done) | xargs doas pfctl -t blacklist -T add |
| 14 | |
| 15 | # save sorted table blacklist into file /etc/blacklist |
| 16 | doas pfctl -t blacklist -T show | sort -h | uniq | doas tee /etc/blacklist 1>/dev/null |
| 17 | |
| 18 | # continue to update the blocked.txt file in the webserver root |
| 19 | # available at http://bor.oe7drt.com/blocked.txt |
| 20 | BLOCKEDTXT=/home/dominic/pub/blocked/web.txt |
| 21 | FILEBACKUP=3 |
| 22 | |
| 23 | if [ ${FILEBACKUP} -ne 0 ]; then |
| 24 | cp ${BLOCKEDTXT} ${BLOCKEDTXT}.$(date +%Y%m%d) |
| 25 | fi |
| 26 | |
| 27 | BACKUPCOUNT=$(ls ${BLOCKEDTXT}.* | wc -l) |
| 28 | BACKUPSTODELETE=$(expr ${BACKUPCOUNT} - ${FILEBACKUP}) |
| 29 | if [ ${BACKUPCOUNT} -gt ${FILEBACKUP} ]; then |
| 30 | for f in $(ls -tr ${BLOCKEDTXT}.* | head -${BACKUPSTODELETE}) |
| 31 | do |
| 32 | rm ${f} |
| 33 | done |
| 34 | fi |
| 35 | |
| 36 | rm -f ~/ips |
| 37 | |
| 38 | doas pfctl -t blacklist -T show | tee ${BLOCKEDTXT} 1>/dev/null |
| 39 | |
| 40 | doas pfctl -t blacklist -T test $(w | tail -1 | awk '{ print $3}') |
| 41 | |
| 42 | echo |
| 43 | |
| 44 | #doas pfctl -nf /etc/pf.conf |
| 45 | |
| 46 | doas pfctl -vf /etc/pf.conf |
| 47 | |
| 48 | echo doas pfctl -ss |
| 49 | echo doas pfctl -Fs |
| 50 |