know-how:firewall
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende ÜberarbeitungNächste ÜberarbeitungBeide Seiten der Revision | ||
know-how:firewall [2022/02/21 13:07] – [Blocks - Multi - IPSET] cc | know-how:firewall [2022/02/21 13:15] – [Blocks - Multi - IPSET] cc | ||
---|---|---|---|
Zeile 1371: | Zeile 1371: | ||
* www-data muss dnsmasq neu starten können zB: visudo -> www-data | * www-data muss dnsmasq neu starten können zB: visudo -> www-data | ||
* **Achtung: | * **Achtung: | ||
+ | * **merge-ipsets.sh** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | function bailout | ||
+ | { | ||
+ | echo -e " | ||
+ | exit 2 | ||
+ | |||
+ | } | ||
+ | |||
+ | which dnsmasq >/ | ||
+ | |||
+ | |||
+ | LOCATION_DNSMASQS="/ | ||
+ | TMP_LOCATION=$(mktemp) | ||
+ | FINAL_LOCATION="/ | ||
+ | |||
+ | if [ ! -w $FINAL_LOCATION ] | ||
+ | then | ||
+ | rm $TMP_LOCATION | ||
+ | |||
+ | bailout "FAIL: Final config file: $FINAL_LOCATION cannot be written to " | ||
+ | |||
+ | fi | ||
+ | |||
+ | |||
+ | grep -h " | ||
+ | do | ||
+ | nr_matches=$(echo $hosts | awk ' | ||
+ | host_entry=$(echo $hosts | awk ' | ||
+ | |||
+ | if (($nr_matches > 1 )) && | ||
+ | then | ||
+ | | ||
+ | |||
+ | while read found_sets | ||
+ | do | ||
+ | build_entry+="/ | ||
+ | |||
+ | done <<< | ||
+ | |||
+ | |||
+ | echo $build_entry >> $TMP_LOCATION | ||
+ | echo $build_entry | ||
+ | |||
+ | fi | ||
+ | | ||
+ | |||
+ | |||
+ | done | ||
+ | |||
+ | filesize_tmp=$(stat -c %s $TMP_LOCATION) | ||
+ | |||
+ | if [ $filesize_tmp == " | ||
+ | then | ||
+ | |||
+ | rm $TMP_LOCATION | ||
+ | |||
+ | echo "No double ipsets found in $LOCATION_DNSMASQS" | ||
+ | |||
+ | exit 0 | ||
+ | |||
+ | fi | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | cmp -s $TMP_LOCATION $FINAL_LOCATION | ||
+ | |||
+ | compare_ret=" | ||
+ | |||
+ | if [ $compare_ret == " | ||
+ | then | ||
+ | rm $TMP_LOCATION | ||
+ | echo " | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | |||
+ | dnsmasq --test --conf-file=$TMP_LOCATION | ||
+ | |||
+ | ipset_tests=" | ||
+ | if [ $ipset_tests != " | ||
+ | then | ||
+ | rm $TMP_LOCATION | ||
+ | bailout "FAIL: Malformed config file: $TMP_LOCATION" | ||
+ | fi | ||
+ | |||
+ | #2022-02-21 cc: Keep Ownership intact | ||
+ | cat $TMP_LOCATION > $FINAL_LOCATION | ||
+ | |||
+ | rm $TMP_LOCATION | ||
+ | |||
+ | systemctl reload dnsmasq || bailout "FAIL: Cannot reload dnsmasq" | ||
+ | |||
+ | |||
+ | exit 0 | ||
+ | </ | ||
===== Blocks - IPSET ===== | ===== Blocks - IPSET ===== |
know-how/firewall.txt · Zuletzt geändert: 2024/06/27 13:29 von cc