[COFF] [TUHS] TUHS: Maintenance, Succession and Funding
Steffen Nurpmeso via COFF
coff at tuhs.org
Tue Apr 21 02:57:06 AEST 2026
Steffen Nurpmeso via COFF wrote in
<20260420164338.GLnQ43Tq at steffen%sdaoden.eu>:
|[i went to coff@ as requested.]
and that does not allow .sh attachments.
Wasn't source code sharing a major part of UUCP?
Maybe someone finds it useful, i share like so.
#!/bin/sh -
#@ /root/bin/cron-fw.sh -- act for
#@ - IPs with NXDOMAIN reverse DNS
#@ - multiple IPs per $MASK4/6 network (with $DISALLOW_MULTI_IP_MASK)
#@ - TODO should use file-locking for DB
# DBG: dry-run if non-empty; if value is "y", use example address set
: ${DBG=}
: ${DISALLOW_MULTI_IP_MASK=y} # whether we also blacklist networks with multiple different IP currently sucking
: ${LOG=y}
: ${DB:=/run/.fw-ss-http}
: ${DBTYPE:=httpnodom}
: ${LOGFAC:=daemon.notice}
: ${MASK4:=24}
: ${MASK6:=64}
: ${SECS:=21000}
: ${TBL:=drop}
: ${AWK:=awk}
: ${IPCALC:=ipcalc}
: ${NSLOOKUP:=nslookup}
: ${SED:=sed}
: ${SS:=ss}
ep=$(date +%s)
ipa_prep() {
ip=$1
ws_trim ip "$ip"
if [ "$ip" = "${ip#*[^0-9.]}" ]; then
:
elif [ "$ip" != "${ip%]*}" ] || [ "$ip" = "${ip#*[!0-9a-fA-F:]}" ]; then
ip=${ip%]*}
ip=${ip#*[*}
ws_trim ip "$ip"
[ "$ip" != "${ip#*[!0-9a-fA-F:]}" ] && ip=
else
ip=
fi
echo "$ip"
}
keyit() {
echo $* | $SED -E -e 's/\./Y/g' -e 's/:/Z/g'
}
ws_trim() {
__ws__=$2
__ws__=${__ws__#${__ws__%%[! ]*}}
__ws__=${__ws__%${__ws__##*[! ]}}
eval $1=\"$__ws__\"
}
nips=
act_dbg() {
nips= xips='1/10.1.2.3 0/1:3:4::FF 0/10.1.3.1 0/10.1.3.33 0/10.1.4.100'
for ip in $xips; do
t=${ip%/*}
ip=${ip#*/}
ip="$t/$ip/"$(keyit "$ip")
nips="$nips $ip"
done
}
act_httpnodom() {
nips=$($SS -H -Q -t '( sport = :http or sport = :https )' |
while read l; do
ip=$(echo "$l" | $SED -E 's/.*[[:space:]]+([^[:space:]]+):[[:alnum:]_-]+$/\1/')
if [ $? -ne 0 ]; then
echo >&2 'Failure extracting IP address: '$l
continue
fi
ip=$(ipa_prep "$ip")
if [ -z "$ip" ]; then
echo >&2 'IP address extaction error: '$ip': '$l
continue
fi
ipm=$(keyit "$ip")
eval l=\$ipdns_$ipm ipdns_$ipm=y
if [ -n "$l" ]; then
[ -n "$DBG" ] && echo >&2 '.. DNS lookup cached: '$ip
continue
elif [ -n "$DBG" ]; then
echo >&2 'DNS PTR lookup: '$NSLOOKUP' '$ip
else
m=$($NSLOOKUP "$ip" 2>/dev/null)
fi
echo $?/$ip/$ipm
done)
}
if [ "$DBG" = y ]; then
act_dbg
elif [ "$DBTYPE" = httpnodom ]; then
act_httpnodom
else
echo >&2 'unknown DBTYPE: '$DBTYPE
exit 64
fi
if [ -n "$nips" ]; then
nnips=
for a in $nips; do
t=${a%%/*}
a=${a#*/}
am=${a#*/}
a=${a%/*}
m=$MASK4
[ "${a}" != "${a%:*}" ] && m=$MASK6
an=$($IPCALC -n $a/$m)
if [ $? -ne 0 ]; then
echo >&2 'ipcalc failed for '$a/$m
continue
fi
an=${an##NETWORK=}
anm=$(keyit "$an")
eval i=\$a_$anm
if [ -n "$i" ]; then
[ -n "$DBG" ] && echo >&2 '.. network already listed: '$an
continue
fi
# PTR failure
if [ "$t" -ne 0 ]; then
nnips="$nnips $an"
eval a_$anm=y
[ -n "$DBG" ] && echo >&2 '+ listing: DNS failure: '$an
elif [ -n "$DISALLOW_MULTI_IP_MASK" ]; then
eval aem=\$xi_$am
[ -z "$aem" ] && aem=0
aem=$((aem + 1))
eval xi_$am=$aem
eval anem=\$xi_$anm
[ -z "$anem" ] && anem=0
anem=$((anem + 1))
eval xi_$anm=$anem
if [ $aem -ne $anem ]; then
nnips="$nnips $an"
eval a_$anm=y
[ -n "$DBG" ] && echo >&2 '+ listing: multiple IP/network: '$an
fi
fi
done
nips=$nnips
fi
[ -f "$DB" ] || > "$DB"
< "$DB" > "$DB".new \
$AWK -v DBG="$DBG" -v DBTYPE="$DBTYPE" -v EP="$ep" \
-v LOG="$LOG" -v LOGFAC="$LOGFAC" \
-v MASK4="$MASK4" -v MASK6="$MASK6" -v NE="$nips" \
-v SECS="$SECS" -v TBL="$TBL" '
BEGIN{ split("", xa); split("", da); }
{
if($2 + SECS > EP)
xa[$1] = $2
else
da[$1] = $2
}
END{
oen = length(xa)
den = length(da)
split(NE, pnxa)
split("", nxa)
for(n in pnxa){
n = pnxa[n]
if(!nxa[n])
nxa[n] = n
}
nen = length(nxa)
# Any new one that actually is not is neither deleted nor readded
if(nen > 0 && (oen > 0 || den > 0)){
for(e in nxa){
i = 0
if(xa[e])
i = 1
if(da[e]){
xa[e] = EP
++oen
--den
i = 1
}
if(i){
delete nxa[e]
if(--nen == 0)
break
}
}
}
# stock
m = "=" oen
for(e in xa){
if(!xa[e])
continue
print e " " xa[e]
}
act = ""
# removals
m = m ", -" den
if(den > 0){
des = ""
for(e in da){
if(!da[e])
continue
if(des)
des = des " "
if(e ~ ":")
des = des e "/" MASK6
else
des = des e "/" MASK4
}
if(des){
#if(act) act = act " "
act = act "del " TBL " " des
if(DBG)
m = m " (" des ")"
}
}
# additions
m = m ", +" nen
if(nen > 0){
nes = ""
for(e in nxa){
if(!nxa[e])
continue
if(nes)
nes = nes " "
if(e ~ ":")
nes = nes e "/" MASK6
else
nes = nes e "/" MASK4
print e " " EP
}
if(nes){
if(act) act = act " "
act = act " add " TBL " " nes
if(DBG)
m = m " (" nes ")"
}
}
if(DBG){
if(act)
print "/root/bin/net-qos.sh adddel " act >> "/dev/stderr"
print "logger -p " LOGFAC " -t /root/bin/cron-fw.sh:" DBTYPE " \"" m "\"" >> "/dev/stderr"
}else{
if(act)
system("/root/bin/net-qos.sh adddel " act)
if(LOG)
system("logger -p " LOGFAC " -t /root/bin/cron-fw.sh:" DBTYPE " \"" m "\"")
}
}'
mv "$DB".new "$DB"
# s-sht-mode
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the COFF
mailing list