-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathipset-sync
executable file
·40 lines (30 loc) · 965 Bytes
/
ipset-sync
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/bin/sh
export PATH="$PATH:/usr/sbin" # ..needed under cron
which ipset >/dev/null || { echo "ERROR: missing ipset binary"; exit 1; }
test $# = 2 || { echo "Usage: ${0##*/} filelist-addrs filelist-nets"; exit; }
list_addrs="$1"
list_nets="$2"
NEW="$(date +%s)-$$"
not_empty() {
test -z "$1" && return 1
local N="$(wc -l < "$1" 2>/dev/null)"
test -n "$N" -a "$N" -gt 0
}
file2ipset() {
local ipset_name="$1" file="$2"
while read a; do ipset -A "$NEW" "$a"; done < "$file"
ipset -W "$NEW" "$ipset_name" # ..swap
ipset -X "$NEW" # ..delete old
}
if not_empty "$list_addrs"; then
TBLSIZE="$(expr 1024 \* 1024)"
ipset create "$NEW" hash:ip hashsize "$TBLSIZE" maxelem "$TBLSIZE"
file2ipset block_ipaddrs "$list_addrs"
fi
if not_empty "$list_nets"; then
ipset create "$NEW" hash:net
file2ipset block_ipnets "$list_nets"
fi
test -f /usr/libexec/ipset/ipset.start-stop &&
/usr/libexec/ipset/ipset.start-stop save
## END ##