diff options
author | phildd <ict.advisor@nepal.inf.org> | 2013-03-24 18:30:20 +0545 |
---|---|---|
committer | phildd <ict.advisor@nepal.inf.org> | 2013-03-24 18:30:20 +0545 |
commit | c858c609b218bdaef64f1a14f5fe483837779477 (patch) | |
tree | 271176ae8175f182cfafe74c1fd76dd0272c3bde /etc/rc.update_bogons.sh | |
parent | e714e996899c305398cafc2af50f8d56630e2ca5 (diff) | |
download | pfsense-c858c609b218bdaef64f1a14f5fe483837779477.zip pfsense-c858c609b218bdaef64f1a14f5fe483837779477.tar.gz |
Do not bother with bogonsv6 if IPv6 allow is off
Only implement the bogonsv6 table if IPv6 allow is on. Otherwise, if it looks like there would be room for the table in pf, then save the file anyway to /etc/bogonsv6 so it is there if the user switches on IPv6 allow.
Diffstat (limited to 'etc/rc.update_bogons.sh')
-rwxr-xr-x | etc/rc.update_bogons.sh | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index 0ecd46a..8761be9 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -113,15 +113,25 @@ if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DIS fi if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then + BOGONS_V6=`pfctl -sTables | grep bogonsv6` ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'` - ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'` LINES_V6=`wc -l /tmp/bogonsv6 | awk '{ print $1 }'` - if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then - egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 - RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` - echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger + if [ "$BOGONS_V6" = "bogonsv6" ]; then + ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'` + if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then + egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 + RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` + echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger + else + echo "Not saving or updating IPv6 bogons (increase table-entries limit)" | logger + fi else - echo "Not updating IPv6 bogons (increase table-entries limit)" | logger + if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT+LINES_V6)) ]; then + egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 + echo "Bogons V6 file downloaded but not updating IPv6 bogons table because IPv6 Allow is off" | logger + else + echo "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low)" | logger + fi fi rm /tmp/bogonsv6 else |