diff options
| author | Phil Davis <phil.davis@world.inf.org> | 2012-08-02 18:40:29 +0545 |
|---|---|---|
| committer | Phil Davis <phil.davis@world.inf.org> | 2012-08-02 18:40:29 +0545 |
| commit | 342a2f18f9d39368e0bdafecea4dba29bddce8b6 (patch) | |
| tree | c568f5d7e37f4d51c85fb5e70940d94f6241b1df /etc/rc.update_bogons.sh | |
| parent | f6189bec5422ff5b1febb7a47839bce7bf0cf1b5 (diff) | |
| download | pfsense-342a2f18f9d39368e0bdafecea4dba29bddce8b6.zip pfsense-342a2f18f9d39368e0bdafecea4dba29bddce8b6.tar.gz | |
Ensure conf_mount_rw and conf_mount_ro are matched
On nanobsd, running /etc/rc.update_bogons.sh gives:
[2.1-BETA0][admin@test02.homedomain]/tmp(12): /etc/rc.update_bogons.sh 1
/etc/rc.update_bogons.sh: cannot create /etc/bogonsv6: Read-only file system
The code does 1 conf_mount_rw but 2 conf_mount_ro
This is also seen in system.log:
Aug 2 17:47:59 test02 admin: rc.update_bogons.sh is starting up.
Aug 2 17:47:59 test02 admin: rc.update_bogons.sh is beginning the update cycle.
Aug 2 17:49:27 test02 admin: Bogons file downloaded: 1 addresses added.
Aug 2 17:49:29 test02 php: : Reference 1000 is going negative, not doing unreference.
Aug 2 17:49:29 test02 admin: Bogons files downloaded: no changes.
Aug 2 17:49:29 test02 admin: rc.update_bogons.sh is ending the update cycle.
The V6 bogons file does not get applied because the filesystem is RO by that point.
I have reviewed the whole logic of this shell script. I believe it handles the various cases correctly now. On nanobsd I get the following in system.log:
Aug 2 18:17:13 test02 admin: rc.update_bogons.sh is starting up.
Aug 2 18:17:13 test02 admin: rc.update_bogons.sh is beginning the update cycle.
Aug 2 18:18:02 test02 admin: Bogons V4 file downloaded: no changes.
Aug 2 18:18:10 test02 admin: Bogons V6 file downloaded: 58959 addresses added.
Aug 2 18:18:52 test02 admin: rc.update_bogons.sh is ending the update cycle.
Diffstat (limited to 'etc/rc.update_bogons.sh')
| -rwxr-xr-x | etc/rc.update_bogons.sh | 45 |
1 files changed, 27 insertions, 18 deletions
diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh index 29a77ee..a721096 100755 --- a/etc/rc.update_bogons.sh +++ b/etc/rc.update_bogons.sh @@ -6,7 +6,7 @@ echo "rc.update_bogons.sh is starting up." | logger -# Sleep for that time, unless an argument is specified. +# Sleep for some time, unless an argument is specified. if [ "$1" = "" ]; then # Grab a random value @@ -17,9 +17,6 @@ fi echo "rc.update_bogons.sh is beginning the update cycle." | logger -# Mount RW if needed -/etc/rc.conf_mount_rw - /usr/bin/fetch -q -o /tmp/bogons "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt" /usr/bin/fetch -q -o /tmp/bogonsv6 "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt" if [ ! -f /tmp/bogons ]; then @@ -37,33 +34,45 @@ if [ "$dl_error" != "" ];then exit fi -BOGON_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5" | awk '{ print $4 }'` -ON_DISK_MD5=`md5 /tmp/bogons | awk '{ print $4 }'` -if [ "$BOGON_MD5" = "$ON_DISK_MD5" ]; then +BOGON_V4_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5" | awk '{ print $4 }'` +ON_DISK_V4_MD5=`md5 /tmp/bogons | awk '{ print $4 }'` +BOGON_V6_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5" | awk '{ print $4 }'` +ON_DISK_V6_MD5=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` + +if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ] || [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then + # At least one of the downloaded MD5s matches, so mount RW + /etc/rc.conf_mount_rw +fi + +if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ]; then egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons - /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 2>&1` rm /tmp/bogons - echo "Bogons file downloaded: $RESULT" | logger + echo "Bogons V4 file downloaded: $RESULT" | logger else echo "Could not download http://files.pfsense.org/mirrors/bogon-bn-nonagg.txt.md5 (md5 mismatch)" | logger - # Relaunch and sleep - sh /etc/rc.update_bogons.sh & + md5_error="true" fi -BOGON_MD5=`/usr/bin/fetch -q -o - "http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5" | awk '{ print $4 }'` -ON_DISK_MD5=`md5 /tmp/bogonsv6 | awk '{ print $4 }'` -if [ "$BOGON_MD5" = "$ON_DISK_MD5" ]; then +if [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then egrep -v "^#" /tmp/bogonsv6 > /etc/bogonsv6 - /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1` rm /tmp/bogonsv6 - echo "Bogons files downloaded: $RESULT" | logger + echo "Bogons V6 file downloaded: $RESULT" | logger else echo "Could not download http://files.pfsense.org/mirrors/fullbogons-ipv6.txt.md5 (md5 mismatch)" | logger + md5_error="true" +fi + +if [ "$BOGON_V4_MD5" = "$ON_DISK_V4_MD5" ] || [ "$BOGON_V6_MD5" = "$ON_DISK_V6_MD5" ]; then + # We mounted RW, so switch back to RO + /etc/rc.conf_mount_ro +fi + +if [ "$md5_error" != "" ];then # Relaunch and sleep - sh /etc/rc.update_bogons.sh & + sh /etc/rc.update_bogons.sh & + exit fi echo "rc.update_bogons.sh is ending the update cycle." | logger - |
