From c858c609b218bdaef64f1a14f5fe483837779477 Mon Sep 17 00:00:00 2001
From: phildd <ict.advisor@nepal.inf.org>
Date: Sun, 24 Mar 2013 18:30:20 +0545
Subject: Do not bother with bogonsv6 if IPv6 allow is off

Only implement the bogonsv6 table if IPv6 allow is on. Otherwise, if it looks like there would be room for the table in pf, then save the file anyway to /etc/bogonsv6 so it is there if the user switches on IPv6 allow.
---
 etc/rc.update_bogons.sh | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

(limited to 'etc/rc.update_bogons.sh')

diff --git a/etc/rc.update_bogons.sh b/etc/rc.update_bogons.sh
index 0ecd46a..8761be9 100755
--- a/etc/rc.update_bogons.sh
+++ b/etc/rc.update_bogons.sh
@@ -113,15 +113,25 @@ if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DIS
 	fi
 
 	if [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
+		BOGONS_V6=`pfctl -sTables | grep bogonsv6`
 		ENTRIES_TOT=`pfctl -vvsTables | awk '/Addresses/ {s+=$2}; END {print s}'`
-		ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'`
 		LINES_V6=`wc -l /tmp/bogonsv6 | awk '{ print $1 }'`
-		if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then
-			egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6
-			RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1`
-			echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger
+		if [ "$BOGONS_V6" = "bogonsv6" ]; then
+			ENTRIES_V6=`pfctl -vvsTables | awk '/-\tbogonsv6$/ {getline; print $2}'`
+			if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT-${ENTRIES_V6:-0}+LINES_V6)) ]; then
+				egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6
+				RESULT=`/sbin/pfctl -t bogonsv6 -T replace -f /etc/bogonsv6 2>&1`
+				echo "$RESULT" | awk '{ print "Bogons V6 file downloaded: " $0 }' | logger
+			else
+				echo "Not saving or updating IPv6 bogons (increase table-entries limit)" | logger
+			fi
 		else
-			echo "Not updating IPv6 bogons (increase table-entries limit)" | logger
+			if [ $ENTRIES_MAX -gt $((2*ENTRIES_TOT+LINES_V6)) ]; then
+				egrep -v "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6
+				echo "Bogons V6 file downloaded but not updating IPv6 bogons table because IPv6 Allow is off" | logger
+			else
+				echo "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low)" | logger
+			fi
 		fi
 		rm /tmp/bogonsv6
 	else
-- 
cgit v1.1