[ale] bonehead ipset additions
Michael Still
stillwaxin at gmail.com
Mon Feb 14 13:14:55 EST 2022
This might be overkill but something I would consider is moving the source
of truth to something like a versioned db/csv/yaml file and have the
comment or human readable text there and don't bother with putting anything
in the ipset.. just update tooling to extract what's needed from the
db/csv/yaml.
On Mon, Feb 14, 2022 at 10:46 AM DJPfulio--- via Ale <ale at ale.org> wrote:
> If comments can be on the same line in the ipset file, the script is dumb
> enough to allow them.
> If comments have to be placed onto a different line, I'd use getopts ...
> to accept 2 arguments and put the --comment input where it needs to go. The
> comment would be optional.
>
> Or create another script based on the CIDR used and pulls the org+location
> from whois records.
>
>
> On 2/14/22 01:38, Alex Carver via Ale wrote:
> > Yeah, unfortunately that doesn't help because I do want to have the
> > comments sometimes. I have some rulesets specific to entities so I
> > don't need them there but for a couple of the catch-all lists I need
> > the comments to remind me later. That's the reason for the script,
> > to handle comments or not.
> >
> > On 2022-02-13 20:31, DJPfulio--- via Ale wrote:
> >> My script to do this is 4 lines. No error checking. I didn't want
> >> to overthink it. I don't even check that the euid is 0. That's
> >> solved by placing the script in ~root/bin/. K.I.S.S.
> >>
> >> #!/bin/bash
> >>
> >> IPSET_RULES_FILE="/etc/ipset.up.rules"
> >>
> >> # Make a backup cp $IPSET_RULES_FILE $IPSET_RULES_FILE.bak
> >>
> >> # Update the live ruleset - any errors? ipset add countryblock $1
> >>
> >> # Append the new rule to the bottom echo "add countryblock $1 " |
> >> tee -a $IPSET_RULES_FILE
> >>
> >>
> >> On 2/13/22 17:50, Alex Carver via Ale wrote:
> >>> I'm putting a tiny utility script together to make it faster for
> >>> me to update ipset lists and add them to a restore file in one
> >>> shot but I've run into a slight hiccup with what I wanted to
> >>> accomplish.
> >>>
> >>
> >> Lots of brilliant stuff deleted.
> >>
> >>>
> >>> Thoughts? _______________________________________________
> >>
> >>
> >> _______________________________________________ Ale mailing list
> >> Ale at ale.org https://mail.ale.org/mailman/listinfo/ale See JOBS,
> >> ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
> >
> > _______________________________________________ Ale mailing list
> > Ale at ale.org https://mail.ale.org/mailman/listinfo/ale See JOBS,
> > ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
[stillwaxin at gmail.com ~]$ cat .signature
cat: .signature: No such file or directory
[stillwaxin at gmail.com ~]$ cat all-opinions-are-my-own
All opinions are my own and do not represent any of my employer.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20220214/c3733fbc/attachment.htm>
More information about the Ale
mailing list