[ale] bonehead ipset additions

Alex Carver agcarver+ale at acarver.net
Tue Feb 15 10:07:33 EST 2022


We're focusing too much on ipset instead of the original question which 
is really about handling bash parameter expansion properly so that what 
I'm doing will work.  That has greater applicability than just ipset.

On 2022-02-14 10:14, Michael Still via Ale wrote:
> This might be overkill but something I would consider is moving the source
> of truth to something like a versioned db/csv/yaml file and have the
> comment or human readable text there and don't bother with putting anything
> in the ipset.. just update tooling to extract what's needed from the
> db/csv/yaml.
> 
> 
> On Mon, Feb 14, 2022 at 10:46 AM DJPfulio--- via Ale <ale at ale.org> wrote:
> 
>> If comments can be on the same line in the ipset file, the script is dumb
>> enough to allow them.
>> If comments have to be placed onto a different line, I'd use getopts ...
>> to accept 2 arguments and put the --comment input where it needs to go. The
>> comment would be optional.
>>
>> Or create another script based on the CIDR used and pulls the org+location
>> from whois records.
>>
>>
>> On 2/14/22 01:38, Alex Carver via Ale wrote:
>>> Yeah, unfortunately that doesn't help because I do want to have the
>>> comments sometimes.  I have some rulesets specific to entities so I
>>> don't need them there but for a couple of the catch-all lists I need
>>> the comments to remind me later.  That's the reason for the script,
>>> to handle comments or not.
>>>
>>> On 2022-02-13 20:31, DJPfulio--- via Ale wrote:
>>>> My script to do this is 4 lines. No error checking. I didn't want
>>>> to overthink it. I don't even check that the euid is 0. That's
>>>> solved by placing the script in ~root/bin/.  K.I.S.S.
>>>>
>>>> #!/bin/bash
>>>>
>>>> IPSET_RULES_FILE="/etc/ipset.up.rules"
>>>>
>>>> # Make a backup cp $IPSET_RULES_FILE $IPSET_RULES_FILE.bak
>>>>
>>>> # Update the live ruleset - any errors? ipset add countryblock $1
>>>>
>>>> # Append the new rule to the bottom echo "add countryblock $1 " |
>>>> tee -a $IPSET_RULES_FILE
>>>>
>>>>
>>>> On 2/13/22 17:50, Alex Carver via Ale wrote:
>>>>> I'm putting a tiny utility script together to make it faster for
>>>>> me to update ipset lists and add them to a restore file in one
>>>>> shot but I've run into a slight hiccup with what I wanted to
>>>>> accomplish.
>>>>>
>>>>
>>>> Lots of brilliant stuff deleted.
>>>>
>>>>>
>>>>> Thoughts? _______________________________________________
>>>>
>>>>
>>>> _______________________________________________ Ale mailing list
>>>> Ale at ale.org https://mail.ale.org/mailman/listinfo/ale See JOBS,
>>>> ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
>>>
>>> _______________________________________________ Ale mailing list
>>> Ale at ale.org https://mail.ale.org/mailman/listinfo/ale See JOBS,
>>> ANNOUNCE and SCHOOLS lists at http://mail.ale.org/mailman/listinfo
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo



More information about the Ale mailing list