PF-script stops if FQDN cannot be resolved

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

PF-script stops if FQDN cannot be resolved

Leslie Jensen-2
Hello list.

I have a problem with a simple script I've written to keep two tables up to date. I have a few hosts I need to give access to my LAN via the table goodguys. With these hosts being on a dynamic IP address I have to have them registered via no-ip.

If the look up of FQDN for one of the hosts in my script fails the remaining hosts and IP-addresses will not be added to the table goodguys.

I'm aware that this is a case of poor scripting and I would very much like your feedback on how I can avoid an unknown host to make my script fail.

Thank you :-)

/Leslie


My script:

#!/bin/sh
#
#
pfctl -F Tables
#
#
pfctl -t goodguys -T add host1.no-ip.org host2.no-ip.org www.host3.nu ipa.ddr.ess.002 ipa.ddr.ess.001
#
#
pfctl -t goodguys2 -T add ipa.ddr.ess.003 ipa.ddr.ess.004 ipa.ddr.ess.005
#
#
pfctl -T show -t goodguys
pfctl -T show -t goodguys2

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PF-script stops if FQDN cannot be resolved

Stuart Henderson-6
On 2015/03/09 17:16, Leslie Jensen wrote:

> Hello list.
>
> I have a problem with a simple script I've written to keep two tables
> up to date. I have a few hosts I need to give access to my LAN via the
> table goodguys. With these hosts being on a dynamic IP address I have
> to have them registered via no-ip.
>
> If the look up of FQDN for one of the hosts in my script fails the
> remaining hosts and IP-addresses will not be added to the table
> goodguys.
>
> I'm aware that this is a case of poor scripting and I would very much
> like your feedback on how I can avoid an unknown host to make my script
> fail.
>
> Thank you :-)
>
> /Leslie
>
>
> My script:
>
> #!/bin/sh
> #
> #
> pfctl -F Tables
> #
> #
> pfctl -t goodguys -T add host1.no-ip.org host2.no-ip.org www.host3.nu
> ipa.ddr.ess.002 ipa.ddr.ess.001
> #
> #
> pfctl -t goodguys2 -T add ipa.ddr.ess.003 ipa.ddr.ess.004
> ipa.ddr.ess.005
> #
> #
> pfctl -T show -t goodguys
> pfctl -T show -t goodguys2
>

You could add each host on a separate line.

pfctl -t goodguys -T add host1.no-ip.org
pfctl -t goodguys -T add host2.no-ip.org

etc.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PF-script stops if FQDN cannot be resolved

"Schürer IT Beratung -- Urs J. Schürer"
In reply to this post by Leslie Jensen-2
Hi Leslie,

Am 09.03.2015 um 17:16 schrieb Leslie Jensen:
> If the look up of FQDN for one of the hosts in my script fails the remaining
> hosts and IP-addresses will not be added to the table goodguys.
>
> I'm aware that this is a case of poor scripting and I would very much like
> your feedback on how I can avoid an unknown host to make my script fail.
>
I really hope my answer doesn't sound stupid but why not add those hosts one
by one? If one add fails, the other will still succeed. 'pfctl -T add' might
even give you a return code for every add (didn't try it myself, sorry). Or
even better put those names in a little file and add it with '-T add -f
<file>' (from the manpage):

  'For the add, delete, replace, and test commands, the list of
   addresses can be specified either directly on the command line
   and/or in an unformatted text file, using the -f flag.'


Best regards,
Urs
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: PF-script stops if FQDN cannot be resolved

Kenneth Gober
In reply to this post by Leslie Jensen-2
add new entries one per line.  then if one line fails due to an unresolvable name, your other lines won't be affected:

pfctl -t goodguys -T add host1.no-ip.org
pfctl -t goodguys -T add host2.no-ip.org
pfctl -t goodguys -T add no-such-name.xxx.yyy
pfctl -t goodguys -T www.host3.nu

in the above example, a failure of any one line (such as line 3) won't prevent your other lines from being attempted.

-ken

On Mon, Mar 9, 2015 at 12:16 PM, Leslie Jensen <[hidden email]> wrote:
Hello list.

I have a problem with a simple script I've written to keep two tables up to date. I have a few hosts I need to give access to my LAN via the table goodguys. With these hosts being on a dynamic IP address I have to have them registered via no-ip.

If the look up of FQDN for one of the hosts in my script fails the remaining hosts and IP-addresses will not be added to the table goodguys.

I'm aware that this is a case of poor scripting and I would very much like your feedback on how I can avoid an unknown host to make my script fail.

Thank you :-)

/Leslie


My script:

#!/bin/sh
#
#
pfctl -F Tables
#
#
pfctl -t goodguys -T add host1.no-ip.org host2.no-ip.org www.host3.nu ipa.ddr.ess.002 ipa.ddr.ess.001
#
#
pfctl -t goodguys2 -T add ipa.ddr.ess.003 ipa.ddr.ess.004 ipa.ddr.ess.005
#
#
pfctl -T show -t goodguys
pfctl -T show -t goodguys2


Loading...