script to help manage dynamic pf tables

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

script to help manage dynamic pf tables

Mike.


For a few of the servers I admin, I found the need for the ability to
add IP addresses to a pf table temporarily (for a few days, a couple
weeks, etc).

I grew tired of manually editing the files, so I wrote a scipt to
help me.

The script maintains a list of IP addresses for a pf table, along
with an "expiration date" for the address.  Each night cron runs the
expire portion of the script and the expired addresses are removed
from the table.

So far, it's been working well for my needs for well over a year.  I
decided to clean the script up a bit, put a BSD license on it, and
make it available for anyone else who may want to use it.

It's available here, along with a better description of what it does:

http://archive.mgm51.com/sources/pft.html



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

re: script to help manage dynamic pf tables

Mike.

While I was cleaning the script up to make it available here, I
introduced a bug.  I also found a bug in my use of the expr command.

1) the cleaning bug:
As I was moving the clean-up code from being scattered throughout the
script to the cleanup function, I made an error during a copy and
paste.    As a result, the lock file is removed twice, and the temp
file is not removed.


2) the expr usage bug
I did not know that expr returns an error when the result of a
calculation is zero.  I know that now.    When the script tried to
refresh a table, and there were no address records to be refreshed,
the script ended prematurely due to the error return code from expr.
After running in production for me for over a year, only this week
did this bug surface.


I've put version 1.9 on my website.   This version fixes both of
these issues.  I also put up a patch for the 1.2 -> 1.9 transition.

Full version:
http://archive.mgm51.com/sources/pft.html

Patch:
http://archive.mgm51.com/sources/files/pft.sh_1-2_to_1-9.patch










***********

On 4/24/2014 at 2:40 PM Mike. <[hidden email]> wrote:

From: Mike. <[hidden email]>
To: [hidden email]
Date: Thu, 24 Apr 2014 14:40:56 -0400
Subject: script to help manage dynamic pf tables



>|
>|
>|For a few of the servers I admin, I found the need for the ability
to add
>|IP addresses to a pf table temporarily (for a few days, a couple
weeks,
>|etc).
>|
>|I grew tired of manually editing the files, so I wrote a scipt to
help me.
>|
>|The script maintains a list of IP addresses for a pf table, along
with an
>|"expiration date" for the address.  Each night cron runs the expire
>|portion of the script and the expired addresses are removed from
the
>|table.
>|
>|So far, it's been working well for my needs for well over a year.
I
>|decided to clean the script up a bit, put a BSD license on it, and
make
>|it available for anyone else who may want to use it.
>|
>|It's available here, along with a better description of what it
does:
>|
>|http://archive.mgm51.com/sources/pft.html
>|
>|
>|

*********** END FORWARDED MESSAGE  ***********
Loading...