#!/bin/sh ##### # it will fetch drop.txt and edrop.txt from spamhaus.org and add the IPs # to pf's table $TABLE # # in pf.conf: # table persist # block drop log quick from to any # block drop log quick from any to ##### WORKDIR="/tmp" # where to put temporary files TABLE="spamhaus_drop" # name of the table in pf.conf STDOUT="/dev/null" # /dev/null to suppress messages, /dev/stdout to see them if [ ! -d $WORKDIR ]; then echo "$WORKDIR doesn't exist, abandoning" exit 1 fi cd $WORKDIR # get drop.txt, prepare drop.work for pfctl ftp http://www.spamhaus.org/drop/drop.txt > $STDOUT if [ $? != 0 ]; then echo "ERROR: failed fetching drop.txt, abandoning" exit 1 fi sed 's/\;.*$// ; s/\ // ; /^$/d' drop.txt > drop.work # Get edrop.txt too, uncomment this section if you want it ftp http://www.spamhaus.org/drop/edrop.txt > $STDOUT if [ $? != 0 ]; then echo "ERROR: failed fetching edrop.txt, abandoning" rm drop.txt exit 1 fi sed 's/\;.*$// ; s/\ // ; /^$/d' edrop.txt >> drop.work # final file will need to be sorted by IP for comparing it with pf's table sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n drop.work > drop.temp mv drop.temp drop.work # compare drop.work with the table, replace table if different pfctl -t $TABLE -T show | sed s/\ *// > spamhaus.work diff drop.work spamhaus.work > /dev/null if [ $? = 0 ]; then # uncoment if you want cron reports #echo "pf's $TABLE table didn't change since last update" rm -f drop.txt edrop.txt drop.work spamhaus.work # cleanup exit 0 fi # flush the table pfctl -t $TABLE -T flush > $STDOUT # load the new drop list pfctl -f drop.work -t $TABLE -T add > $STDOUT # kill all existing connections to IPs in the list DEATHLIST=`pfctl -t $TABLE -T show` for i in $DEATHLIST; do pfctl -k $i 2>&1 | grep -v "killed 0 states from 1 sources and 0 destinations" > $STDOUT done # uncomment if you want cron reports echo "pf's $TABLE table updated" rm -f drop.txt edrop.txt drop.work spamhaus.work # cleanup exit 0