1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200
|
#!/bin/bash
# $Id: get-iana.sh,v 1.12 2008/03/17 22:08:43 ktsaou Exp $
#
# $Log: get-iana.sh,v $
# Revision 1.12 2008/03/17 22:08:43 ktsaou
# Updated for latest IANA reservations format.
#
# Revision 1.11 2007/06/13 14:40:04 ktsaou
# *** empty log message ***
#
# Revision 1.10 2007/05/05 23:38:31 ktsaou
# Added support for external definitions of:
#
# RESERVED_IPS
# PRIVATE_IPS
# MULTICAST_IPS
# UNROUTABLE_IPS
#
# in files under the same name in /etc/firehol/.
# Only RESERVED_IPS is mandatory (firehol will complain if it is not there,
# but it will still work without it), and is also the only file that firehol
# checks how old is it. If it is 90+ days old, firehol will complain again.
#
# Changed the supplied get-iana.sh script to generate the RESERVED_IPS file.
# FireHOL also instructs the user to use this script if the file is missing
# or is too old.
#
# Revision 1.9 2007/04/29 19:34:11 ktsaou
# *** empty log message ***
#
# Revision 1.8 2005/06/02 15:48:52 ktsaou
# Allowed 127.0.0.1 to be in RESERVED_IPS
#
# Revision 1.7 2005/05/08 23:27:23 ktsaou
# Updated RESERVED_IPS to current IANA reservations.
#
# Revision 1.6 2004/01/10 18:44:39 ktsaou
# Further optimized and reduced PRIVATE_IPS using:
# http://www.vergenet.net/linux/aggregate/
#
# The supplied get-iana.sh uses 'aggregate-flim' if it finds it in the path.
# (aggregate-flim is the name of this program when installed on Gentoo)
#
# Revision 1.5 2003/08/23 23:26:50 ktsaou
# Bug #793889:
# Change #!/bin/sh to #!/bin/bash to allow FireHOL run on systems that
# bash is not linked to /bin/sh.
#
# Revision 1.4 2002/10/27 12:44:42 ktsaou
# CVS test
#
#
# Program that downloads the IPv4 address space allocation by IANA
# and creates a list with all reserved address spaces.
#
IPV4_ADDRESS_SPACE_URL="http://www.iana.org/assignments/ipv4-address-space"
# The program will match all rows in the file which start with a number, have a slash,
# followed by another number, for which the following pattern will also match on the
# same rows
IANA_RESERVED="(RESERVED|UNALLOCATED)"
# which rows that are matched by the above, to ignore
# (i.e. not include them in RESERVED_IPS)?
#IANA_IGNORE="(Multicast|Private use|Loopback|Local Identification)"
IANA_IGNORE="Multicast"
tempfile="/tmp/iana.$$.$RANDOM"
AGGREGATE="`which aggregate-flim 2>/dev/null`"
if [ -z "${AGGREGATE}" ]
then
AGGREGATE="`which aggregate 2>/dev/null`"
fi
if [ -z "${AGGREGATE}" ]
then
echo >&2
echo >&2
echo >&2 "WARNING"
echo >&2 "Please install 'aggregate-flim' to shrink the list of IPs."
echo >&2
echo >&2
fi
echo >&2
echo >&2 "Fetching IANA IPv4 Address Space, from:"
echo >&2 "${IPV4_ADDRESS_SPACE_URL}"
echo >&2
wget -O - --proxy=off "${IPV4_ADDRESS_SPACE_URL}" |\
egrep "^[0-9]+/[0-9]+.*${IANA_RESERVED}" |\
egrep -vi "${IANA_IGNORE}" |\
cut -d ' ' -f 1 |\
(
while IFS="/" read range net
do
if [ ! $net -eq 8 ]
then
echo >&2 "Cannot handle network masks of $net bits ($range/$net)"
continue
fi
first=`echo $range | cut -d '-' -f 1`
first=`expr $first + 0`
last=`echo $range | cut -d '-' -f 2`
last=`expr $last + 0`
x=$first
while [ ! $x -gt $last ]
do
# test $x -ne 127 && echo "$x.0.0.0/$net"
echo "$x.0.0.0/$net"
x=$[x + 1]
done
done
) | \
(
if [ ! -z "${AGGREGATE}" -a -x "${AGGREGATE}" ]
then
"${AGGREGATE}"
else
cat
fi
) >"${tempfile}"
echo >&2
echo >&2
echo >&2 "FOUND THE FOLLOWING RESERVED IP RANGES:"
printf "RESERVED_IPS=\""
i=0
for x in `cat ${tempfile}`
do
i=$[i + 1]
printf "${x} "
done
printf "\"\n"
if [ $i -eq 0 ]
then
echo >&2
echo >&2
echo >&2 "Failed to find reserved IPs."
echo >&2 "Possibly the file format has been changed, or I cannot fetch the URL."
echo >&2
rm -f ${tempfile}
exit 1
fi
echo >&2
echo >&2
echo >&2 "Differences between the fetched list and the list installed in"
echo >&2 "/etc/firehol/RESERVED_IPS:"
echo >&2 "# diff /etc/firehol/RESERVED_IPS ${tempfile}"
diff /etc/firehol/RESERVED_IPS ${tempfile}
if [ $? -eq 0 ]
then
echo >&2
echo >&2 "No differences found."
echo >&2
rm -f ${tempfile}
exit 0
fi
echo >&2
echo >&2
echo >&2 "Would you like to save this list to /etc/firehol/RESERVED_IPS"
echo >&2 "so that FireHOL will automatically use it from now on?"
echo >&2
while [ 1 = 1 ]
do
printf >&2 "yes or no > "
read x
case "${x}" in
yes) cp -f /etc/firehol/RESERVED_IPS /etc/firehol/RESERVED_IPS.old 2>/dev/null
cat "${tempfile}" >/etc/firehol/RESERVED_IPS || exit 1
echo >&2 "New RESERVED_IPS written to '/etc/firehol/RESERVED_IPS'."
break
;;
no)
echo >&2 "Saved nothing."
break
;;
*) echo >&2 "Cannot understand '${x}'."
;;
esac
done
rm -f ${tempfile}
|