This will delete the page "page4". Please be certain.
page4
maloe edited this page 2 years ago
Wiki for ASN_IPFire Script
Content
- Usage
- Sources for ASNs and networks
- ASN IPFire Script and Android
- Tips & Tricks
4 Tips & Tricks
4.1 Alternative: Single local source file
Instead of two separate files, you can also work with one single local source file. Therefore set the same file name for local_asn_file and local_net_file in the script. Then use following format for this file:
1.2.3.0/24 AS0 CustomGroup
2.3.4.0/24 AS0 CustomGroup
3.4.5.6/31 AS0 CustomGroup
4.5.6.6/31 AS0 CustomGroup
5.6.7.8/31 AS999999 CustomGroup2
6.7.8.8/32 AS999999 CustomGroup2
This example will create two IPFire host groups "CustomGroup" and "CustomGroup2" with associated networks.
Note: The order of network, ASN and company name doesn't matter.
4.2 Split long files for AFWall+
(This is obsolet with nested rules as described above in chapter 3.1)
When setting the blocking rules from asn_ipfire.sh directly in Afwall+ settings, it may be necessary to split the afwall_rules.txt into smaller parts. That is because AFWall+ seems to have a time limit for executing custom scripts. If you experience problems with a too long file, then create and try this simple splitting script:
echo '#!/bin/bash' > split.sh
echo 'o=$(( `wc -l $2 | cut -d" " -f1` / $1 +1 ))' >> split.sh
echo 'for ((i=1;i<=$(( `wc -l $2 | cut -d" " -f1` / $1 +1 ));i++)); do' >> split.sh
echo ' head -n $(( $i*$1 )) $2 | tail -n $1 > $2_$i' >> split.sh
echo 'done' >> split.sh
chmod 755 split.sh
Usage it as follows:
bash split.sh <size> <file>
e.g.
bash split.sh 120 afwall_rules.txt
It will create files "afwall_rules.txt_1" to "afwall_rules.txt_n" with max 120 lines each.
4.3 Preventing temporary source files
If you (for any reason) don't want the script to write temporary files to your system, you can point the temporary path temppath to a write protected folder. This leads the script to download the source lists for each query (company name) instead of temporarily storing and re-using it. Depending on the number of company names, this will lead to higher download traffic and is therefore not recommended.
4.4 Compare network entries after running the script
In certain cases it can happen, that the company network entries will be cleared by running the script, For example, if the sources cannot be reached, the connection is interrupted, the provided data are wrong, etc.
Therefore the option "--backup" can be used to compare the changes to ipfire after running the script, e.g.
diff /var/ipfire/fwhosts/customnetworks.bak /var/ipfire/fwhosts/customnetworks
To restore the previous status, run the script again with option "--restore" only: asn_ipfire.sh --restore
Delete Page