blob: ec7bb86079d00ab4cd7a33c4e5142eac13d25759 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
#!/bin/sh
# to allow passive ftp through a default deny iptables firewall:
# modprobe nf_conntrack_ftp
# echo nf_conntrack_ftp >> /etc/modules
# enable helpers automatically via sysctl:
# net.netfilter.nf_conntrack_helper = 1
# OR enable manually for ftp only:
# iptables -t raw -A PREROUTING -p tcp --dport 21 -j CT --helper ftp
check_format() {
# check that we have some ipv4 addresses and some '.' hints
egrep -q '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]' "$1" \
&& egrep -q '^\.[[:space:]]+' "$1"
}
ftphosts="FTP.INTERNIC.NET RS.INTERNIC.NET"
roothints=domain/named.cache
unbound_dir=/etc/unbound
outfile=$unbound_dir/root.hints
if [ "$1" = "--verify" ]; then
if check_format $outfile; then
echo "$outfile: ok"
exit 0
else
echo "$outfile: failed"
exit 1
fi
fi
for host in $ftphosts; do
url=ftp://$host/$roothints
if wget -q -O ${outfile}.new $url && check_format ${outfile}.new; then
mv ${outfile}.new $outfile && exit 0
fi
done
exit 1
|
