ip_lists/baf_script.sh

#!/bin/bash

set -euo pipefail

git pull --no-rebase
echo "Last update:"
git log --pretty -n1
echo

file=firewall_blocklist

echo '# Automatically generated portion beginning, do not touch  # AUTOGEN' > $file

echo "config rule  # AUTOGEN" >> $file
echo "    option name 'BLOCKLIST src'  # AUTOGEN" >> $file
echo "    list proto 'all'  # AUTOGEN" >> $file
echo "    option src '*'  # AUTOGEN" >> $file
iplist=$(cat blocklist.txt)
for ip in $iplist
do
    echo "    list src_ip '$ip'  # AUTOGEN" >> $file
done
echo "    option dest '*'  # AUTOGEN" >> $file
echo "    option target 'DROP'  # AUTOGEN" >> $file

echo "  # AUTOGEN" >> $file

echo "config rule  # AUTOGEN" >> $file
echo "    option name 'BLOCKLIST dest'  # AUTOGEN" >> $file
echo "    list proto 'all'  # AUTOGEN" >> $file
echo "    option src '*'  # AUTOGEN" >> $file
echo "    option dest '*'  # AUTOGEN" >> $file
iplist=$(cat blocklist.txt)
for ip in $iplist
do
    echo "    list dest_ip '$ip'  # AUTOGEN" >> $file
done
echo "    option target 'DROP'  # AUTOGEN" >> $file

echo '# Automatically generated portion ending. Contact tumik for changes.  # AUTOGEN' >> $file

scp firewall_blocklist fw2-baf:/etc/config/firewall_blocklist
ssh fw2-baf "grep -v '# AUTOGEN' /etc/config/firewall > /etc/config/firewall_base"
ssh fw2-baf "cat /etc/config/firewall_base /etc/config/firewall_blocklist > /etc/config/firewall"
ssh fw2-baf "/etc/init.d/firewall reload"
echo "fw2-baf updated"
#
scp firewall_blocklist fw1-baf:/etc/config/firewall_blocklist
ssh fw1-baf "grep -v '# AUTOGEN' /etc/config/firewall > /etc/config/firewall_base"
ssh fw1-baf "cat /etc/config/firewall_base /etc/config/firewall_blocklist > /etc/config/firewall"
ssh fw1-baf "/etc/init.d/firewall reload"
echo "fw1-baf updated"