[Firehol-support] daily cron job

[Rick Marshall]

For anyone interested I have put together this script (stored as 
/etc/firehol/cron.daily) to check for RESERVED_IPS changes and also the 
IP blacklist from spamhaus.

To use this you also need to change 'blacklist=""' to blacklist=`cat 
/etc/firehol/blacklist.txt` in /etc/firehol/firehol.conf

Regards
Rick

#!/bin/bash

# CRON.DAILY - Firehol daily tasks
#
# install with: ln -s /etc/firehol/cron.daily /etc/cron.daily/firehol
# Contributed by Zenucom Pty Ltd - Author: Rick Marshall
#

# --- CONFIGURATION ---

# Set to 1 for auto restart on changes, 0 for messages only

AUTORESTART=1

# Do we need to restart firehol?

RESTART=0

# Firehol directory

cd /etc/firehol

# --- BLACKLIST ---

# A space-separated list of IPs to be blocked.
# This uses the drop list from spamhaus

wget http://www.spamhaus.org/drop/drop.lasso >/dev/null 2>/dev/null
grep -v '^#' drop.lasso | sed 's/;.*//' | sort >blacklist.new
rm -f drop.lasso
diff -q blacklist.txt blacklist.new >/dev/null 2>&1
[ $? -ne 0 ] && { RESTART=1 ; echo "NEW BLACKLIST" ; }
mv blacklist.new blacklist.txt

# --- RESERVED IPS ---

echo yes | /usr/share/doc/firehol-1.256/get-iana.sh >/dev/null 2>&1
diff -q RESERVED_IPS RESERVED_IPS.txt >/dev/null 2>&1
[ $? -ne 0 ] && { RESTART=1 ; echo "NEW RESERVED IPS" ; }
cp RESERVED_IPS RESERVED_IPS.txt

# --- RESTART firehol if there has been changes ---

# Uncomment the next line for auto restart

[ $AUTORESTART -eq 1 -a $RESTART -eq 1 ] && { service firehol restart 
 >/dev/null 2>&1 ; echo firehol restarted ; }