Page 1 of 1

Long URL-based ban list protection

Posted: Sat Aug 26, 2017 1:49 pm
by josen
Hello,

Murus has an issues with a very long URL-based ban list. The murus.updatedthreats.sh script will fail cause of "too many arguments".

With a small dirty workaround it is working - change following line in /etc/murus.updatethreats.sh to:

Code: Select all

#
# Replace old PF table with new one
#

/sbin/pfctl -t _threats -T replace `cat $badIPs`

Code: Select all

#
# Replace old PF table with new one
#

/sbin/pfctl -t _threats -T flush
cat $badIPs | xargs -n 1 /sbin/pfctl -t _threats -T add
#/sbin/pfctl -t _threats -T replace `cat $badIPs`
Enjoy weekend,
jvc

Re: Long URL-based ban list protection

Posted: Tue Aug 29, 2017 12:34 pm
by hany
Thanks a lot! :)
we will include this fix in Murus 1.4.12

Re: Long URL-based ban list protection

Posted: Tue Aug 29, 2017 5:22 pm
by josen
thx.

It is not the best solution as each IP will be inserted seperatly - means it does take a "long" time.
Best would be to tell pf to read from file or you have a better idea.

jvc

Re: Long URL-based ban list protection

Posted: Tue Aug 29, 2017 11:49 pm
by hany
Yes, I just realised that a long list will take a long time.
I don't have a better idea yet.

Re: Long URL-based ban list protection

Posted: Wed Aug 30, 2017 6:14 pm
by josen
Again me:

better solution:

Code: Select all

/sbin/pfctl -t _threats -T replace -f $badIPs
enjoy
jvc