Открыть доступ только к windows update для сети с ipfw шлюзом.

Метки: FreeBSD, shell script

Script to make ip addresses from domain names :

#!/bin/sh

set -x

fin () {

    cat /tmp/listx | sort | uniq > /tmp/listwin

    ipfw table 1 flush

    cat /tmp/listmail | while read ip; do

    ipfw table 1 add $ip

    done

    ipfw table all list

}

rm /tmp/list*

while read -r name; do

i=1

while [ $i -le 15 ]; do

dig +short $name @8.8.8.8 >> /tmp/list1

dig +short $name @8.8.4.4 >> /tmp/list1

dig +short $name @77.88.8.8 >> /tmp/list1

dig +short $name @77.88.8.1 >> /tmp/list1

i=$(( i+1 ))

done

done</winupdate-hosts-list

grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /tmp/list1 >> /tmp/listx

list=1; while [ $list -le 25 ]; do

zzz=$(cat /tmp/list$list | grep '[a-zA-Z]')

if [ -n "$zzz" ]; then

cat /tmp/list$list | grep '[a-zA-Z]' | sort | uniq > /tmp/list$(( list+2 ))

while read -r ip; do

dig +short $ip >> /tmp/list$(( list+3 ))

done</tmp/list$(( list+2 ))

grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /tmp/list$(( list+3 )) >> /tmp/listx

else fin; exit 0;  fi;

list=$(( list+3 ))

done

fin;

domain names :

windowsupdate.microsoft.com
update.microsoft.com
windowsupdate.com
download.windowsupdate.com
download.microsoft.com
test.stats.update.microsoft.com
ntservicepack.microsoft.com

script output :

ipfw table all list
---table(1)---
2.17.214.186/32 0
2.21.7.58/32 0
2.21.7.65/32 0
2.23.167.34/32 0
2.23.167.48/32 0
65.55.50.157/32 0
65.55.50.158/32 0
65.55.50.189/32 0
65.55.50.190/32 0
104.122.240.61/32 0
134.170.58.221/32 0
134.170.58.222/32 0
157.55.240.94/32 0
191.232.80.55/32 0
207.46.22.245/32 0

add rule to allow access :

#!/bin/sh
ipfw add allow all from 192.168.0.0/16 to table\(1\) keep-state