Открыть доступ только к windows update для сети с ipfw шлюзом.

Метки: FreeBSD, shell script

Script to make ip addresses from domain names :

#!/bin/sh
set -x
fin () {
    cat /tmp/listx | sort | uniq > /tmp/listwin
    ipfw table 1 flush
    cat /tmp/listmail | while read ip; do
    ipfw table 1 add $ip
    done
    ipfw table all list
}
rm /tmp/list*
while read -r name; do
i=1
while [ $i -le 15 ]; do
dig +short $name @8.8.8.8 >> /tmp/list1
dig +short $name @8.8.4.4 >> /tmp/list1
dig +short $name @77.88.8.8 >> /tmp/list1
dig +short $name @77.88.8.1 >> /tmp/list1
i=$(( i+1 ))
done
done</winupdate-hosts-list
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /tmp/list1 >> /tmp/listx

list=1; while [ $list -le 25 ]; do
zzz=$(cat /tmp/list$list | grep '[a-zA-Z]')
if [ -n "$zzz" ]; then
cat /tmp/list$list | grep '[a-zA-Z]' | sort | uniq > /tmp/list$(( list+2 ))
while read -r ip; do
dig +short $ip >> /tmp/list$(( list+3 ))
done</tmp/list$(( list+2 ))
grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" /tmp/list$(( list+3 )) >> /tmp/listx
else fin; exit 0;  fi;
list=$(( list+3 ))
done
fin;

domain names :

windowsupdate.microsoft.com
update.microsoft.com
windowsupdate.com
download.windowsupdate.com
download.microsoft.com
test.stats.update.microsoft.com
ntservicepack.microsoft.com

script output :

ipfw table all list
---table(1)---
2.17.214.186/32 0
2.21.7.58/32 0
2.21.7.65/32 0
2.23.167.34/32 0
2.23.167.48/32 0
65.55.50.157/32 0
65.55.50.158/32 0
65.55.50.189/32 0
65.55.50.190/32 0
104.122.240.61/32 0
134.170.58.221/32 0
134.170.58.222/32 0
157.55.240.94/32 0
191.232.80.55/32 0
207.46.22.245/32 0

add rule to allow access :

#!/bin/sh
ipfw add allow all from 192.168.0.0/16 to table\(1\) keep-state

Tags for Открыть доступ только к windows update для сети с ipfw шлюзом.
Вход в систему
Image CAPTCHA
Enter the characters shown in the image.