[Firewall] Arno-fwfilter: resolve destinations

Arno van Amersfoort arnova at rocky.eld.leidenuniv.nl
Mon Feb 27 07:53:07 CET 2012


Hello Mark,

Finally I had some time again to tweak arno-fwfilter a bit. Please read 
my comments below.

On 28-Sep-11 12:57, Mark van Dijk wrote:
> Hi Arno,
>
> I have two requests:
>
> 1) Currently locations are retrieved with lynx. Could you please update
> this to use wget or curl? These are much more common on servers and are
> designed to function as backends, while lynx is more of a front-end
> program.

Done. Totally makes sense back then Curl wasn't that common that's the 
reason I used.

>
> 2) Could you please split RESOLVE_NAMES up into RESOLVE_SRC and
> RESOLVE_DST, and add the ability to resolve destinations? This is
> handy especially for IPv6, because IPv6-addresses can be less
> readable and thus harder to parse, especially when the reader is
> tired ;-) Maybe they can use the same colours as the src/dest IP, and
> the output can be updated a bit for when one is not using colours,
> e.g. they could be of the form src(example.com) dst(example.com).

I've implemented your idea in a slightly different matter. Use the new 
FULL_INFO option to get the behavior you want.

>
> 3) Perhaps maybe you can test if a resolve returns something before
> printing. This way it will not print empty lines if a resolve fails.
That's not that easy with awk unfortunately. I'm planning on rewriting 
the script as a POSIX shell script but this requires a lot of work.

>
>
> I have currently updated 1 myself using curl (curl -L --connect-timeout
> 2).
You also need to add --silent to make this truely work properly ;-)

>
> 2 was a bit harder, because I am not sure how I should add this with
> proper colours. Currently I have resolved it in the following way:
>
> below the line
>
> # Show destination
> ..
> ..
> printf(" %s", $i)
>
> I added:
> dst=substr($i, 5, length($i)-4)
>
> then, I updated the block 'if (RESOLVE_NAMES==1)' to this:
>
> if (RESOLVE_NAMES==1)
> {
>    printf("-")
>    # If multiple names exist for one IP than only use the first (head -n1)
>    syscall=sprintf("echo -n \"$(dig +short +time=1 +tries=1 -x %s 2>/dev/null |head -n1 |grep -v \";;.*\" |sed s,.$,\"  \",) \" 2>2>/dev/null", substr(HOSTINFO,5,length(HOSTINFO)-4))
>    system(syscall)
>    if (USE_ANSI_COLORS==1) printf("\033[0m\033[1;35m")
>    if (USE_HTML==1) printf("<font color=dark purple>")
>    printf("-")
>    syscall=sprintf("echo -n \"$(dig +short +time=1 +tries=1 -x %s 2>/dev/null |head -n1 |grep -v \";;.*\" |sed s,.$,\"  \",) \" 2>/dev/null", dst)
>    system(syscall)
>    if (USE_ANSI_COLORS==1) printf("\033[0m")
>    if (USE_HTML==1) printf("</font>")
> }
>
> This is far from perfect. The oddest thing is that I have to add the
> printf("-") statement because no hostname gets printed if I don't
> add it. Even printf(" ") does not help. I'm sure you have better ways.
For now we'll just have to live with empty lines until the script has 
been rewritten, I guess.

>
> Looking forward to your reply,

Thanks for your suggestions.
> -Mark.

cheers,

Arno

ps. Your name sounds "Dutch" ... ?

> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>


More information about the Firewall mailing list