initial commit

1 files changed, 46 insertions, 0 deletions

diff --git a/lf-droplist-update.sh b/lf-droplist-update.sh
new file mode 100644
index 0000000..bb1b286
--- /dev/null
+++ b/lf-droplist-update.sh
@@ -0,0 +1,46 @@
+#! /bin/sh
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
+
+PF="/etc/pf.droplist"
+DROPV6="/usr/local/etc/spamhaus-drop-v6.json"
+DROPV6_URL="https://www.spamhaus.org/drop/drop_v6.json"
+DROPV4="/usr/local/etc/spamhaus-drop-v4.json"
+DROPV4_URL="https://www.spamhaus.org/drop/drop_v4.json"
+
+_fetchfile() {
+	local path="$1"
+	local url="$2"
+	local temp="${path}.tmp"
+
+	local fetchflags=""
+	if [ -f "$path" ]; then
+		fetchflags="$fetchflags -i $path"
+	fi
+
+	if ! fetch $fetchflags -q -o "$temp" "$url"; then
+		rm -f "$temp"
+		return 1
+	fi
+
+	if [ -s "$temp" ]; then
+		mv "$temp" "$path"
+	fi
+}
+
+if ! _fetchfile "$DROPV6" "$DROPV6_URL"; then
+	printf >&2 '%s: failed to fetch IPv6 drop list\n' "$0"
+	exit 1
+fi
+
+if ! _fetchfile "$DROPV4" "$DROPV4_URL"; then
+	printf >&2 '%s: failed to fetch IPv6 drop list\n' "$0"
+	exit 1
+fi
+
+rm -f "${PF}.tmp"
+
+cat "$DROPV6" "$DROPV4" | jq -r 'select(has("cidr")) | .cidr' > "${PF}.tmp"
+
+mv "${PF}.tmp" "${PF}"
+pfctl -q -Treplace -tdroplist -f /etc/pf.droplist