Re: [pfSense Support] Bogons file overwritten w/ bad data
The redmine is extremely slow right now and I don't think I have an account so I've given up waiting for it. Here's a patch created against 1.2.3-RC2, but applies cleanly to my 2.0-ALPHA box as well. Works on both. Simple enough. Keenan Chris Buechler wrote: Yeah it assumes if the file is downloaded successfully that it's legit data. First I've heard of anyone running into something like this, we should have more verification on that file though. http://redmine.pfsense.org/issues/show/183 *** rc.update_bogons.sh.old Fri Nov 27 00:43:59 2009 --- rc.update_bogons.sh Fri Nov 27 01:00:44 2009 *** *** 4,9 --- 4,11 # Part of the pfSense project # www.pfsense.com + BOGONS_URL=http://files.pfsense.org/bogon-bn-nonagg.txt; + echo rc.update_bogons.sh is starting up. | logger # Grab a random value *** *** 17,31 echo rc.update_bogons.sh is beginning the update cycle. | logger /etc/rc.conf_mount_rw ! /usr/bin/fetch -q -o /tmp/bogons http://files.pfsense.org/bogon-bn-nonagg.txt; if [ ! -f /tmp/bogons ]; then ! echo Could not download http://files.pfsense.org/bogon-bn-nonagg.txt; | logger # Relaunch and sleep sh /etc/rc.update_bogons.sh exit fi egrep -v ^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8 /tmp/bogons /etc/bogons /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 21` rm /tmp/bogons ! echo Bogons file downloaded: $RESULT | logger --- 19,46 echo rc.update_bogons.sh is beginning the update cycle. | logger /etc/rc.conf_mount_rw ! /usr/bin/fetch -q -o /tmp/bogons $BOGONS_URL if [ ! -f /tmp/bogons ]; then ! echo Could not download $BOGONS_URL | logger # Relaunch and sleep sh /etc/rc.update_bogons.sh exit fi + + # Find any lines that aren't a valid CIDR + egrep -v '^[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]/[0-9][0-9]?$' /tmp/bogons /dev/null 21 + + if [ $? -eq 0 ]; then + echo Retrieved invalid bogons file from ${BOGONS_URL}. | logger + # Relaunch and sleep + sh /etc/rc.update_bogons.sh + exit + fi + + # Count lines that are a valid CIDR egrep -v ^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8 /tmp/bogons /etc/bogons /etc/rc.conf_mount_ro RESULT=`/sbin/pfctl -t bogons -T replace -f /etc/bogons 21` rm /tmp/bogons ! valid_lines=`egrep '^[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]\.[1-2]?[0-9]?[0-9]/[0-9][0-9]?$' /etc/bogons | wc -l` ! echo Bogons file downloaded containing $valid_lines prefixes: $RESULT | logger signature.asc Description: OpenPGP digital signature
[pfSense Support] Bogons file overwritten w/ bad data
My conf restore went smooth except for one problem, the /etc/bogons file got overwritten with looked like some html from an ISP redirected web page of some sorts (should have saved it, sorry). Luckily I had ssh access, I copied the one over from the iso and rebooted and it came up fine... How does that file update or get written to? Anyway to prevent this, or was there something I overlooked during the restore? jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bogons file overwritten w/ bad data
Check out the rc_updatebogons.sh script in /etc. That's how the file is updated. Joseph L. Casale wrote: My conf restore went smooth except for one problem, the /etc/bogons file got overwritten with looked like some html from an ISP redirected web page of some sorts (should have saved it, sorry). Luckily I had ssh access, I copied the one over from the iso and rebooted and it came up fine... How does that file update or get written to? Anyway to prevent this, or was there something I overlooked during the restore? jlc - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Bogons file overwritten w/ bad data
Check out the rc_updatebogons.sh script in /etc. That's how the file is updated. I kind of figured it updated on its own... Given that the WAN mac is not rewritten until the config is restored, I figured that's why some of the isp redirection html was pushed into the file. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Bogons file overwritten w/ bad data
Tricksy ISPs and their transparent rewriting ;) Perhaps it's worth doing a quick verification on the file in the script before replacing it as this kind of thing will bring the whole network down if it happens, and the problem really isn't very discoverable to users. Given the format of this file I think a simple grep is sufficient: grep -v '[1-2]\?[0-9]\?[0-9]\.[1-2]\?[0-9]\?[0-9]\.[1-2]\?[0-9]\?[0-9]\.[1-2]\?[0-9]\?[0-9]\/[0-9][0-9]\?' bogon-bn-nonagg.txt If this is a good idea I can probably construct a patch. Keenan Quoting Joseph L. Casale jcas...@activenetwerx.com: Check out the rc_updatebogons.sh script in /etc. That's how the file is updated. I kind of figured it updated on its own... Given that the WAN mac is not rewritten until the config is restored, I figured that's why some of the isp redirection html was pushed into the file. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bogons file overwritten w/ bad data
On Wed, Nov 25, 2009 at 4:51 PM, Joseph L. Casale jcas...@activenetwerx.com wrote: Check out the rc_updatebogons.sh script in /etc. That's how the file is updated. I kind of figured it updated on its own... Given that the WAN mac is not rewritten until the config is restored, I figured that's why some of the isp redirection html was pushed into the file. Yeah it assumes if the file is downloaded successfully that it's legit data. First I've heard of anyone running into something like this, we should have more verification on that file though. http://redmine.pfsense.org/issues/show/183 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org