On 22/12/17 04:54, Tom Eastep wrote: > Bill Shirley has contributed a PHP program that will populate an IPSET > from DNS. The program is available at: > > http://www.shorewall.org/pub/shorewall/contrib/DNSLookup/ > ftp://ftp.shorewall.org/pub/shorewall/contrib/DNSLookup/ > > The program arguments are documented in the program source. > > It is suggested that the program be run periodically via cron. The > program accepts an argument that sets the timeout value for entries in > the ipset. In most applications, setting the timeout to be considerably > longer than the DNS entries' TTL is recommended. That way, sites that > specify a short TTL and advertise a large number of addresses with short > TTLs in round-robin fashon will still fully populate the ipset over time. > > Thanks to Bill for this contribution!
Note that the popular DNS/DHCP server dnsmasq also has this facility - just search for ipset in the man page. Of course, this may not suit you as well as Bill's script (it populates the set as names are used, rather than all in one hit), but it may suit some people better. Enjoy! :-) Paul ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
