<div dir="ltr">This might be overkill but something I would consider is moving the source of truth to something like a versioned db/csv/yaml file and have the comment or human readable text there and don't bother with putting anything in the ipset.. just update tooling to extract what's needed from the db/csv/yaml.<div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Feb 14, 2022 at 10:46 AM DJPfulio--- via Ale <<a href="mailto:ale@ale.org">ale@ale.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">If comments can be on the same line in the ipset file, the script is dumb enough to allow them.<br>
If comments have to be placed onto a different line, I'd use getopts ... to accept 2 arguments and put the --comment input where it needs to go. The comment would be optional.<br>
<br>
Or create another script based on the CIDR used and pulls the org+location from whois records.<br>
<br>
<br>
On 2/14/22 01:38, Alex Carver via Ale wrote:<br>
> Yeah, unfortunately that doesn't help because I do want to have the<br>
> comments sometimes. I have some rulesets specific to entities so I<br>
> don't need them there but for a couple of the catch-all lists I need<br>
> the comments to remind me later. That's the reason for the script,<br>
> to handle comments or not.<br>
> <br>
> On 2022-02-13 20:31, DJPfulio--- via Ale wrote:<br>
>> My script to do this is 4 lines. No error checking. I didn't want<br>
>> to overthink it. I don't even check that the euid is 0. That's<br>
>> solved by placing the script in ~root/bin/. K.I.S.S.<br>
>> <br>
>> #!/bin/bash<br>
>> <br>
>> IPSET_RULES_FILE="/etc/ipset.up.rules"<br>
>> <br>
>> # Make a backup cp $IPSET_RULES_FILE $IPSET_RULES_FILE.bak<br>
>> <br>
>> # Update the live ruleset - any errors? ipset add countryblock $1<br>
>> <br>
>> # Append the new rule to the bottom echo "add countryblock $1 " |<br>
>> tee -a $IPSET_RULES_FILE<br>
>> <br>
>> <br>
>> On 2/13/22 17:50, Alex Carver via Ale wrote:<br>
>>> I'm putting a tiny utility script together to make it faster for<br>
>>> me to update ipset lists and add them to a restore file in one<br>
>>> shot but I've run into a slight hiccup with what I wanted to<br>
>>> accomplish.<br>
>>> <br>
>> <br>
>> Lots of brilliant stuff deleted.<br>
>> <br>
>>> <br>
>>> Thoughts? _______________________________________________<br>
>> <br>
>> <br>
>> _______________________________________________ Ale mailing list <br>
>> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a> <a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a> See JOBS,<br>
>> ANNOUNCE and SCHOOLS lists at <a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
> <br>
> _______________________________________________ Ale mailing list <br>
> <a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a> <a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a> See JOBS,<br>
> ANNOUNCE and SCHOOLS lists at <a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org" target="_blank">Ale@ale.org</a><br>
<a href="https://mail.ale.org/mailman/listinfo/ale" rel="noreferrer" target="_blank">https://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" rel="noreferrer" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr">[<a href="mailto:stillwaxin@gmail.com" target="_blank">stillwaxin@gmail.com</a> ~]$ cat .signature<br>cat: .signature: No such file or directory<br>[<a href="mailto:stillwaxin@gmail.com" target="_blank">stillwaxin@gmail.com</a> ~]$ cat all-opinions-are-my-own<br><div>All opinions are my own and do not represent any of my employer.</div><div><br></div></div></div>