Converting FQDN to IP in custom blocklist
-
Hello,
I have a custom blocklist where I put the phishing attemps toward my organisation as soon as I can. The list is hosted somewhere and contain a list of FQDN. However, in order to protect all those who use DNS via HTTPS and similar, I want to convert the names to IP, which I can do with a dig command:#!/bin/sh dig +recurse +short @8.8.8.8 -4 -f ${1} | grep -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'I put this command in /usr/local/pkg/pfblockerng/ip_post_name_to_ip.sh and, as far as I can see, it works as expected. I.e. it gets two arguments in input, the first is the name of the downloaded file
/var/db/pfblockerng/original/FEEDNAME_v4.origThe second is "_v4". The script reads the list of FQDNs from the file and convert them to IPs.
The problem is that I do not know where to put the output. If I pipe it to standard output, it is printed in the log but does nothing. If I save it to the list location, /var/db/pfblockerng/deny/FEEDNAME_v4.txt, it would work, but only if any other subscription has changed. Otherwise, pfblocker does not detect that the list of IPs has changed, does not update the aliases and does not reload the firewall rules. I see that some list of IPs are saved directly as /var/db/pfblockerng/FEEDNAME.txt, but that also does nothing.
I guess there must be some intermediate temporary file that must be created, but I cannot guess its name as I was not able to find any script example, if you can provide a pointer I would be grateful.
Thank you
-
I found a way to do this using a "pre" script which fetches the file itself, a "post" script example would still be welcome.