Hi everybody,
I don't want to spam the list here, but I figured this was important
enough to warrant an announcement considering several hundred people
downloaded the script last week.
tl;dr: Bugs found, patch your stuff
A couple bugs have been reported by users, one in RipGrep and another in
find(1).
The RipGrep bug is a bit of a show-stopper, as it was discovered that
its behaviour differed from that of grep(1) and GNU grep, where with the
'-o' flag, it does not select the most exact match when given multiple
search patterns ala 'pattern1|pattern2' it rather will select the first
specified pattern that happens to match. What makes this significant is
that the way this played out was RipGrep was only pulling the first
digit in the CIDR block, ie '192.0.2.0/24' was instead matched as
'192.0.2.0/2' . Big yikes. Mea culpa, should of caught that before I
tried to be a tough guy and recommend an alternative to tried and true
grep.
The find(1) bug has been quite persnickety to debug, as users report
intermittent failures from find(1) where it pukes up error: 'find:
-exec: cannot open "." '
I haven't been able to reproduce the error, so until I (or someone more
knowledgeable) can figure out what's going on with that, that's going to
have to be worked around.
I've released a patch to address both issues, you can find full
instructions on the website: geoghegan.ca/pfbadhost.html
Quick start:
$ ftp https://geoghegan.ca/pub/pf-badhost/0.4/patches/pf-badhost_p0.patch
# patch <pf-badhost_p0.patch /usr/local/bin/pf-badhost.sh
Regards,
Jordan Geoghegan
On 2020-07-01 20:38, Jordan Geoghegan wrote:
Hey folks, just thought I'd share with you that I've released the
latest versions of pf-badhost and unbound-adblock.
pf-badhost webpage: https://www.geoghegan.ca/pfbadhost.html
unbound-adblock webage: https://www.geoghegan.ca/unbound-adblock.html
Key pf-badhost changes:
* pf-badhost goes portable, we now support
{Open,Free,Net,Dragonfly}BSD as well as MacOS!
* Support for IPv6 subnet aggregation added thanks to the excellent
aggregate6 utility written by job@
* Greatly improved IPv6 handling in general
* User configuration section added for configuring whitelists and
custom blocklists
* Bogon filtering added
* Greatly improved error handling
Key unbound-adblock changes:
* unbound-adblock goes portable, we now support
{Open,Free,Net,Dragonfly}BSD as well as Linux!
* Greatly improved error handling and input sanitation
* User configuration section added for configuring whitelists and
custom blocklists
pf-badhost changelog:
https://www.geoghegan.ca/pub/pf-badhost/0.4/changelog.txt
unbound-adblock changelog:
https://www.geoghegan.ca/pub/unbound-adblock/0.4/changelog.txt
