#!/bin/bash
grep "ACCESS BLOCK" /var/log/firewall.log.0 | \
awk '{ if ($6 ~ /^src.*/ ) { \
srcip=$6; gsub(/src\=\"/,"",srcip); \
gsub(/\:.*/,"",srcip); \
gsub(/\"/,"",srcip); \
split(srcip,A,/\./); \
printf( \
"%s\t%s.%s.%s.%s.tr.countries.nerd.dk\
\t%s.%s.%s.%s.dul.dnsbl.sorbs.net\
\t%s.%s.%s.%s.rbl.zzz\n",\
srcip, \
A[4], A[3], A[2], A[1], \
A[4], A[3], A[2], A[1], \
A[4], A[3], A[2], A[1]) } }' \
| sort | uniq > /tmp/tmp.rbl
tarih=`date +%F`
while read srcip tr_test dul_test rbl_test
do
rbl_result=`dig +short $rbl_test`
if [[ $rbl_result != '127.0.0.2' ]] ; then
tr_result=`dig +short $tr_test`
if [[ -n $tr_result ]] ; then
dul_result=`dig -p 530 $dul_test`
if [[ -n $dul_result ]] ; then
printf "%s :127.0.0.2: Izinsiz erisim yapan TR dinamik IP -- %s\n" \
$srcip $tarih >> /var/lib/rbldns/rbl.zzz
fi
fi
fi
done < /tmp/tmp.rbl
rm -f /tmp/tmp.rbl