NeDi Community
NeDi Software Specific => Discovery => Topic started by: ascii on July 05, 2016, 09:55:35 am
-
Hello together,
i was wondering if it is possible to write the netfilter over multiple lines.
I have multiple location (20+) in my nedi.
my netfilter statement is getting really long and messy.
i is possible to have multiple netfilter statements in the config?
like
#location A
netfilter a.b.c.d
#location b
netfilter e.f.g.h
location c
netfilter i.j.k.l
and so on
-
"netfilter" was added as addition to "border", which should stop the discovery at certain devices. Both have their limitations (even combined). I'll keep it in mind and see what comes up.
Maybe others have good ideas on this topic?
-
so i did a little bit of scripting.
not nice but works at least on linux.
create 2 files in /var/nedi/inc
netfilter.sh
#!/bin/bash
# grep all location and paste at end without linefeed
grep netfilter netfilter-location.txt | tr -d '\n' >> netfilter-location.txt
# replace all netfilter word with the regex or |
sed -i -e '$s/netfilter /|/g' netfilter-location.txt
# insert keyword netfilter on first position on last line
sed -i -e '$s/^./netfilter /g' netfilter-location.txt
# variable for NeDi replace string
netfill=`tail -n 1 netfilter-location.txt`
# replace netfilter string in NeDi conf with new generated one
sed -i '/^netfilter /c\'"$netfill"'' /var/nedi/nedi.conf
# Delete temp inlput
sed -i '$ d' netfilter-location.txt
and the second one is netfilter-location.txt with your location like these
#Location A
netfilter 10.68.1.{1,3}|10.68.16.8$|10.68.18.100|10.68.52.{1,3}|10.68.53.{1,3}|10.68.84.22[5-6]
#Location A-1
netfilter 10.68.14[4-7].[5-9]$|10.68.144.10$
#Location B
netfilter 10.72.3.{1,3}|10.72.15.{1,3}|10.72.99.[2,3]|
#Location C
netfilter 10.81.105.1[1-9]$|10.81.105.1$
#Location D
netfilter 10.81.220.15[1-4]|10.81.223.229|10.81.223.230|10.81.223.24[3-6]|10.81.223.254
#Location E
netfilter 10.83.126.2$|10.83.126.20$
#Location F
netfilter 10.81.64.241|10.81.92.{1,3}|10.81.172.10$
#Location F-1
netfilter 10.81.175.[129-158]
#Location G
netfilter 10.81.192.1|10.81.194.73|10.81.175.[65-99]
and so on
than edit the netfilter-location.txt to your need.
once done call the netfilter.sh
it will replace the netfilter string in your nedi.conf
always backup your nedi.conf
test it before you use it.
the downside is, that if you edit your netfilter in the nedi conf directly without the netfilter-location.txt it will be replaced once you generate the new string
-
Thanks for this! I'll look into turning netfilter into an array to support multiple entries in nedi.conf natively...
-
Hi ascii, hi rickli,
thank you for the script. I've got a very similar problem/question:
Is it possible to combine positive and negative entries over multiple lines (blacklisting)?
Our devices are spread more and more over multiple Class B networks so that it's no more possible to declare whitelists. Instead I would like to exclude some networks.
-
Have a look at the documentation about seedlists, which allow defining ranges. Preceeding IPs with a ! will exclude them...