Welcome, Guest. Please login or register.

Author Topic: netfilter over multiple lines  (Read 4968 times)

ascii

  • Full Member
  • ***
  • Posts: 107
    • View Profile
netfilter over multiple lines
« on: July 05, 2016, 09:55:35 am »
Hello together,

i was wondering if it is possible to write the netfilter over multiple lines.
I have multiple location (20+) in my nedi.

my netfilter statement is getting really long and messy.

i is possible to have multiple netfilter statements in the config?

like
Code: [Select]
#location A
netfilter a.b.c.d

#location b
netfilter e.f.g.h

location c
netfilter i.j.k.l

and so on

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2893
    • View Profile
    • NeDi
Re: netfilter over multiple lines
« Reply #1 on: July 06, 2016, 08:05:33 pm »
"netfilter" was added as addition to "border", which should stop the discovery at certain devices. Both have their limitations (even combined). I'll keep it in mind and see what comes up.

Maybe others have good ideas on this topic?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

ascii

  • Full Member
  • ***
  • Posts: 107
    • View Profile
Re: netfilter over multiple lines
« Reply #2 on: July 08, 2016, 08:50:37 am »
so i did a little bit of scripting.
not nice but works at least on linux.

create 2 files in /var/nedi/inc

netfilter.sh
Code: [Select]
#!/bin/bash

# grep all location and paste at end without linefeed
grep netfilter netfilter-location.txt | tr -d '\n' >> netfilter-location.txt

# replace all netfilter word with the regex or |
sed -i -e '$s/netfilter /|/g' netfilter-location.txt

# insert keyword netfilter on first position on last line
sed -i -e '$s/^./netfilter /g' netfilter-location.txt

# variable for NeDi replace string
netfill=`tail -n 1 netfilter-location.txt`

# replace netfilter string in NeDi conf with new generated one
sed -i '/^netfilter /c\'"$netfill"'' /var/nedi/nedi.conf

# Delete temp inlput
sed -i '$ d' netfilter-location.txt

and the second one is netfilter-location.txt with your location like these
Code: [Select]
#Location A
netfilter 10.68.1.{1,3}|10.68.16.8$|10.68.18.100|10.68.52.{1,3}|10.68.53.{1,3}|10.68.84.22[5-6]
#Location A-1
netfilter 10.68.14[4-7].[5-9]$|10.68.144.10$

#Location B
netfilter 10.72.3.{1,3}|10.72.15.{1,3}|10.72.99.[2,3]|

#Location C
netfilter 10.81.105.1[1-9]$|10.81.105.1$

#Location D
netfilter 10.81.220.15[1-4]|10.81.223.229|10.81.223.230|10.81.223.24[3-6]|10.81.223.254

#Location E
netfilter 10.83.126.2$|10.83.126.20$

#Location F
netfilter 10.81.64.241|10.81.92.{1,3}|10.81.172.10$
#Location F-1
netfilter 10.81.175.[129-158]

#Location G
netfilter 10.81.192.1|10.81.194.73|10.81.175.[65-99]

and so on

than edit the netfilter-location.txt to your need.
once done call the netfilter.sh

it will replace the netfilter string in your nedi.conf
always backup your nedi.conf
test it before you use it.

the downside is, that if you edit your netfilter in the nedi conf directly without the netfilter-location.txt it will be replaced once you generate the new string

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2893
    • View Profile
    • NeDi
Re: netfilter over multiple lines
« Reply #3 on: July 21, 2016, 11:03:53 am »
Thanks for this! I'll look into turning netfilter into an array to support multiple entries in nedi.conf natively...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

dobst

  • Full Member
  • ***
  • Posts: 154
    • View Profile
Re: netfilter over multiple lines
« Reply #4 on: January 09, 2018, 07:45:23 am »
Hi ascii, hi rickli,

thank you for the script. I've got a very similar problem/question:

Is it possible to combine positive and negative entries over multiple lines (blacklisting)?

Our devices are spread more and more over multiple Class B networks so that it's no more possible to declare whitelists. Instead I would like to exclude some networks.

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2893
    • View Profile
    • NeDi
Re: netfilter over multiple lines
« Reply #5 on: January 11, 2018, 10:41:06 pm »
Have a look at the documentation about seedlists, which allow defining ranges. Preceeding IPs with a ! will exclude them...
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo