From 539bafbee753555638c8ec1aad822b0889f372bd Mon Sep 17 00:00:00 2001 From: wirefalls <75191981+wirefalls@users.noreply.github.com> Date: Sun, 21 Aug 2022 20:39:52 -0600 Subject: [PATCH] Add code to detect duplicate country codes in refill-sets.conf The new code detects blank and duplicate country codes in define-ipv4 and define-ipv6 lines in the configuration file. README.md: Correct URL link to feature article at LinuxSecurity.com. --- README.md | 2 +- geo-nft.sh | 37 ++++++++++++++++++++++++++++++++++++- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index b2251c7..41e63b9 100644 --- a/README.md +++ b/README.md @@ -44,7 +44,7 @@ awk, curl, grep, gunzip, sed, sort, stat Please see our [Discussions Page](https://github.com/wirefalls/geo-nft/discussions) to ask for help, share ideas, or for questions about the project. #### Around the Web -Feature Article - LinuxSecurity.com - [Geolocation for nftables Brings Simplicity & Flexibility to Geolocation Matching](https://linuxsecurity.com/features/features/geolocation-for-nftables) +Feature Article - LinuxSecurity.com - [Geolocation for nftables Brings Simplicity & Flexibility to Geolocation Matching](https://linuxsecurity.com/features/geolocation-for-nftables) Slashdot.org - [Should You Block Connections to Your Network From Foreign Countries?](https://news.slashdot.org/story/21/02/13/2231248/should-you-block-connections-to-your-network-from-foreign-countries) diff --git a/geo-nft.sh b/geo-nft.sh index 0b06392..7f1d022 100755 --- a/geo-nft.sh +++ b/geo-nft.sh @@ -24,7 +24,7 @@ # Standard script variables. # Semantic version number of this script. -geo_nft_ver=v2.2.8 +geo_nft_ver=v2.2.9 # Filename of this script. script_name="geo-nft.sh" @@ -553,6 +553,23 @@ check_refill_config() { # Capitalize the country code. cc="$(awk '{print toupper($0)}' <<<"$cc")" + # Test if the country code is blank. + if [ -z "$cc" ]; then + error_log "There's a blank country code in your 'define-ipv4' line in $refill_conf." \ + "Remove the blank country code from the line shown below. The blank entry will be skipped." \ + "Bad line: $line" + continue + fi + + # Test if the country code is already in the array (country code repeated in refill-sets.conf list). + if [[ "${cc4_array[*]}" =~ (^|[^[:alpha:]])$cc([^[:alpha:]]|$) ]]; then + #if [[ -v $cc4_array[$cc] ]]; then + error_log "Country code '$cc' is duplicated in your 'define-ipv4' line in $refill_conf." \ + "Remove any duplicates from the line shown below. The duplicate entry will be skipped." \ + "Bad line: $line" + continue + fi + # Verify that the country code definition file exists in the countrysets directory. if [ -s "$cc_dir/$cc.ipv4" ]; then cc4_array+=("\$$cc.ipv4") @@ -562,6 +579,7 @@ check_refill_config() { "The missing country code was not added to the set." \ "Line: $line" cc_line="yes" + continue fi done <<<"$country_codes" @@ -644,6 +662,22 @@ check_refill_config() { # Capitalize the country code. cc="$(awk '{print toupper($0)}' <<<"$cc")" + # Test if the country code is blank. + if [ -z "$cc" ]; then + error_log "There's a blank country code in your 'define-ipv6' line in $refill_conf." \ + "Remove the blank country code from the line shown below. The blank entry will be skipped." \ + "Bad line: $line" + continue + fi + + # Test if the country code is already in the array (country code repeated in refill-sets.conf list). + if [[ "${cc6_array[*]}" =~ (^|[^[:alpha:]])$cc([^[:alpha:]]|$) ]]; then + error_log "Country code $cc is duplicated in your 'define-ipv6' line in $refill_conf." \ + "Remove any duplicates from the line shown below. The duplicate entry will be skipped." \ + "Bad line: $line" + continue + fi + # Verify that the country code definition file exists in the countrysets directory. if [ -s "$cc_dir/$cc.ipv6" ]; then cc6_array+=("\$$cc.ipv6") @@ -653,6 +687,7 @@ check_refill_config() { "The missing country code was not added to the set." \ "Line: $line" cc_line="yes" + continue fi done <<<"$country_codes"