Expire entries older than 8 days.

b4b52287 · Steve Kemp · a05b7519 · b4b52287
Commit b4b52287 authored Jul 01, 2010 by Steve Kemp
--- a/firewall/bin/firewall-whitelist
+++ b/firewall/bin/firewall-whitelist
@@ -6,6 +6,10 @@
 #
 # SYNOPSIS
 #
+#  Options:
+#
+#   --prefix      The directory to operate upon.
+#
 #  Help Options:
 #
 #   --help        Show the help information for this script.
@@ -31,29 +35,34 @@ require 'ipaddr'

 opts = GetoptLong.new(
    [ '--help',    '-h', GetoptLong::NO_ARGUMENT ],
-    [ '--verbose', '-v', GetoptLong::NO_ARGUMENT ]
+    [ '--verbose', '-v', GetoptLong::NO_ARGUMENT ],
+    [ '--prefix',  '-p', GetoptLong::REQUIRED_ARGUMENT ]
 )


-help = false
+#
+#  The options set by the command line.
+#
+$HELP    = false
 $VERBOSE = false
-show_all = false
+$PREFIX  = "/etc/symbiosis/firewall/whitelist.d"

 opts.each do |opt,arg|
  case opt
    when '--help'
-      help = true
+      $HELP = true
    when '--verbose'
      $VERBOSE = true
-    when '--show-all'
-      show_all = true
+    when '--prefix'
+      $PREFIX = arg
  end
 end

+
 #
 # CAUTION! Here be quality kode.
 #
-if help
+if $HELP
  # Open the file, stripping the shebang line
  lines = File.open(__FILE__){|fh| fh.readlines}[2..-1]

@@ -66,6 +75,29 @@ if help
  exit 0
 end

+
+#
+#  Expire old entries first of all, then add new ones.
+#
+puts "Expiring old whitelist entries" if ( $VERBOSE )
+
+expired = 0
+
+if ( File.directory?( $PREFIX ) )
+  Dir.foreach( $PREFIX ) do |entry|
+    if ( ( entry =~ /\.auto$/i ) && 
+         (File.mtime( "#{$PREFIX}/#{entry}" ) <  ( Time.now - 8 * 24 * 60 * 60 ) ) )
+    then
+      puts "Removing #{$PREFIX}/#{entry}" if ( $VERBOSE )
+      File.unlink("#{$PREFIX}/#{entry}")
+      expired += 1
+    end
+  end
+end
+puts "Expiring done - removed #{expired} file(s)" if ( $VERBOSE )
+
+
+
 ip_addresses = {}


@@ -95,7 +127,7 @@ ip_addresses.each_key do |ip|
    if ( File.exists?( "/etc/symbiosis/firewall/whitelist.d/#{ip}" ) )
      puts "\tAlready whitelisted" if ( $VERBOSE )
    else
-      # ensure the direcotry exists.
+      # ensure the directory exists.
      if ( ! File.directory?( "/etc/symbiosis/firewall/whitelist.d" ) )
        system( "mkdir -p /etc/symbiosis/firewall/whitelist.d" )
      end