From owner-freebsd-users-jp@freebsd.org Sun Mar 5 15:36:23 2017 Return-Path: Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D9B0BCF9CF7 for ; Sun, 5 Mar 2017 15:36:23 +0000 (UTC) (envelope-from hiroo.ono@gmail.com) Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AD28D11F6 for ; Sun, 5 Mar 2017 15:36:23 +0000 (UTC) (envelope-from hiroo.ono@gmail.com) Received: by mail-oi0-x236.google.com with SMTP id 62so75105950oih.2 for ; Sun, 05 Mar 2017 07:36:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:reply-to:sender:from:date:message-id:subject:to :content-transfer-encoding; bh=Ew33Ai7tgLdaOFELgfNSNAa+geaV3bCg4LmMNtvozus=; b=MC8DnJV60ShFYGzTSQHfbdCWfE0VnPT+wb2zoAoKSKXndhjspga4HKrHbQM+kkfMRw vFxWoV4gb8POfxzTUptTJ3b2HXnPgIINRq0EfeppJKRhH5dmk/VwKLuSnQnbfh+ygFK3 jYyWr0xxWK1tfTPrBY0NJHZ/5oxsRkv8SNHcunGJeToZZ8OKme/MvK9R6nqbF3mAuE2j QC+hnJ4bZ4B7b4wRCIqn07LuYcZtKb7ZZtZGfvbyEd8st2PxeBwINf5vXA7n4TIRRmsU 1qqkUJAgAuT/6K6jiPrBLaeSpg/WbfmcoNom9xrzallInoMJqHGKHUQGaVxuAwTosvig AguQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:sender:from:date :message-id:subject:to:content-transfer-encoding; bh=Ew33Ai7tgLdaOFELgfNSNAa+geaV3bCg4LmMNtvozus=; b=YlHre0p3FO+mbhHdXKJydhqkkMRwEqgcVgpJ+e9ANBA0zydfj0BukX7RLhLVJ1oC0e 77ejkPC+ePaAT2fQGFvZRT9SGAVxPkDIF+NGZ74s+VgC14AOBI0cQMS088uXInwkHTO/ Ez5mKkj4H5xYxuasIHTD7cZvWhBZalj25uTZJirVWA53lq0kkOhVQLWwcZxETf8+Gkf1 O+XwvRAMG2NstJXJ7o5NVXll2rSIPSBloXsRCprP8tCQGeu8zJDOqzRfHexmZWrfH0TE AwuUh6SVx8/40JUsMBvfTMJYI0uGsXlSfzgsdK25G+gJeSoHX6a0TFdeYUEhhlP3B2xv SZHA== X-Gm-Message-State: AMke39kKMhW2AWfpgHgsHIKS9kOo8UYjHtsJz4ov+VAtyBrmSXXyii6lg+TB+i5BpPzAOFpwRpkd8u9Dy7XNAQ== X-Received: by 10.202.227.143 with SMTP id a137mr6126874oih.64.1488728182972; Sun, 05 Mar 2017 07:36:22 -0800 (PST) MIME-Version: 1.0 Reply-To: hiroo.ono+freebsd@gmail.com Sender: hiroo.ono@gmail.com Received: by 10.74.131.84 with HTTP; Sun, 5 Mar 2017 07:36:22 -0800 (PST) From: =?UTF-8?B?SGlyb28gT25vICjlsI/ph47lr5vnlJ8p?= Date: Mon, 6 Mar 2017 00:36:22 +0900 X-Google-Sender-Auth: bNc_tkreXQRNUCr6wOWyb5iBuhU Message-ID: To: freebsd-users-jp@freebsd.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: base64 Subject: [FreeBSD-users-jp 96054] tmux on FreeBSD/powerpc64 X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Mar 2017 15:36:23 -0000 5bCP6YeO5a+b55Sf44Gn44GZ44CCDQoNCkZyZWVCU0QvcG93ZXJwYzY0IDEyLjAtQ1VSUkVOVCAo cjMxMzU2MSkg44GnIHRtdXgg44KS44OT44Or44OJ44GX44Gm44Kk44Oz44K544OI44O844Or44GX 44Gf44Gu44Gn44GZ44GM44CBDQrmrKHjga7jgojjgYbjgarjgqjjg6njg7zjg6Hjg4Pjgrvjg7zj grjjgYzlh7rjgabli5XjgY3jgb7jgZvjgpPjgIINCuOBk+OCjOOBvuOBpyBzdGFibGUg44GuIGkz ODYsIGFtZDY0IOOBp+OBr+eJueOBq+ioreWumuOBquOBl+OBp+WLleOBi+OBl+OBpuOBhOOBn+OB ruOBp+OAgeOBqeOBk+OCkuimi+OCjOOBsOOCiOOBhOOBi+OBqOOBi+OBleOBo+OBseOCiuOCj+OB i+OCieOBquOBhOOBruOBp+OBmeOBjOOAgQ0K44GT44GG44GE44GG44Go44GT44KN44KS44OB44Kn 44OD44Kv44GX44Gf44KJ44KI44GE44Go44GL44GC44KK44G+44GZ44Gn44GX44KH44GG44GLPw0K DQrjgb7jgZrjgIHnibnjgavnkrDlooPlpInmlbDjgpLov73liqDjgafoqK3lrprjgZvjgZrjgasg cm9vdCDjgafli5XjgYvjgZfjgZ/loLTlkIg6DQoNCiMgdG11eA0KdG11eDogbmVlZCBVVEYtOCBs b2NhbGUgKExDX0NUWVBFKSBidXQgaGF2ZSBVUy1BU0NJSQ0KDQrjgafjga/jgajjgYTjgYbjgZPj gajjgafjgIFzZXRlbnYgTENfQ1RZUEUgamFfSlAuVVRGLTgg44GX44Gm5YuV44GL44GX44Gm44G/ 44Gf5aC05ZCIOg0KDQojIHRtdXgNCnRtdXg6IGludmFsaWQgTENfQUxMLCBMQ19DVFlQRSBvciBM QU5HDQoNCuWLleOBkeOBsCBzeXN1dGlscy9zY3JlZW4g44Gn44GE44GE44KT44GY44KD44Gq44GE 44GL44Go44GE44GG6Kmx44KC44GC44KL44Gu44Gn44CB44Gd44Gj44Gh44Gv54++5Zyo5YuV44GL 44GX44Gm44GE44KLIHBvdWRyaWVyZSBidWxrIOOBjOe1guOCj+OBo+OBn+OCieippuOBl+OBpuOB v+OBvuOBmeOAgg0K From owner-freebsd-users-jp@freebsd.org Tue Mar 7 09:35:21 2017 Return-Path: Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 23317D00D30 for ; Tue, 7 Mar 2017 09:35:21 +0000 (UTC) (envelope-from matumoto@pluto.ai.kyutech.ac.jp) Received: from pluto44.pluto.ai.kyutech.ac.jp (pluto44.pluto.ai.kyutech.ac.jp [131.206.22.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E3BB61308 for ; Tue, 7 Mar 2017 09:35:20 +0000 (UTC) (envelope-from matumoto@pluto.ai.kyutech.ac.jp) Received: from localhost (localhost [IPv6:::1]) by pluto44.pluto.ai.kyutech.ac.jp (Postfix) with ESMTP id ED82467717; Tue, 7 Mar 2017 18:26:32 +0900 (JST) Date: Tue, 07 Mar 2017 18:26:32 +0900 (JST) Message-Id: <20170307.182632.2029998101879781962.matumoto@pluto.ai.kyutech.ac.jp> To: freebsd-users-jp@freebsd.org From: Ryuji MATSUMOTO X-Mailer: Mew version 6.7 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Subject: [FreeBSD-users-jp 96055] =?iso-2022-jp?b?RE5TGyRCJHI0RjtrJDckRkYwRSokSxsoQmlwZnc=?= =?iso-2022-jp?b?GyRCJE4layE8JWskckRJMkMbKEIvGyRCOm89fCQ5JGslRCE8JWsbKEI=?= =?iso-2022-jp?b?GyRCISUbKEI=?= X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 09:35:21 -0000 松元@福岡です. こういうツールをご存知の方はいらっしゃいませんか. FreeBSDのFirewall(ipfw)に hostnameを記載しても,ipfwが実行 された時に引いたIPアドレス固定になるようです. http://www.jp.freebsd.org/man-jp/search.html 日本語マニュアル RELEASE 10-1-RELEASE-K ipfw --- numeric-ip | hostname ドットで区切った数字 4 つ組またはホスト名で指定した、1 つ の IPv4 アドレスが適合します。ホスト名の名前解決は、その 規則がファイアウォールのリストに追加されるときに行われま す。 --- 上記だとhostname-IPアドレスの対応が変化した時に動かなくなるので,定期的 にDNSを参照して Firewallのルールを更新してくれるツールです. 具体的にやりたい事は,外部のSMTP/IMAPサーバのIPを監視しててIPアドレスに 変動があれば更新する.(具体的にはGmail/Office365.) 例えばimapサーバ向けにportを開けるipfwルール12340-12341があるとします. imap.example.com : IPが192.0.2.1, 192.0.2.2とします. > 12340 allow tcp from LOCAL-IP to 192.0.2.1 dst-port 993 > 12341 allow tcp from LOCAL-IP to 192.0.2.2 dst-port 993 これIPが変化したら無効になります.なので,こんな感じで while(1) { sleep(1時間ぐらい); dig +short imap.example.com > ip-list.txt if(ip-list.txtの中身が変動した) { ipfwルール番号 12340-12341を削除する. ipfwルール番号 12340-12341の所に新しいルールを追加する. } } こういう事をやってくれるツールがどこかにありそうな気がするのですが. -- 松元隆二 From owner-freebsd-users-jp@freebsd.org Tue Mar 7 10:50:38 2017 Return-Path: Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 26ECED0140D for ; Tue, 7 Mar 2017 10:50:38 +0000 (UTC) (envelope-from hrs@allbsd.org) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.allbsd.org", Issuer "RapidSSL SHA256 CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7DAF41D3E for ; Tue, 7 Mar 2017 10:50:37 +0000 (UTC) (envelope-from hrs@allbsd.org) Received: from mail-d.allbsd.org (p2027-ipbf1605funabasi.chiba.ocn.ne.jp [123.225.191.27]) (authenticated bits=56) by mail.allbsd.org (8.15.2/8.15.2) with ESMTPSA id v27AoCL7015384 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) (Client CN "/OU=GT07882699/OU=See+20www.rapidssl.com/resources/cps+20+28c+2915/OU=Domain+20Control+20Validated+20-+20RapidSSL+28R+29/CN=*.allbsd.org", Issuer "/C=US/O=GeoTrust+20Inc./CN=RapidSSL+20SHA256+20CA+20-+20G3"); Tue, 7 Mar 2017 19:50:32 +0900 (JST) (envelope-from hrs@allbsd.org) Received: from alph.allbsd.org (alph.allbsd.org [192.168.0.10]) by mail-d.allbsd.org (8.15.2/8.15.2) with ESMTPS id v27AmvfP046885 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 7 Mar 2017 19:48:57 +0900 (JST) (envelope-from hrs@allbsd.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.allbsd.org (8.15.2/8.15.2) with ESMTPA id v27AmtP7046882; Tue, 7 Mar 2017 19:48:57 +0900 (JST) (envelope-from hrs@allbsd.org) Date: Tue, 07 Mar 2017 19:48:18 +0900 (JST) Message-Id: <20170307.194818.1218798633239477588.hrs@allbsd.org> To: matumoto@pluto.ai.kyutech.ac.jp Cc: freebsd-users-jp@freebsd.org From: Hiroki Sato In-Reply-To: <20170307.182632.2029998101879781962.matumoto@pluto.ai.kyutech.ac.jp> References: <20170307.182632.2029998101879781962.matumoto@pluto.ai.kyutech.ac.jp> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.7 on Emacs 25.1 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart0(Tue_Mar__7_19_48_18_2017_203)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.99 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender DNS name whitelisted, not delayed by milter-greylist-4.4.3 (mail.allbsd.org [133.31.130.32]); Tue, 07 Mar 2017 19:50:33 +0900 (JST) X-Spam-Status: No, score=1.6 required=13.0 tests=CONTENT_TYPE_PRESENT, ISO2022JP_BODY,QENCPTR1,RP_MATCHES_RCVD,URIBL_SC2_SURBL,URIBL_XS_SURBL autolearn=no autolearn_force=no version=3.4.1 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on gatekeeper.allbsd.org Subject: [FreeBSD-users-jp 96056] Re: =?iso-2022-jp?b?RE5TGyRCJHI0RjtrJDckRkYwRSokSxsoQmlwZnc=?= =?iso-2022-jp?b?GyRCJE4layE8JWskckRJMkMbKEIvGyRCOm89fCQ5JGslRCE8JWsbKEI=?= =?iso-2022-jp?b?GyRCISUbKEI=?= X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2017 10:50:38 -0000 ----Security_Multipart0(Tue_Mar__7_19_48_18_2017_203)-- Content-Type: Multipart/Mixed; boundary="--Next_Part(Tue_Mar__7_19_48_18_2017_652)--" Content-Transfer-Encoding: 7bit ----Next_Part(Tue_Mar__7_19_48_18_2017_652)-- Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Ryuji MATSUMOTO wrote in <20170307.182632.2029998101879781962.matumoto@pluto.ai.kyutech.ac.jp>: ma> > 12340 allow tcp from LOCAL-IP to 192.0.2.1 dst-port 993 ma> > 12341 allow tcp from LOCAL-IP to 192.0.2.2 dst-port 993 (snip) ma> while(1) ma> { ma> sleep(1時間ぐらい); ma> ma> dig +short imap.example.com > ip-list.txt ma> ma> if(ip-list.txtの中身が変動した) ma> { ma> ipfwルール番号 12340-12341を削除する. ma> ipfwルール番号 12340-12341の所に新しいルールを追加する. ma> } ma> } ma> ma> こういう事をやってくれるツールがどこかにありそうな気がするのですが. 12340 allow tcp from LOCAL-IP to table(1) dst-port 993 というようなルールを定義して、添付のようなスクリプトを cron でまわすのはいかがでしょうか。 -- Hiroki ----Next_Part(Tue_Mar__7_19_48_18_2017_652)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="ipfwtbl_dns.sh" #!/bin/sh TARGET=${1:-imap.example.com} TBLNUM=1 fifo1="/tmp/ipfwtbl_dns1.$$" fifo2="/tmp/ipfwtbl_dns2.$$" rm -f $fifo1 $fifo2 mkfifo -m 0600 $fifo1 $fifo2 || exit 1 host -t A $TARGET | while read d d TYPE IPADDR; do case $TYPE in address) echo $IPADDR HOST ;; esac done | sort > $fifo1 & ipfw table $TBLNUM list | while read IPADDR d; do case $IPADDR in -*) ;; */32) echo ${IPADDR%/32} IPFW ;; esac done | sort > $fifo2 & join -v 1 -v 2 $fifo1 $fifo2 | while read IPADDR MODE; do case $MODE in HOST) # found in DNS but not found in IPFW table ipfw table $TBLNUM add $IPADDR/32 ;; IPFW) # found in IPFW table but not found in DNS ipfw table $TBLNUM delete $IPADDR/32 ;; esac done rm -f $fifo1 $fifo2 ----Next_Part(Tue_Mar__7_19_48_18_2017_652)---- ----Security_Multipart0(Tue_Mar__7_19_48_18_2017_203)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAli+j/IACgkQTyzT2CeTzy3BEwCeIAWr2BmvTgOlrqmA84HqqvFh 4K4AoJ2zsyGr30KrzZUuDpbSJAbTnr+m =N8P2 -----END PGP SIGNATURE----- ----Security_Multipart0(Tue_Mar__7_19_48_18_2017_203)---- From owner-freebsd-users-jp@freebsd.org Thu Mar 9 08:11:27 2017 Return-Path: Delivered-To: freebsd-users-jp@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5FD8D049D8 for ; Thu, 9 Mar 2017 08:11:27 +0000 (UTC) (envelope-from matumoto@pluto.ai.kyutech.ac.jp) Received: from pluto44.pluto.ai.kyutech.ac.jp (pluto44.pluto.ai.kyutech.ac.jp [131.206.22.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B87C41F6E for ; Thu, 9 Mar 2017 08:11:27 +0000 (UTC) (envelope-from matumoto@pluto.ai.kyutech.ac.jp) Received: from localhost (localhost [IPv6:::1]) by pluto44.pluto.ai.kyutech.ac.jp (Postfix) with ESMTP id A856567716; Thu, 9 Mar 2017 17:11:17 +0900 (JST) Date: Thu, 09 Mar 2017 17:11:17 +0900 (JST) Message-Id: <20170309.171117.491490340271419574.matumoto@pluto.ai.kyutech.ac.jp> To: freebsd-users-jp@freebsd.org From: Ryuji MATSUMOTO In-Reply-To: <20170307.194818.1218798633239477588.hrs@allbsd.org> References: <20170307.182632.2029998101879781962.matumoto@pluto.ai.kyutech.ac.jp> <20170307.194818.1218798633239477588.hrs@allbsd.org> X-Mailer: Mew version 6.7 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Subject: [FreeBSD-users-jp 96057] Re: =?iso-2022-jp?b?RE5TGyRCJHI0RjtrJDckRkYwRSokSxsoQmlwZnc=?= =?iso-2022-jp?b?GyRCJE4layE8JWskckRJMkMbKEIvGyRCOm89fCQ5JGslRCE8JWsbKEI=?= =?iso-2022-jp?b?GyRCISUbKEI=?= X-BeenThere: freebsd-users-jp@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Discussion relevant to FreeBSD communities in Japan List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2017 08:11:28 -0000 松元@福岡です. Hiroki様: Subject: Re: [FreeBSD-users-jp 96055] DNSを監視して動的にipfwのルールを追加/削除するツール. Date: Tue, 07 Mar 2017 19:48:18 +0900 (JST) > 12340 allow tcp from LOCAL-IP to table(1) dst-port 993 > > というようなルールを定義して、添付のようなスクリプトを > cron でまわすのはいかがでしょうか。 ありがとうございます(_m_) 非常に簡潔なスクリプトで感動してしまいました! ----------- PS: 返事が遅くすいません.私のメール振り分けルールが悪くて見落としてい ました,こちらを見たら返事がついててビックリしてしまいました(^_^; https://lists.freebsd.org/pipermail/freebsd-users-jp/2017-March/subject.html#1056 実は,昨日からperlでゴソゴソ書いてました. $ wc ipfw-dns-kanshi.pl 320 637 7501 ipfw-dns-kanshi.pl 同じ事をするスクリプトが何故か320行! ついでにまだ完成してない! -- 松元隆二