BASH - sync-snort2c-tables.sh
From IT-Arts.net
sync-snort2c-tables.sh
#!/bin/bash
# ==============================
# User-defined variables
# ==============================
# Space-separated list of source pfSense IPs
IP_SOURCE_PFSENSE="1.2.3.4 5.6.7.8"
# Destination pfSense IP
IP_DESTINATION_PFSENSE="10.11.12.13"
# SSH user (usually root on pfSense)
SSH_USER="root"
# Name of the PF table created/managed by snort2c
PF_TABLE_NAME="snort2c_blacklist"
# Temporary working directory
WORKDIR="/tmp/snort2c_merge"
MERGED_FILE="${WORKDIR}/merged_ips.txt"
# ==============================
# Safety checks
# ==============================
set -euo pipefail
mkdir -p "${WORKDIR}"
> "${MERGED_FILE}"
# ==============================
# Fetch IPs from source pfSense
# ==============================
echo "[*] Fetching IP lists from source pfSense firewalls..."
for SRC_IP in ${IP_SOURCE_PFSENSE}; do
echo " - Connecting to ${SRC_IP}"
ssh "${SSH_USER}@${SRC_IP}" \
"pfctl -t ${PF_TABLE_NAME} -T show" \
>> "${MERGED_FILE}"
done
# ==============================
# Merge and deduplicate
# ==============================
echo "[*] Merging and deduplicating IPs..."
sort -u "${MERGED_FILE}" -o "${MERGED_FILE}"
IP_COUNT=$(wc -l < "${MERGED_FILE}")
echo " -> Total unique IPs: ${IP_COUNT}"
# ==============================
# Inject into destination pfSense
# ==============================
echo "[*] Injecting merged list into destination pfSense (${IP_DESTINATION_PFSENSE})..."
ssh "${SSH_USER}@${IP_DESTINATION_PFSENSE}" \
"pfctl -t ${PF_TABLE_NAME} -T replace -f -" \
< "${MERGED_FILE}"
echo "[✓] Injection completed successfully."
