korc/dns2ipset.sh

## dns2ipset.sh
#!/bin/sh

set -e
setname="$1"

test -n "$setname" -a -n "$2" || {
  echo "Usage: ${0##*/} <setname> <pattern..>" >&2
  exit 1
}

shift

: ${iface:=lo}
: ${bpf:=udp and src port 53}
: ${ws_user:=nobody}

test -n "$ws_group" -o ! -s $(which dumpcap) || ws_group="$(stat -c %G "$(which dumpcap)")"
: ${ws_group:=wireshark}

cd /
sudo -u "$ws_user" -g "$ws_group" tshark -l -i $iface -f "$bpf" -T fields -e dns.qry.name -e dns.a | while read query ips;do
  echo "DNS query: '$query', returned IPs: '$ips'"
  test -n "$ips" || continue
  for pattern;do
      case "$query" in
        $pattern)
          echo "Matched pattern: '$pattern', adding to '$setname'"
          echo "$ips" | tr , \\n | sed -e "s/^/add $setname /" | ipset -exist restore
        ;;
      esac
  done
done
	#!/bin/sh

	set -e
	setname="$1"

	test -n "$setname" -a -n "$2" \|\| {
	echo "Usage: ${0##*/} <setname> <pattern..>" >&2
	exit 1
	}

	shift

	: ${iface:=lo}
	: ${bpf:=udp and src port 53}
	: ${ws_user:=nobody}

	test -n "$ws_group" -o ! -s $(which dumpcap) \|\| ws_group="$(stat -c %G "$(which dumpcap)")"
	: ${ws_group:=wireshark}

	cd /
	sudo -u "$ws_user" -g "$ws_group" tshark -l -i $iface -f "$bpf" -T fields -e dns.qry.name -e dns.a \| while read query ips;do
	echo "DNS query: '$query', returned IPs: '$ips'"
	test -n "$ips" \|\| continue
	for pattern;do
	case "$query" in
	$pattern)
	echo "Matched pattern: '$pattern', adding to '$setname'"
	echo "$ips" \| tr , \\n \| sed -e "s/^/add $setname /" \| ipset -exist restore
	;;
	esac
	done
	done