ryancdotorg/clean-dnsmasq-ipset.py

## clean-dnsmasq-ipset.py
#!/usr/bin/env python

import re
import os
import sys
import glob
import signal
import socket
import subprocess

PIDFILE = '/var/run/dnsmasq/dnsmasq.pid'
files = ['/etc/dnsmasq.conf'] + glob.glob('/etc/dnsmasq.d/*')

shouldFlush = False
setmap = {}
ipmap = {}

for filename in files:
    if re.search('\.dpkg-(?:dist|new|old)$', filename):
        continue
    with open(filename) as f:
        for line in iter(f.readline,''):
            line = line.strip()
            if line.startswith('ipset=/'):
                domains = line.split('/')[1:]
                ipsets = domains.pop().split(',')
                for ipset in ipsets:
                    if ipset not in setmap:
                        setmap[ipset] = set()
                    for domain in domains:
                        if domain not in ipmap:
                            ipmap[domain] = set()
                            for addr in socket.getaddrinfo(domain, None):
                                ipmap[domain].add(addr[4][0])
                        setmap[ipset].add(domain)

for ipset in setmap:
    valid = set()
    listed = set()
    for domain in setmap[ipset]:
        valid.update(ipmap[domain])
    proc = subprocess.Popen(['ipset', 'save', ipset], stdout=subprocess.PIPE)
    for line in map(lambda x: x.strip(), proc.stdout.readlines()):
        if line.startswith('add '):
            listed.add(line.split(' ')[2])
    for ip in listed.difference(valid):
        shouldFlush = True
        print 'removing ip %s from set %s' % (ip, ipset)
        subprocess.call(['ipset', 'del', ipset, ip])

if shouldFlush:
    # SIGHUP tells dnsmasq to reread host files and flush the cache
    os.kill(int(open(PIDFILE).readline()), signal.SIGHUP)
	#!/usr/bin/env python

	import re
	import os
	import sys
	import glob
	import signal
	import socket
	import subprocess

	PIDFILE = '/var/run/dnsmasq/dnsmasq.pid'
	files = ['/etc/dnsmasq.conf'] + glob.glob('/etc/dnsmasq.d/*')

	shouldFlush = False
	setmap = {}
	ipmap = {}

	for filename in files:
	if re.search('\.dpkg-(?:dist\|new\|old)$', filename):
	continue
	with open(filename) as f:
	for line in iter(f.readline,''):
	line = line.strip()
	if line.startswith('ipset=/'):
	domains = line.split('/')[1:]
	ipsets = domains.pop().split(',')
	for ipset in ipsets:
	if ipset not in setmap:
	setmap[ipset] = set()
	for domain in domains:
	if domain not in ipmap:
	ipmap[domain] = set()
	for addr in socket.getaddrinfo(domain, None):
	ipmap[domain].add(addr[4][0])
	setmap[ipset].add(domain)

	for ipset in setmap:
	valid = set()
	listed = set()
	for domain in setmap[ipset]:
	valid.update(ipmap[domain])
	proc = subprocess.Popen(['ipset', 'save', ipset], stdout=subprocess.PIPE)
	for line in map(lambda x: x.strip(), proc.stdout.readlines()):
	if line.startswith('add '):
	listed.add(line.split(' ')[2])
	for ip in listed.difference(valid):
	shouldFlush = True
	print 'removing ip %s from set %s' % (ip, ipset)
	subprocess.call(['ipset', 'del', ipset, ip])

	if shouldFlush:
	# SIGHUP tells dnsmasq to reread host files and flush the cache
	os.kill(int(open(PIDFILE).readline()), signal.SIGHUP)