Created
August 2, 2017 01:40
-
-
Save ryancdotorg/8fc8a41f70c24a75626ddc50328a62c0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
import re | |
import os | |
import sys | |
import glob | |
import signal | |
import socket | |
import subprocess | |
PIDFILE = '/var/run/dnsmasq/dnsmasq.pid' | |
files = ['/etc/dnsmasq.conf'] + glob.glob('/etc/dnsmasq.d/*') | |
shouldFlush = False | |
setmap = {} | |
ipmap = {} | |
for filename in files: | |
if re.search('\.dpkg-(?:dist|new|old)$', filename): | |
continue | |
with open(filename) as f: | |
for line in iter(f.readline,''): | |
line = line.strip() | |
if line.startswith('ipset=/'): | |
domains = line.split('/')[1:] | |
ipsets = domains.pop().split(',') | |
for ipset in ipsets: | |
if ipset not in setmap: | |
setmap[ipset] = set() | |
for domain in domains: | |
if domain not in ipmap: | |
ipmap[domain] = set() | |
for addr in socket.getaddrinfo(domain, None): | |
ipmap[domain].add(addr[4][0]) | |
setmap[ipset].add(domain) | |
for ipset in setmap: | |
valid = set() | |
listed = set() | |
for domain in setmap[ipset]: | |
valid.update(ipmap[domain]) | |
proc = subprocess.Popen(['ipset', 'save', ipset], stdout=subprocess.PIPE) | |
for line in map(lambda x: x.strip(), proc.stdout.readlines()): | |
if line.startswith('add '): | |
listed.add(line.split(' ')[2]) | |
for ip in listed.difference(valid): | |
shouldFlush = True | |
print 'removing ip %s from set %s' % (ip, ipset) | |
subprocess.call(['ipset', 'del', ipset, ip]) | |
if shouldFlush: | |
# SIGHUP tells dnsmasq to reread host files and flush the cache | |
os.kill(int(open(PIDFILE).readline()), signal.SIGHUP) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment