CONNECT-NG command line utility

CONNECT-NG is command line utility, for fast IP check response from shell.
It has a configuration file, all the options are set in the standard way from the command line or from environment variables.
Utility CONNECT-NG makes it possible to check a random IP address, enter it in black or white lists, as well being removed from the list.
Enables you to remotely from the command line to manage ipset server tables as creating, deleting or cleaning.
After checking utility returns one of the following values:

  • 20 - IP address is verified, there is no block
  • 40 - IP address checking is blocked
  • 50 - error communicating with the server
  • 0 - lacks the basic parameters, the program goes to show online help.

To reduce the command line parameters using environment variables, they are set to ksh shell - export command team, they are set to csh shell - setenv command team.
Priority configuration source selector next: command line -> environment variables.
As examples of the use of available files in a directory <ipset-ng-src-dir>/misc/*.sh

To construct this utility from the package IPSET-NG on another computer, you must download the file created after the server build,
unpack it and run the command: make clean ; make connect
Read more about the build process, keys and options can be found in the section: tuning and compile options

Command line options:
-r, --remote=<arg> remote server host
-p, --port=<arg> remote UDP/TCP-SSL port
-f, --family=<arg> select default family ipv protocol: ipv4 or ipv6
-a, --password=<arg> crypt chiper - access to server AES crypt algoritm
-c, --cmd=<arg> ip address command to ipset proccess: test | add | del
-c, --cmd=<arg> table command to ipset proccess: create | flush | destroy
-b, --tbl=<arg> name of ipset table
-t, --type=<arg> type of ipset table: white | black
-i, --ip=<arg> ip address to proccess: 1.2.3.4
-n, --net=<arg> network addresses to proccess: 1.2.3.0/24
-j, --addtbl=<arg> table name to 'master table' proccess, master is type [list:set]
-m, --timeout=<arg> timeout to ip address in ipset table
-d, --dnsbl enable check ip in DNSBL resource
-v, --view view verbose result for test purpose
-s, --ssl SSL connection enable
-o, --ssltm=<arg> SSL connection timeout in seconds
-z, --sslcert=<arg> SSL certificate + ca + key
-u, --sslciph=<arg> SSL cipher string
-e, --env display environment help
-h, --help display this help
More information about API ipset-ng JSON communication protocol.

Examples command line settings:

        # Example no-crypt connection:
        /usr/bin/connect-ng -r 127.0.0.1 -p 1919 -i 3.4.5.6 -b blklist -t black -c test

        # Example crypt connection:
        /usr/bin/connect-ng -r 127.0.0.1 -p 1919 -i 3.4.5.6 -b blklist -t black -c test -a "my access word!"

        # Example ssl connection:
        /usr/bin/connect-ng -r 127.0.0.1 -p 5000 -i 3.4.5.6 -b blklist -t black -c test -d \
            -s -o 45 -z /etc/ipset-ng/ssl/full.client.pem -u "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"

        # Example add network to server black list:
        /usr/bin/connect-ng -r 127.0.0.1 -p 1919 -n 3.4.5.0/28 -b blklist -t black -c add

        # Example unification SSL certificates and keys:
        cd /etc/ipset-ng/ssl
        cat ./cert.client.pem ./cert.ca.pem ./key.client.pem > ./full.client.pem


Environment set command and options:
NG_CONNECT_remote remote server host
NG_CONNECT_port remote UDP/TCP-SSL port
NG_CONNECT_family select default family ipv protocol: ipv4 or ipv6
NG_CONNECT_password crypt chiper - access to server AES crypt algoritm
NG_CONNECT_timeout timeout to ip address in ipset table
NG_CONNECT_dnsbl enable check ip in DNSBL resource
NG_CONNECT_ssl SSL connection enable
NG_CONNECT_ssltm SSL connection timeout
NG_CONNECT_sslcert SSL certificate + ca + key
NG_CONNECT_sslciph SSL cipher string
Example ksh:
        export NG_CONNECT_port="1919"
        export NG_CONNECT_remote="127.0.0.1"
Example csh:
        setenv NG_CONNECT_port="1919"
        setenv NG_CONNECT_remote="127.0.0.1"
Examples shell script make UDP connection to ipsetd-ng server:

    #!/bin/bash

    if [[ ${1} == '' ]];
    then
        echo "Enter ip address: ${0} 1.2.3.4"
        exit
    fi

    /usr/bin/connect-ng \
        -r 127.0.0.1 \      # ipsetd-ng server host
        -p 1919 \       # ipsetd-ng server UDP port
        -f ipv4 \       # Internet protocol family
        -b bannet \     # name of ipset table
        -t black \      # type of ipset table
        -c test \       # command to ipset proccess
        -i ${1} \       # ip address to proccess
        -d \            # enable secondary check ip in DNSBL resource
        -a "my access word!" \  # crypt chiper - access to server AES crypt algoritm
        -v          # view verbose result for test/debug purpose

    RETVAL=$?
        echo "test ip address ${1} server return: ${RETVAL}"

    case $RETVAL in
    20)
        echo "IP address is good"
    ;;
    40)
        echo "IP address is bad"
    ;;
    50)
        echo "error communicate to server"
    ;;
    *)
        echo "understand remote answer..."
    ;;
    esac


Examples shell script make SSL connection to ipsetd-ng server:

    #!/bin/bash

    if [[ ${1} == '' ]];
    then
        echo "Enter ip address: ${0} 1.2.3.4"
        exit
    fi

    /usr/bin/connect-ng \
        -r 127.0.0.1 \      # ipsetd-ng server host
        -p 5000 \       # ipsetd-ng server TCP/SSL port
        -f ipv4 \       # Internet protocol family
        -b bannet \     # name of ipset table
        -t black \      # type of ipset table
        -c test \       # command to ipset proccess
        -i ${1} \       # ip address to proccess
        -d \            # enable secondary check ip in DNSBL resource
        -s \            # SSL connection enable
        -o 30 \         # SSL connection timeout
        -z /etc/ipset-ng/ssl/last-client-full.pem \ # SSL certificate + ca + key
        -u "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" \    # SSL cipher string
        -v          # view verbose result for test/debug purpose

    RETVAL=$?
        echo "test ip address ${1} server return: ${RETVAL}"

    case $RETVAL in
    20)
        echo "IP address is good"
    ;;
    40)
        echo "IP address is bad"
    ;;
    50)
        echo "error communicate to server"
    ;;
    *)
        echo "understand remote answer..."
    ;;
    esac



  Meta Tags: CONNECT-NG command line utility