X-Git-Url: http://www.andromeda.nl/gitweb/?p=gnucomo.git;a=blobdiff_plain;f=doc%2Fmanual.xml;h=d10dc504f59f90372eaca6b090e319d9caf3a015;hp=133eb6857a7e5d6384c43c9016a50bda32504d3b;hb=8ec58baa9626245d63af16917365a9922e6008d0;hpb=6d5c1d7c60b28b867e690a8a0da6ab88e379d783
diff --git a/doc/manual.xml b/doc/manual.xml
index 133eb68..d10dc50 100644
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -671,7 +671,22 @@ in the Objects page.
The most useful application of the abuse list is to maintain a firewall
and block all IP addresses that have the 'dropped' status.
-A short shell script will do this job:
+To do this automatically, you need to provide access to the database from
+a script that is probably run by root.
+A special user 'firewall' that can only read the abuse list can be created
+with the following SQL commands:
+
+
+CREATE USER firewall WITH PASSWORD 'secret';
+GRANT SELECT ON object_abuse TO firewall;
+
+
+When the Gnucomo database runs on a different system than the one
+on which the firewall is maintained, the database server needs to
+provide access from external systems. This implies setting up the
+PostgreSQL configuration and firewall rules.
+The following script then augments the firewall with the information
+from the Gnucomo abuse list:
#!/bin/sh
@@ -679,7 +694,8 @@ A short shell script will do this job:
# Create a firewall script from the gnucomo abuses table
#
-psql -h samos -t gnucomo arjen -c "select source from object_abuse
+psql "sslmode=require host=server.gnucomno.org dbname=gnucomo user=firewall password=secret"
+ -c "select source from object_abuse
where status='dropped' and objectid=$1"|grep -v '^$'>/tmp/gnucomo-abuses
while read ADDRESS