<para>
The most useful application of the abuse list is to maintain a firewall
and block all IP addresses that have the 'dropped' status.
-A short shell script will do this job:
+To do this automatically, you need to provide access to the database from
+a script that is probably run by root.
+A special user 'firewall' that can only read the abuse list can be created
+with the following SQL commands:
+</para>
+<verbatim>
+CREATE USER firewall WITH PASSWORD 'secret';
+GRANT SELECT ON object_abuse TO firewall;
+</verbatim>
+<para>
+When the Gnucomo database runs on a different system than the one
+on which the firewall is maintained, the database server needs to
+provide access from external systems. This implies setting up the
+PostgreSQL configuration and firewall rules.
+The following script then augments the firewall with the information
+from the Gnucomo abuse list:
</para>
<verbatim>
#!/bin/sh
# Create a firewall script from the gnucomo abuses table
#
-psql -h samos -t gnucomo arjen -c "select source from object_abuse
+psql "sslmode=require host=server.gnucomno.org dbname=gnucomo user=firewall password=secret"
+ -c "select source from object_abuse
where status='dropped' and objectid=$1"|grep -v '^$'>/tmp/gnucomo-abuses
while read ADDRESS
projects / gnucomo.git / commitdiff