LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page [SOLVED] Bash script firewalld
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-27-2021, 03:21 AM   #1
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Blog Entries: 6

Rep: Reputation: 75
Bash script firewalld

hello if anyone there can correct my bash script to run firewalld

Code:
#!/bin/bash
echo "Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?"
read varpubport
echo "Enter Internalport number"
read varintport
echo "Enter IP number?"
read varip
firewall-cmd --zone=public --add-port=$varpubport/tcp
firewall-cmd --zone=public --add-forward-port=port=$vapubport:proto=tcp:toport=$varinport:toaddr=$varip
below is working command

Code:
firewall-cmd --zone=public --add-port=8024/tcp
firewall-cmd --zone=public --add-forward-port=port=8024:proto=tcp:toport=22:toaddr=192.168.122.204
info

varpubport - 8024
varintport - 22
varip - 192.168.122.204
----------
script error: -

Error: INVALID_FORWARD: missing port

I detected error at first fw-cmd , inserted space after port number before /tcp, no idea how to correct it please help
--------

to MOD , move accordingly if it not in right place

thanks
 
Old 01-27-2021, 03:24 AM   #2
shruggy
Senior Member
 
Registered: Mar 2020
Posts: 3,686

Rep: Reputation: Disabled
Quote:
Originally Posted by routers View Post
Code:
$vapubport
r is missing.
Quote:
Originally Posted by routers View Post
Code:
$varinport
t is missing.

set -x would catch these. Even better, use https://www.shellcheck.net
Code:
Line 3:
read varpubport
^--^ SC2162: read without -r will mangle backslashes.


Line 5:
read varintport
^--^ SC2162: read without -r will mangle backslashes.
     ^--------^ SC2034: varintport appears unused. Verify use (or export if used externally).


Line 7:
read varip
^--^ SC2162: read without -r will mangle backslashes.


Line 8:
firewall-cmd --zone=public --add-port=$varpubport/tcp
                                      ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean:
firewall-cmd --zone=public --add-port="$varpubport"/tcp


Line 9:
firewall-cmd --zone=public --add-forward-port=port=$vapubport:proto=tcp:toport=$varinport:toaddr=$varip
                                                   ^--------^ SC2154: vapubport is referenced but not assigned (did you mean 'varpubport'?).
                                                   ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                               ^--------^ SC2154: varinport is referenced but not assigned (did you mean 'varintport'?).
                                                                               ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                 ^----^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean:
firewall-cmd --zone=public --add-forward-port=port="$vapubport":proto=tcp:toport="$varinport":toaddr="$varip"

For more information:
  https://www.shellcheck.net/wiki/SC2034 -- varintport appears unused. Verify...
  https://www.shellcheck.net/wiki/SC2154 -- vapubport is referenced but not a...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
Last edited by shruggy; 01-27-2021 at 03:40 AM.
 
2 members found this post helpful.
Old 01-27-2021, 04:07 AM   #3
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787

Original Poster
Blog Entries: 6

Rep: Reputation: 75
thanks for input , i follow all the suggestion corrected the missing
Code:
[root@OL8-DEF15 ~]# cat fwtest 
#!/bin/bash
echo "Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?"
read -r  varpubport
echo "Enter Internalport number"
read -r varintport
echo "Enter IP number?"
read -r varip
firewall-cmd --zone=public --add-port="$varpubport"/tcp
firewall-cmd --zone=public --add-forward-port=port="$varpubport":proto=tcp:toport="$varintport":toaddr="$varip"
firewall-cmd --reload
output
Code:
[root@OL8-DEF15 ~]# ./fwtest 
Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?
8089
Enter Internalport number
22
Enter IP number?
192.168.122.230
success
success
success
but there not inserted in firewalld
Code:
[root@OL8-DEF15 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:
 
Old 01-27-2021, 04:50 AM   #4
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,797

Rep: Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952Reputation: 5952
You did not make the rules permanent. Reloading restored the original rules.
 
1 members found this post helpful.
Old 01-27-2021, 06:21 AM   #5
routers
Member
 
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787

Original Poster
Blog Entries: 6

Rep: Reputation: 75
thank you for all problem solved ,
Code:
[root@OL8-DEF15 ~]# cat fwtest 
#!/bin/bash
echo "Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?"
read -r  varpubport
echo "Enter Internalport number"
read -r varintport
echo "Enter IP number?"
read -r varip
firewall-cmd --zone=public --add-port="$varpubport"/tcp
firewall-cmd --zone=public --add-forward-port=port="$varpubport":proto=tcp:toport="$varintport":toaddr="$varip"
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
output

Code:
Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?
8089
Enter Internalport number
22
Enter IP number?
192.168.122.242
success
success
success
success
List
Code:
[root@OL8-DEF15 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources: 
  services: cockpit dhcpv6-client ssh
  ports: 8024/tcp 8089/tcp
  protocols: 
  masquerade: no
  forward-ports: 
        port=8089:proto=tcp:toport=22:toaddr=192.168.122.242
  source-ports: 
  icmp-blocks: 
  rich rules:
many thanks

regards
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
firewalld sunveer Fedora 1 02-03-2013 03:41 PM
Permanent Configuration for firewalld wmakowski Fedora 1 01-24-2013 09:01 AM
LXer: Fedora 18 and Firewalld LXer Syndicated Linux News 0 09-20-2012 05:50 AM
how firewallD start on startup in fedora 17 - System Security Services Demon fails 100201 Fedora 1 07-12-2012 04:15 AM
[SOLVED] firewalld status? (Fedora gurus might know this) serafean Linux - Software 3 12-07-2011 02:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:54 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration