Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am using portsentry on this machine to block hosts that scans are detected from. Port sentry runs a script to block the host using iptables and then it echos the ip address to a file. The file is just a list of ips, one ip to a line.
The problem is, when my firewall script executes again, it flushes all the rules that the portsentry script created as it detected scans. But I still have the file with those ips that were blocked, make any sense? How can I make that script add the ip to the firewall script in the right place on the riht line? Or, how can I make the firewall script read the ips straight from the file that the portsentry script updates? I'm using bash on redhat 7.1. Any suggestions will be greatly appreciated!
let me clarify this a little. At the top of the firewall script is the line that defines the hosts to deny:
DENY_ALL=(123.123.123.123 234.234.234.234 345.345.345.345)
then in the script is the part where it blocks them:
if [ "$DENY_ALL" != "" ] ; then
echo -n "Denying hosts: "
for host in ${DENY_ALL} ; do
${IPTABLES} -t filter -A INETIN -s ${host} -j ${DROP}
${IPTABLES} -t filter -A FORWARD -s ${host} -j ${DROP}
echo -n "${host}:${DROP}"
done
echo
fi
I need something just like this only instead of the script reading from an array called DENY_ALL, I want it to read the ip's from a separate file that has one ip per line. How do I make a loop in a script that reads each line of a separate file as a variable?
if [ -f <filename> ] ; then
for host in $(cat <filename>); do
${IPTABLES} -t filter -A INETIN -s $host -j ${DROP}
${IPTABLES} -t filter -A FORWARD -s $host -j ${DROP}
echo -n "$host:${DROP}"
done
fi
where you insert the path to and the filename for <filename>. if youre sure it exists (the file) then you can loose the "if" and "fi" line.
Sweet, that works awesome. Thanks for the quick response. So easy too. I love *nix for being so easy. I added an error message if it doesn't fine the file:
if [ -f $DENY_FILE ] ; then
echo -n "Denying Hosts in DENY_FILE: "
for host in $(cat $DENY_FILE ); do
${IPTABLES} -t filter -A INETIN -s $host -j ${DROP}
${IPTABLES} -t filter -A FORWARD -s $host -j ${DROP}
echo -n "$host:${DROP} "
done
else
echo -n "Could not find DENY_FILE, only blocking hosts listed in this script "
fi
I was wondering, why the '$' in front of the '(' on this line?: f
or host in $(cat $DENY_FILE ); do
Also, why does the author (MonMotha- monmotha.mplug.org/) put variables in curly braces? Thanks again for the quick response.
Check to see if you have a /etc/sysconfig/iptables file, together with iptables-save and iptables-restore scripts. These exist in Mandrake 8.1, and there's supposed to be quite a bit of similarity between RH and Mdk...
If you do have these, you can insert a cron job to run daily that will run "service iptables save" which saves the existing iptables rules to the /etc/sysconfig/iptables file, and in your rc.local file you can add a line "service iptables restore" which will restore the rules from that same file when you reboot. This makes things automatic. It's how I'm preserving my portsentry lockouts...
You can also edit (as root) that file to change your rules easily, and then run the "restore" command manually...
the $(cat $DENY_FILE) variable is to subsititute the contents. other ways of writing it could be adding a variable CONTENTS=$(cat $DENY_FILE)
and then use the $CONTENTS variable, or using backticks like `cat $DENY_FILE`.
the curly braces (accolades) are used when using multiple parameters or parameters with spaces in the value. IIRC its like "$1 $2 $3 $4" etc, not equal to $* which writes all parameters as one value.
ok, so the $ in front puts all of 'cat DENY_FILE' into a variable that the do loop uses. Basically that means that the for-do loop needs a vaiable as an argument so you put the $ in front to make the cat statement become a variable without a name, that the for-do loop uses. I have never seen that done before, adding a '$' in front of a command in parenthesis to make it an 'unnamed' variable.
uh. lemme rephrase that.
in the case of "for host in $(cat $DENY_FILE ); do" it puts the contents from the executed "$()" command per item into variable $host.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
update script from a file
