LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Bash script firewalld (https://www.linuxquestions.org/questions/linux-server-73/bash-script-firewalld-4175689335/)

routers 01-27-2021 03:21 AM
Bash script firewalld
 
hello if anyone there can correct my bash script to run firewalld

Code:
#!/bin/bash
echo "Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?"
read varpubport
echo "Enter Internalport number"
read varintport
echo "Enter IP number?"
read varip
firewall-cmd --zone=public --add-port=$varpubport/tcp
firewall-cmd --zone=public --add-forward-port=port=$vapubport:proto=tcp:toport=$varinport:toaddr=$varip
below is working command

Code:
firewall-cmd --zone=public --add-port=8024/tcp
firewall-cmd --zone=public --add-forward-port=port=8024:proto=tcp:toport=22:toaddr=192.168.122.204
info

varpubport - 8024
varintport - 22
varip - 192.168.122.204
----------
script error: -

Error: INVALID_FORWARD: missing port

I detected error at first fw-cmd , inserted space after port number before /tcp, no idea how to correct it please help
--------

to MOD , move accordingly if it not in right place

thanks

shruggy 01-27-2021 03:24 AM
Quote:
Originally Posted by routers (Post 6212480)
Code:
$vapubport
r is missing.
Quote:
Originally Posted by routers (Post 6212480)
Code:
$varinport
t is missing.

set -x would catch these. Even better, use https://www.shellcheck.net
Code:
Line 3:
read varpubport
^--^ SC2162: read without -r will mangle backslashes.


Line 5:
read varintport
^--^ SC2162: read without -r will mangle backslashes.
    ^--------^ SC2034: varintport appears unused. Verify use (or export if used externally).


Line 7:
read varip
^--^ SC2162: read without -r will mangle backslashes.


Line 8:
firewall-cmd --zone=public --add-port=$varpubport/tcp
                                      ^---------^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean:
firewall-cmd --zone=public --add-port="$varpubport"/tcp


Line 9:
firewall-cmd --zone=public --add-forward-port=port=$vapubport:proto=tcp:toport=$varinport:toaddr=$varip
                                                  ^--------^ SC2154: vapubport is referenced but not assigned (did you mean 'varpubport'?).
                                                  ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                              ^--------^ SC2154: varinport is referenced but not assigned (did you mean 'varintport'?).
                                                                              ^--------^ SC2086: Double quote to prevent globbing and word splitting.
                                                                                                ^----^ SC2086: Double quote to prevent globbing and word splitting.

Did you mean:
firewall-cmd --zone=public --add-forward-port=port="$vapubport":proto=tcp:toport="$varinport":toaddr="$varip"

For more information:
  https://www.shellcheck.net/wiki/SC2034 -- varintport appears unused. Verify...
  https://www.shellcheck.net/wiki/SC2154 -- vapubport is referenced but not a...
  https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...

routers 01-27-2021 04:07 AM
thanks for input , i follow all the suggestion corrected the missing
Code:
[root@OL8-DEF15 ~]# cat fwtest
#!/bin/bash
echo "Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?"
read -r  varpubport
echo "Enter Internalport number"
read -r varintport
echo "Enter IP number?"
read -r varip
firewall-cmd --zone=public --add-port="$varpubport"/tcp
firewall-cmd --zone=public --add-forward-port=port="$varpubport":proto=tcp:toport="$varintport":toaddr="$varip"
firewall-cmd --reload
output
Code:
[root@OL8-DEF15 ~]# ./fwtest
Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?
8089
Enter Internalport number
22
Enter IP number?
192.168.122.230
success
success
success
but there not inserted in firewalld
Code:
[root@OL8-DEF15 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

michaelk 01-27-2021 04:50 AM
You did not make the rules permanent. Reloading restored the original rules.

routers 01-27-2021 06:21 AM
thank you for all problem solved ,
Code:
[root@OL8-DEF15 ~]# cat fwtest
#!/bin/bash
echo "Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?"
read -r  varpubport
echo "Enter Internalport number"
read -r varintport
echo "Enter IP number?"
read -r varip
firewall-cmd --zone=public --add-port="$varpubport"/tcp
firewall-cmd --zone=public --add-forward-port=port="$varpubport":proto=tcp:toport="$varintport":toaddr="$varip"
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
output

Code:
Open TCP Port And Forward to Other IP address , Now Enter Public Port Number ?
8089
Enter Internalport number
22
Enter IP number?
192.168.122.242
success
success
success
success
List
Code:
[root@OL8-DEF15 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens3
  sources:
  services: cockpit dhcpv6-client ssh
  ports: 8024/tcp 8089/tcp
  protocols:
  masquerade: no
  forward-ports:
        port=8089:proto=tcp:toport=22:toaddr=192.168.122.242
  source-ports:
  icmp-blocks:
  rich rules:
many thanks

regards


All times are GMT -5. The time now is 11:08 AM.