It’s a bash command:

Maybe you could explain what you actually want to do with your variable CHECK1a ? Or is it you really want to echo it?

Reuti's idea is as follows:

AFAICS it must already be set before the assignment of CHECK1a, although I’m not sure why this is interpreted recursively by the bash.

Thank you guys for your help and patience with this one.

Basically what I'm trying to do here (do you know a better way?) is a script that checks whether a rule (matching the IP address provided ie a.b.c.d) is active or not. If not the rule would be added/inserted. Checking if the rule exists based only on the IP address being present in the iptables chain is pretty dumb of course, but for now I would be happy for this to work.

I only introduce the echo part to see what $CHECKa returns. What I actually have in mind is something like this:
===============
#!/bin/bash

ipt=/sbin/iptables
ip=a.b.c.d

CHECK1a=$($ipt -nL FORWARD -v | grep $ip) # just for emailing the result

CHECK1b=$($ipt -nL FORWARD -v | grep -c $ip) # to count the matches

if [ $CHECK1b -ne 0 ]; then

echo "$CHECK1a" > ./tmp1.txt
mail -s "Working" some addres < ./tmp1.txt
#rm -f ./tmp1.txt

else

$ipt -I FORWARD -s $ip -j ACCEPT # as example

fi
===================

If you have better ideas on how to check firewall rules and amend it if necessary as per my above (poor) explanation please share.

Tibi

# Original Script Here

# Command to get result of iptables into CHECK1a
CHECK1a=`$ipt -nL FORWARD -v`

# Output Check1a without filename expansion
set -f
echo $CHECK1a
set +f

It's working. Thanks!

Any ideas on other ways to achieve this?

Regards,
Tibi

I thought that the assignment already expanded the asterisk. But maybe I made a mistake during my tests. You can enclose the variable after the echo in double quotes too to avoid it to be expanded.

Thanks!

Any other ideas for such a script? To check rules and amend if needed.

Perhaps a different approach?

Tibi