Quote:
Originally Posted by Reuti
AFAICS it must already be set before the assignment of CHECK1a, although I’m not sure why this is interpreted recursively by the bash.
|
Thank you guys for your help and patience with this one.
Basically what I'm trying to do here (do you know a better way?) is a script that checks whether a rule (matching the IP address provided ie a.b.c.d) is active or not. If not the rule would be added/inserted. Checking if the rule exists based only on the IP address being present in the iptables chain is pretty dumb of course, but for now I would be happy for this to work.
I only introduce the echo part to see what $CHECKa returns. What I actually have in mind is something like this:
===============
#!/bin/bash
ipt=/sbin/iptables
ip=a.b.c.d
CHECK1a=$($ipt -nL FORWARD -v | grep $ip) # just for emailing the result
CHECK1b=$($ipt -nL FORWARD -v | grep -c $ip) # to count the matches
if [ $CHECK1b -ne 0 ]; then
echo "$CHECK1a" > ./tmp1.txt
mail -s "Working" some addres < ./tmp1.txt
#rm -f ./tmp1.txt
else
$ipt -I FORWARD -s $ip -j ACCEPT # as example
fi
===================
If you have better ideas on how to check firewall rules and amend it if necessary as per my above (poor) explanation please share.
Tibi