Adding check-line to iptables script
This commit is contained in:
@@ -165,7 +165,7 @@ prerouting() {
|
||||
fi
|
||||
|
||||
debug "$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment $COMMENT -j DNAT --to $TARGET_IP:$TARGET_PORT"
|
||||
$IPTABLES -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
|
||||
$IPTABLES -w 5 -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
|
||||
$IPTABLES -C PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
|
||||
if [[ "$(echo $?)" != "0" ]]; then
|
||||
$IPTABLES -w 20 -I PREROUTING -d $SOURCE_IP -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j DNAT --to $TARGET_IP:$TARGET_PORT
|
||||
@@ -185,20 +185,20 @@ postrouting() {
|
||||
fi
|
||||
|
||||
if [ -n "$SOURCE_IP" ] ; then
|
||||
LINES=$($IPTABLES -L --line-number -n | grep MASQUERADE | grep $COMMENT | grep $SOURCE_IP_FOR_POSTROUTING | grep $SOURCE_PORT | awk '{print $1}'| tac)
|
||||
LINES=$($IPTABLES -w 5 -L --line-number -n | grep MASQUERADE | grep $COMMENT | grep $SOURCE_IP_FOR_POSTROUTING | grep $SOURCE_PORT | awk '{print $1}'| tac)
|
||||
debug "Previous postrouting lines: "$LINES
|
||||
|
||||
# DELETE UNECESSARY LINES FROM PREVIOUS RULES
|
||||
if [ -n "$LINES" ] ; then
|
||||
for i in $LINES; do
|
||||
debug "$IPTABLES -D POSTROUTING $i"
|
||||
$IPTABLES -D POSTROUTING $i
|
||||
$IPTABLES -w 5 -D POSTROUTING $i
|
||||
sleep 0.1
|
||||
done
|
||||
fi
|
||||
|
||||
debug "$IPTABLES -I POSTROUTING -s $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE"
|
||||
$IPTABLES -I POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
$IPTABLES -w 5 -I POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
$IPTABLES -C POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
if [[ "$(echo $?)" != "0" ]]; then
|
||||
$IPTABLES -w 20 -I POSTROUTING -d $SOURCE_IP_FOR_POSTROUTING -p $PROTOCOL --dport $SOURCE_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
@@ -206,19 +206,19 @@ postrouting() {
|
||||
fi
|
||||
|
||||
if [ -n "$TARGET_IP" ] ; then
|
||||
LINES=$($IPTABLES -L --line-number -n | grep $COMMENT | grep $TARGET_IP_FOR_POSTROUTING | grep $TARGET_PORT | awk '{print $1}'| tac)
|
||||
LINES=$($IPTABLES -w 5 -L --line-number -n | grep $COMMENT | grep $TARGET_IP_FOR_POSTROUTING | grep $TARGET_PORT | awk '{print $1}'| tac)
|
||||
debug "Previous postrouting lines: "$LINES
|
||||
|
||||
# DELETE UNECESSARY LINES FROM PREVIOUS RULES
|
||||
if [ -n "$LINES" ] ; then
|
||||
for i in $LINES; do
|
||||
debug "$IPTABLES -D POSTROUTING $i"
|
||||
$IPTABLES -D POSTROUTING $i
|
||||
$IPTABLES -w 5 -D POSTROUTING $i
|
||||
sleep 0.1
|
||||
done
|
||||
fi
|
||||
debug "$IPTABLES -I POSTROUTING -s $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE"
|
||||
$IPTABLES -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
$IPTABLES -w 5 -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
$IPTABLES -C POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
if [[ "$(echo $?)" != "0" ]]; then
|
||||
$IPTABLES -w 20 -I POSTROUTING -d $TARGET_IP_FOR_POSTROUTING -p $PROTOCOL --dport $TARGET_PORT -m comment --comment "$COMMENT" -j MASQUERADE
|
||||
@@ -312,10 +312,10 @@ else
|
||||
############################
|
||||
# Host firewall settings ###
|
||||
|
||||
if $IPTABLES -w 10 --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then
|
||||
if $IPTABLES -w 5 --list $CHAIN |grep ESTABLISHED |grep RELATED|grep ACCEPT ; then
|
||||
echo "nothing to do";
|
||||
else
|
||||
$IPTABLES -I $CHAIN -m state --state established,related -j ACCEPT;
|
||||
$IPTABLES -w 5 -I $CHAIN -m state --state established,related -j ACCEPT;
|
||||
fi
|
||||
|
||||
IPTABLES_OPTIONS=""
|
||||
@@ -344,21 +344,21 @@ else
|
||||
|
||||
#
|
||||
# DELETE UNECESSARY LINES FROM PREVIOUS RULES
|
||||
IPTABLES_COMMAND="$IPTABLES -w 10 --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac";
|
||||
IPTABLES_COMMAND="$IPTABLES -w 5 --line-number -n --list $CHAIN | grep $PROTOCOL $GREP_OPTIONS | awk '{print \$1}'| tac";
|
||||
debug "$IPTABLES_COMMAND";
|
||||
LINES=$(eval $IPTABLES_COMMAND);
|
||||
|
||||
if [ -n "$LINES" ] ; then
|
||||
for i in $LINES; do
|
||||
debug "$IPTABLES -D $CHAIN $i"
|
||||
$IPTABLES -w 10 -D $CHAIN $i
|
||||
$IPTABLES -w 5 -D $CHAIN $i
|
||||
sleep 0.1
|
||||
done
|
||||
fi
|
||||
|
||||
|
||||
debug "$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT"
|
||||
$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT
|
||||
$IPTABLES -w 5 -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT
|
||||
$IPTABLES -C $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT
|
||||
if [[ "$(echo $?)" != "0" ]]; then
|
||||
$IPTABLES -I $CHAIN -p $PROTOCOL $IPTABLES_OPTIONS -m comment --comment "$COMMENT" -j ACCEPT
|
||||
|
||||
Reference in New Issue
Block a user