I've been trying to leave Bash Scripting for a long time, favoring Python scripting. But when I guess I can't go further with Bash scripting, it just brings me something cool and new!
I must accept ICMP from a few OVH IPs, and among them are 2 IPs from my server network, where the last octet will be 250 and 251. To make it easier to understand, suppose that my server IP is a.b.c.d. So I must ACCEPT ICMPs from a.b.c.250 and a.b.c.251.
So, this is the amazing solution Bash Scripting offers me:
# ==========================================
# Dedicated Server IP external interface
IF_EXT="enp2s0" # define here your external interface, such as eth0, vmbr0, etc
IP_EXT=$(ip -4 a|grep "${IF_EXT}$"|awk '{print $2}'|cut -d/ -f1)
# OVH monitoring IPs array
# Here is the thing: the last item of this array!
IP_MONITORING=(37.187.231.251 151.80.231.244 151.80.231.245 151.80.231.246 151.80.231.247 213.186.33.62 92.222.184.0/24 92.222.185.0/24 92.222.186.0/24 167.114.37.0/24 213.186.45.4 213.251.184.9 37.59.0.235 8.33.137.2 213.186.33.13 213.186.50.98 ${IP_EXT%.*}.25{0,1})
# And finally the iptables command
for i in $(seq 0 $[${#IP_MONITORING[@]}-1]) ; do
iptables -A INPUT -p icmp -s ${IP_MONITORING[$i]} -d ${IP_EXT} -j ACCEPT
done
# ==========================================
Notes:
- Obviously, you must run this script as root!
- I know Python would do it too. What I didn't know is that Bash could carry it out so "gracefully"!!
- I welcome any suggestion that may improve this code!!!
I hope it can help somebody out there. If it does, make me aware of it!
No comments:
Post a Comment