-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsyncRuleWithDNS.sh
More file actions
119 lines (106 loc) · 2.84 KB
/
syncRuleWithDNS.sh
File metadata and controls
119 lines (106 loc) · 2.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/bin/bash
SCRIPT_DIR=$(dirname "$(realpath "$0")")
SCRIPTNAME=$(basename "$0" | cut -d'.' -f1)
IPV4_RULES_FILE=/etc/iptables/rules.v4
DOMAIN_PATTERN='^[a-z0-9-]+(\.[a-z0-9-]+)+$'
# Defaults
verbose=false
# If LOG_FILE is set in parent script
if [ -z "$LOG_FILE" ]; then
LOG_FILE="$SCRIPT_DIR/$SCRIPTNAME".log
fi
if [ "$EUID" -ne 0 ]; then
echo "This script must be run as root."
exit 1
fi
usage() {
echo "Usage: $0"
echo "-d, --domain Domain whose IP address shall be updated in ruleset"
echo "-i, --id Rule ID"
echo "-c, --chain Chain"
echo "-h, --help Print usage"
echo "-v, --verbose Verbose output"
}
# Logging function
log() {
local LEVEL="$1"
shift
local MESSAGE="$*"
local TIMESTAMP
TIMESTAMP=$(date +"%Y-%m-%d %H:%M:%S")
echo "$TIMESTAMP [$LEVEL] $MESSAGE" >> "$LOG_FILE"
}
# Check if no parameters were passed
if [ $# -eq 0 ]; then
echo "Error: No arguments provided."
usage
exit 1
fi
# Parse arguments
while [[ $# -gt 0 ]]; do
case "$1" in
-d | --domain)
if [[ -z "$2" || "$2" == --* ]]; then
echo "Error: -d, --domain requires a value."
exit 1
fi
domain="$2"
shift 2
;;
-i | --id)
if [[ -z "$2" || "$2" == --* ]]; then
echo "Error: -i, --id requires a value."
exit 1
fi
rule_id="$2"
shift 2
;;
-c | --chain)
if [[ -z "$2" || "$2" == --* ]]; then
echo "Error: -c, --chain requires a value."
exit 1
fi
chain="$2"
shift 2
;;
-v | --verbose)
verbose=true
shift 1
;;
-h | --help)
usage
exit 0
;;
*)
echo "Unknown option: $1"
echo "Use -h, --help for usage."
exit 1
;;
esac
done
# Check if domain is set
if [ -z "$domain" ] || [ -z "$rule_id" ] || [ -z "$chain" ]; then
echo "Error: Domain, chain and id are mandatory parameters."
usage
exit 1
# Check if value of domain matches with the domain pattern
elif [[ ! "$domain" =~ $DOMAIN_PATTERN ]]; then
echo "Error: $domain is not a domain."
usage
exit 1
fi
# Get IP-address from DynDNS entry
resolved_ip=$(dig +short "$domain")
# Check if rules for address already exist
ip_exists_in_ruleset=$(iptables -S OUTPUT | grep -q "$resolved_ip")
if $ip_exists_in_ruleset; then
printf "%s for %s is still valid.\nNo change of ruleset.\n" "$resolved_ip" "$domain"
exit 0
else
printf "Address for %s changed to $resolved_ip.\nUpdating ruleset.\n" "$domain" "$resolved_ip"
log "INFO" "No rule for $resolved_ip exists"
fi
# Update ruleset
iptables -R "$chain" "$rule_id" -m multiport -d "$resolved_ip" -p tcp --dports 80 -j REJECT
iptables-save > $IPV4_RULES_FILE
log "INFO" "IPv4 rules saved in $IPV4_RULES_FILE"