Fault iSCSI network access to an iSCSI target

fault-iscsi-access

#!/bin/bash

# Fault iSCSI access to the given $ISCSI_IP and $ISCSI_PORT
# Faults indefinitely (until CTRL-C or SIGTERM) if no arguments are given, otherwise faults for the
# given number of seconds:
#
# E.g. fault for 10 seconds
# > ISCSI_IP=10.200.11.70 fault-ip-access 10
#
# E.g. fault indefinitely
# > ISCSI_IP=10.200.11.70 fault-ip-access
# ^C

[ -z "$ISCSI_IP" ] && {
    echo "Must set ISCSI_IP environment variable to IP address of iSCSI target to be blocked (ISCSI_PORT defaults to 3260)"
    exit 1
}

[ -z "$ISCSI_PORT" ] && {
    ISCSI_PORT=3260
}

fault_time=$1

if [ -z "$fault_time" ]; then
    # 0 fault time means fault indefinitely
    echo Faulting iSCSI access to $ISCSI_IP:$ISCSI_PORT until CTRL-C
    fault_time=0
else
    echo Faulting iSCSI access to $ISCSI_IP:$ISCSI_PORT for $fault_time seconds...
fi

faulted=0

function fault {
    # Block iSCSI access inbound and outbound
    faulted=1
    iptables -A INPUT -p tcp -s $ISCSI_IP --sport $ISCSI_PORT -j DROP
    iptables -A OUTPUT -p tcp -d $ISCSI_IP --dport $ISCSI_PORT -j DROP
}

function cleanup {
    [ $faulted -eq 1 ] || return
    echo Unblocking iSCSI access to $ISCSI_IP:$ISCSI_PORT
    iptables -D INPUT -p tcp -s $ISCSI_IP --sport $ISCSI_PORT -j DROP
    iptables -D OUTPUT -p tcp -d $ISCSI_IP --dport $ISCSI_PORT -j DROP
    faulted=0
}

function cleanup_and_exit {
    cleanup
    exit 0
}

# Remove faults when the script exits
trap cleanup EXIT
trap cleanup_and_exit SIGINT SIGTERM

# Apply fault
fault

# Hold the fault
if [ $fault_time -eq 0 ]; then
    # Sleep indefinitely, until CTRL-C
    while true; do sleep 1000; done
else
    # Sleep for a period, then exit, removing the fault
    sleep $fault_time
fi