Last active
June 19, 2017 07:13
-
-
Save justinemter/200a6102beb35d13a24e9c00d8c772e7 to your computer and use it in GitHub Desktop.
Simple script to check specified domains dynamic IP & update iptable ssh rule.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # file: dock_myip.sh | |
| #---- | |
| # Simple script to check specified domains dynamic IP & update iptable ssh rule | |
| #---- | |
| #---- | |
| # To Use: | |
| # Make this file executable: chmod +x dock_myip.sh | |
| # Copy to scripts folder: cp dock_myip.sh /usr/local/bin | |
| # Update the "Editable Vars". | |
| # Run crontab: sudo crontab -e | |
| # Set crontab for every hour: 0 * * * * /usr/local/bin/dock_myip.sh | |
| #---- | |
| #---- | |
| # Helpers For Debugging: | |
| # Check iptables rules: sudo iptables -L --line-numbers -n | |
| # Delete iptables rule by number: sudo iptables -D INPUT 1 | |
| #---- | |
| #----BEGIN EDITABLE VARS---- | |
| # Domain prefix to get IP from (without the .com) | |
| domain_prefix=digitalsailboat | |
| # Output file to write the IP to (example.txt) | |
| output_txt_file=$domain_prefix.txt | |
| # Output path for the IP text file (/var/example.txt) | |
| output_txt_path='/tmp' | |
| # SSH Port being used | |
| ssh_port=22 | |
| # Used for logging | |
| is_debug=true | |
| #----END EDITABLE VARS------- | |
| # Looking up IP & writing the ip to txt file | |
| nslookup $domain_prefix.com resolver1.opendns.com | awk -F': ' 'NR==6 { print $2 } ' > $output_txt_path/$output_txt_file | |
| # Abandon everything if any of the above didn't work for some reason | |
| if [ $? -eq 1 ] ; then | |
| exit 1 | |
| fi | |
| # Creating an ipset group if it doesn't already exist (-!) | |
| sudo ipset create -! $domain_prefix hash:ip | |
| # Adding IP from txt file to ipset group if it doesn't exist (-!) | |
| while read ip; do | |
| sudo ipset add -! $domain_prefix $ip | |
| if [ "$is_debug" = true ] ; then | |
| logger -i "dock_myip.sh: Added ${ip} to ipset if it doesn't already exist." | |
| fi | |
| done < $output_txt_path/$output_txt_file | |
| # Using the -C flag to check the existence of iptable rule via exit-code. | |
| sudo iptables -C INPUT -m set --match-set $domain_prefix src -p tcp --dport $ssh_port -j ACCEPT | |
| RESULT=$? | |
| if [ $RESULT -eq 0 ]; then | |
| if [ "$is_debug" = true ] ; then | |
| logger -i "dock_myip.sh: Skipped adding iptable...iptable rule already exists." | |
| fi | |
| else | |
| if [ "$is_debug" = true ] ; then | |
| logger -i "dock_myip.sh: Adding iptable rule." | |
| fi | |
| # Rule doesn't already exist, so setting a new rule to allow all IP's from ipset group to ssh port | |
| sudo iptables -A INPUT -m set --match-set $domain_prefix src -p tcp --dport $ssh_port -j ACCEPT | |
| fi | |
| if [ "$is_debug" = true ] ; then | |
| logger -i "dock_myip.sh: Finished. Check ipset group: ${domain_prefix} & iptable rule." | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment