mrled/iptricks.markdown

Created September 21, 2017 18:55

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mrled/875b97f0b0697c155a01727d1ea372fd.js"></script>
Save mrled/875b97f0b0697c155a01727d1ea372fd to your computer and use it in GitHub Desktop.

Download ZIP

Linux `ip` tricks

Raw

iptricks.markdown

Linux ip tricks

# call like 'getips <INTERFACE> <FAMILY>'
# e.g. 'getips eth0 inet' might return 192.168.1.1/24
# e.g. 'getips eth0 inet6' might return fe80::4008:c2ff:fee8:fc93/64
# Note that this will retur all IPs of the family assigned to the interface - possibly more than one
getips() {
    if test $# != 2; then
        return 1
    fi
    ip -family "$2" -o address show dev "$1" | awk '!/^[0-9]*: ?lo|link\/ether/ {print $4}'
}

Now you might loop over them to apply firewall rules:

for ipaddr in $(getips eth0 inet); do
    iptables --append INPUT --destination "$ipaddr" --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment