Merge branch '6-a-script-that-updates-the-firewall-when-a-source-ip-changes' into 'master'

Resolve "A script that updates the firewall when a source IP changes"

Closes #6

See merge request lhprojects-information-network/scripts!5

update_firewall.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+# Copyright (C) 2021 by LHProjects <copyright@lhpmail.us>
+#
+# Permission is granted to use, copy, modify, and/or distribute this work for any purpose with or without fee. This work is offered as-is, with absolutely no warranty whatsoever. The author is not responsible for any damages that result from using this work. 
+#
+#
+
+# Updates FirewallD on s3va.bugzbunny.net when my home IP address changes.
+#
+
+# Define variables
+CACHE_IP_FILE=/tmp/update_firewall.cache
+HOME_IP=$(host fwgw.lhprojects.net | cut -d ' ' -f 4)
+
+update_firewall () {
+	# check if cache IP is in the ipset entries
+	ipset_entries=$(firewall-cmd --ipset=node_ips --get-entries 2> /dev/null)
+
+	found=false
+	for ip in $ipset_entries; do
+		if [ "$ip" = "$CACHE_IP" ]; then
+			# remove old entry
+			firewall-cmd --permanent --ipset=node_ips --remove-entry=$ip &> /dev/null
+			# add new entry
+			firewall-cmd --permanent --ipset=node_ips --add-entry=$HOME_IP &> /dev/null
+			# reload firewall
+			firewall-cmd --reload &> /dev/null
+			found=true
+		fi
+	done
+
+	if [ "$found" = false ]; then
+		echo "Error: Unable to remove old cache IP: '$CACHE_IP'; Not Found."
+		firewall-cmd --info-ipset=node_ips
+		exit 1
+	else
+			echo "$HOME_IP" > $CACHE_IP_FILE
+	fi
+}
+
+# Check if we have cache IP
+if test -f $CACHE_IP_FILE; then
+	CACHE_IP=$(cat $CACHE_IP_FILE)
+	if [ "$HOME_IP" != "$CACHE_IP" ]; then
+		update_firewall
+	fi
+	
+else
+	echo "$HOME_IP" > $CACHE_IP_FILE
+	CACHE_IP=$HOME_IP
+	update_firewall
+fi
+exit 0