From 63c1ca72e3369d5af12b3797bd9796dd111d2799 Mon Sep 17 00:00:00 2001 From: Lutchy Horace Date: Wed, 11 May 2022 12:43:18 -0400 Subject: [PATCH] Initial draft --- update_firewall.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 update_firewall.sh diff --git a/update_firewall.sh b/update_firewall.sh new file mode 100644 index 0000000..6d277ac --- /dev/null +++ b/update_firewall.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +# Copyright (C) 2021 by LHProjects +# +# Permission is granted to use, copy, modify, and/or distribute this work for any purpose with or without fee. This work is offered as-is, with absolutely no warranty whatsoever. The author is not responsible for any damages that result from using this work. +# +# + +# Updates FirewallD on s3va.bugzbunny.net when my home IP address changes. +# + +# Define variables +CACHE_IP_FILE=/tmp/update_firewall.cache +HOME_IP=$(host fwgw.lhprojects.net | cut -d ' ' -f 4) + +update_firewall () { + # check if cache IP is in the ipset entries + ipset_entries=$(firewall-cmd --ipset=node_ips --get-entries 2> /dev/null) + + found=false + for ip in $ipset_entries; do + if [ "$ip" = "$CACHE_IP" ]; then + # remove old entry + firewall-cmd --permanent --ipset=node_ips --remove-entry=$ip &> /dev/null + # add new entry + firewall-cmd --permanent --ipset=node_ips --add-entry=$HOME_IP &> /dev/null + # reload firewall + firewall-cmd --reload &> /dev/null + found=true + fi + done + + if [ "$found" = false ]; then + echo "Error: Unable to remove old cache IP: '$CACHE_IP'; Not Found." + firewall-cmd --info-ipset=node_ips + exit 1 + else + echo "$HOME_IP" > $CACHE_IP_FILE + fi +} + +# Check if we have cache IP +if test -f $CACHE_IP_FILE; then + CACHE_IP=$(cat $CACHE_IP_FILE) + if [ "$HOME_IP" != "$CACHE_IP" ]; then + update_firewall + fi + +else + echo "$HOME_IP" > $CACHE_IP_FILE + CACHE_IP=$HOME_IP + update_firewall +fi +exit 0 \ No newline at end of file