Register
It is currently Mon Nov 24, 2014 7:52 am

Open firewall access remotely


All times are UTC - 6 hours


Post new topic Reply to topic  [ 3 posts ] 
Author Message
 PostPosted: Sat Sep 02, 2006 10:47 am   
User avatar

Joined: Sat Sep 02, 2006 10:19 am
Posts: 13
Location: United Kingdom
This script does a DNS lookup on an hostname and then adds access for that address to the firewall. You just need a Dynamic DNS acount which you then update with your current IP to get access through the firewall.

This script should be run from cron. Change the myHosts variable to contain your ddns domain name and change myPorts to be the ports you want to allow access to. Ofcourse you need a iptables chain setup with a return rule at the bottom.

For more information see http://www.badpenguin.co.uk/main/content/view/20/35/

Enjoy

Code:
#!/bin/bash
# ddnsholes (c) 2006 http://www.badpenguin.co.uk

# Space separated list of hostnames to allow
myHosts="somehost.dyndns.com someotherhost.dyndns.com"

# Space separated list of ports to allow
myPorts="22 80"

# Netfilter / IPTables Chain
chain=DDNS

PATH=/usr/sbin:/usr/bin:/sbin:/bin

DIG="dig +short"
cache=/var/cache/ddns
newca=/var/cache/ddns.current
log=/var/log/ddnshole.log

# Flush the chain and add the return
cat > $newca <<-EOF
   iptables -F $chain
   iptables -A $chain -j RETURN
EOF

# Our host will always have some IP so check that we're not running with an empty ruleset
lines=$( iptables -L $chain | wc -l )
if [ $lines -eq 3 ]
then
   # There are no entries in the chain, copy the newca over cache.
   cp $newca $cache
fi


# for each host add some rules
for host in $myHosts
do
   addr=$( $DIG $host | tail -n 1 )
   if [  "$(echo $addr | sed -e 's/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*/success/g')" == "success" ]
   then
      for port in $myPorts
      do
         echo "iptables -I $chain -s $addr -p tcp --dport $port -j ACCEPT # $host " >> $newca
      done
   else
      date +"DNS Check Failed: %Y%m%d %H:%M" >> $log
      echo "No dns info for $host? addr = \"$addr\"" >> $log
      echo "No updates this time" >> $log
      echo >> $log
   fi
done

if [ -f $cache ]
then
   differ=$( diff --brief $cache $newca )
else
   differ=yes
fi

if [ -n "$differ" ]
then
   date +"Changed IP: %Y%m%d %H:%M" >> $log
   grep "#" $newca >> $log
   echo >> $log
   cp $newca $cache
   cat $cache | bash
fi


Top
 Profile WWW ICQ  
 PostPosted: Sat Sep 02, 2006 7:00 pm   
Site Admin
User avatar

Joined: Sun May 15, 2005 9:36 pm
Posts: 673
Location: Des Moines, Iowa
Interesting. Thanks.

Welcome to bashscripts.org btw :)


Top
 Profile WWW  
 PostPosted: Mon Sep 04, 2006 2:12 am   
User avatar

Joined: Sat Sep 02, 2006 10:19 am
Posts: 13
Location: United Kingdom
Thank you and thank you.

I use this ddns script mostly for friends who have dynamic IP addresses. They set up a ddns account and then I keep track of their IP with this. It works pretty well.

I don't use it for roaming access myself anymore as I have a perl script which authenticates me with GPG encrypted email, You can see that here if you're interested http://www.badpenguin.co.uk/main/content/view/19/35/, but it's not bash.


Top
 Profile WWW ICQ  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP