46 lines
1.2 KiB
Bash
Executable file
46 lines
1.2 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
#
|
|
# given an chain, IP/NM and interface insert that IP as an accept into the
|
|
# chain as the next to last rule before global DROP; for instance give
|
|
# chain "hosts_allow":
|
|
#
|
|
# iptables -nL hosts_allow:
|
|
# Chain hosts_allow (1 references)
|
|
# target prot opt source destination
|
|
# ACCEPT all -- 1.2.3.4/28 0.0.0.0/0
|
|
# ACCEPT all -- 4.3.2.1/26 0.0.0.0/0
|
|
# ACCEPT all -- 5.6.7.8/27 0.0.0.0/0
|
|
# ACCEPT all -- 8.7.6.5/24 0.0.0.0/0
|
|
# ACCEPT all -- 2.4.6.8/24 0.0.0.0/0
|
|
# DROP all -- 0.0.0.0/0 0.0.0.0/0
|
|
#
|
|
# example: ./insert_iptable_ip.sh hosts_allow 1.3.5.7/32 eth0
|
|
#
|
|
# SPDX-License-Identifier: MIT
|
|
|
|
# shellcheck disable=SC2046
|
|
if [ $(id -u) -ne 0 ]; then
|
|
echo "Must be root, exiting."
|
|
exit 1
|
|
fi
|
|
|
|
if [ $# -ne 3 ]; then
|
|
echo "Usage: $0 "
|
|
echo "Example: $0 hosts_allow 1.3.5.7/32 eth0"
|
|
exit 2
|
|
fi
|
|
|
|
T_CHAIN=$1
|
|
T_IP=$2
|
|
T_INT=$3
|
|
|
|
# the chain list has two extra lines, subtract those
|
|
C_NUM=$(iptables -nL "${T_CHAIN}" | wc -l)
|
|
# shellcheck disable=SC2004
|
|
C_NUM=$(($C_NUM-2))
|
|
|
|
# insert the IP as the last number (iptables is 1-based) which will push
|
|
# the final global DROP down one line
|
|
iptables -I "${T_CHAIN}" "${C_NUM}" -i "${T_INT}" -s "${T_IP}" -j ACCEPT
|
|
|
|
exit 0
|