03-16-2006
Variable Substitution
I have run into a wall with my iptables firewall scripting.
I am blocking all of the private side IP addresses on the
WAN interface on systems running NAT. However, if the
system is not running NAT and needs to allow access to
the local LAN on the WAN interface, I need to block all
but one of the private side addresses. These private
side addresses are listed in the variable $RULES.
What I'd like to be able to do is put in a conditional
statement so that if NAT is not running, it will strip
that address range from the $RULES variable so that
the LAN will have access to the system. Something
like this:
LAN=192.168.0.0/16
if [ $NAT=OFF ]; then
(strip range $LAN from the $RULES variable here)
fi
Here is the process that denies the private side addresses:
RULES="127.0.0.0/8 169.254.0.0/16 192.0.2.0/24 248.0.0.0/5 \
10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 224.0.0.0/4 240.0.0.0/5"
for LIST in $RULES; do
$IPT -A INPUT -i eth0 -s $LIST -j DROP
done
I've looked through a number of Bash scripting websites
and haven't found a way to do this yet. I think I must
be looking in the wrong sections or something. Any ideas?
Thanks.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hey All,
I'm trying to clean up a variable using sed but It dosn't seem to work. I'm trying to find all the spaces and replace them with "\ " (a slash and a space). For Example "Hello World" should become "Hello\ World". But it does nothing. If I put it directly into the command line it works... (3 Replies)
Discussion started by: spragueg
3 Replies
2. UNIX for Dummies Questions & Answers
Hi everyone,
I have a simple question to ask :
In a script that I'm writting, I need to create variables on-the-fly.
For instance, for every iterartion of the following loop a var_X variable should be generated :
#!/bin/ksh
a="1 2 3"
for i in $a
do
var_${i}=$i
echo "${var_$i}"
done
... (1 Reply)
Discussion started by: ck-18
1 Replies
3. Shell Programming and Scripting
Hello,
i have another sed question.. I'm trying to do variable substition with sed and i'm running into a problem.
my var1 is a string constructed like this:
filename1 filerev1 filepath1
my var2 is another string constructed like this:
filename2 filerev2 filepath2
when i do... (2 Replies)
Discussion started by: alrinno
2 Replies
4. UNIX for Dummies Questions & Answers
Hi,
That might be pretty simple.
How can I generate a variable name and get their value ?
Thanks a lot.
Something like:
>CUSTOMER_NF=26
> object=CUSTOMER
> echo ${object}_NF
CUSTOMER_NF
> echo ${${object}_NF}
ksh: ${${object}_NF}: 0403-011 The specified substitution is... (7 Replies)
Discussion started by: Leo_NN
7 Replies
5. Shell Programming and Scripting
file1.ksh
#!/bin/ksh
test5_create="I am a man" # test5 will be dynamic and the value will be passed from command line
a=${1}_create
echo $a # i need the output as "I am a man"
./file1.ksh test5 # i run the script like this
any suggessions guys... (1 Reply)
Discussion started by: giri_luck
1 Replies
6. Shell Programming and Scripting
Hi ,
I have a variable as follows,
Temp=`cat ABC.txt | cut -c5-`
This will yeild a part of the date. say , 200912.
I would like to substitute this variable's value in a filename.
eg: File200912F.zip
when i say File$TempF.zip , it is not substituting.
Any help ?
Thanks in... (2 Replies)
Discussion started by: mohanpadamata
2 Replies
7. Shell Programming and Scripting
For example I have variable like below
echo $OUTPUT
/some/path/`uname -n`
when I try to use the variable OUTPUT like below
cd $OUTPUT or cd ${OUTPUT}
I am getting bad substituion error message
$ cd $OUTPUT
ksh: cd: bad substitution
$ cd ${OUTPUT}
ksh: cd: bad substitution
... (1 Reply)
Discussion started by: rajukv
1 Replies
8. Shell Programming and Scripting
Hi,
I have to write a shell script in which I have to substitute a variable within a variable. For example,
var1=aaa
var2=file.$var1.txt
The output should be,
echo $var2
file.aaa.txt
Can someone please help me in getting this. I tried using eval, but it didnt work. I might be using it... (2 Replies)
Discussion started by: grajp002
2 Replies
9. Shell Programming and Scripting
Allright so a quick question.
I'm building a script that will eventually do a full IP subnet scan.
It starts off by first entering an IP address, (capturing host and net ID comes after that) and I want it to use the current IP address if no input is given.
Is there a quick way to define the... (1 Reply)
Discussion started by: BisMarc
1 Replies
10. Shell Programming and Scripting
Hi all,
I have a script with the following gist:
declare -a index=(0 1 2 3 4);
declare -a animals=(dog cat horse penguin cow);
declare -a fruits=(orange apple grapes peach mango);
declare -a drinks=(juice milk coffee tea coke);
declare -a cities=(toronto paris london glasgow... (18 Replies)
Discussion started by: Kingzy
18 Replies
NAT action in tc(8) Linux NAT action in tc(8)
NAME
nat - stateless native address translation action
SYNOPSIS
tc ... action nat DIRECTION OLD NEW
DIRECTION := { ingress | egress }
OLD := IPV4_ADDR_SPEC
NEW := IPV4_ADDR_SPEC
IPV4_ADDR_SPEC := { default | any | all | in_addr[/{prefix|netmask}]
DESCRIPTION
The nat action allows to perform NAT without the overhead of conntrack, which is desirable if the number of flows or addresses to perform
NAT on is large. This action is best used in combination with the u32 filter to allow for efficient lookups of a large number of stateless
NAT rules in constant time.
OPTIONS
ingress
Translate destination addresses, i.e. perform DNAT.
egress Translate source addresses, i.e. perform SNAT.
OLD Specifies addresses which should be translated.
NEW Specifies addresses which OLD should be translated into.
NOTES
The accepted address format in OLD and NEW is quite flexible. It may either consist of one of the keywords default, any or all, represent-
ing the all-zero IP address or a combination of IP address and netmask or prefix length separated by a slash (/) sign. In any case, the
mask (or prefix length) value of OLD is used for NEW as well so that a one-to-one mapping of addresses is assured.
Address translation is done using a combination of binary operations. First, the original (source or destination) address is matched
against the value of OLD. If the original address fits, the new address is created by taking the leading bits from NEW (defined by the
netmask of OLD) and taking the remaining bits from the original address.
There is rudimental support for upper layer protocols, namely TCP, UDP and ICMP. While for the first two only checksum recalculation is
performed, the action also takes care of embedded IP headers in ICMP packets by translating the respective address therein, too.
SEE ALSO
tc(8)
iproute2 12 Jan 2015 NAT action in tc(8)