Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Variable Substitution
Top Forums Shell Programming and Scripting Variable Substitution Post 102234 by garak on Thursday 16th of March 2006 11:09:52 AM
Old 03-16-2006
Variable Substitution
I have run into a wall with my iptables firewall scripting.
I am blocking all of the private side IP addresses on the
WAN interface on systems running NAT. However, if the
system is not running NAT and needs to allow access to
the local LAN on the WAN interface, I need to block all
but one of the private side addresses. These private
side addresses are listed in the variable $RULES.

What I'd like to be able to do is put in a conditional
statement so that if NAT is not running, it will strip
that address range from the $RULES variable so that
the LAN will have access to the system. Something
like this:

LAN=192.168.0.0/16

if [ $NAT=OFF ]; then
(strip range $LAN from the $RULES variable here)
fi

Here is the process that denies the private side addresses:

RULES="127.0.0.0/8 169.254.0.0/16 192.0.2.0/24 248.0.0.0/5 \
10.0.0.0/8 172.16.0.0/16 192.168.0.0/16 224.0.0.0/4 240.0.0.0/5"

for LIST in $RULES; do
$IPT -A INPUT -i eth0 -s $LIST -j DROP
done

I've looked through a number of Bash scripting websites
and haven't found a way to do this yet. I think I must
be looking in the wrong sections or something. Any ideas?

Thanks.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Substitution in a variable

Hey All, I'm trying to clean up a variable using sed but It dosn't seem to work. I'm trying to find all the spaces and replace them with "\ " (a slash and a space). For Example "Hello World" should become "Hello\ World". But it does nothing. If I put it directly into the command line it works... (3 Replies)
Discussion started by: spragueg
3 Replies

2. UNIX for Dummies Questions & Answers

variable substitution

Hi everyone, I have a simple question to ask : In a script that I'm writting, I need to create variables on-the-fly. For instance, for every iterartion of the following loop a var_X variable should be generated : #!/bin/ksh a="1 2 3" for i in $a do var_${i}=$i echo "${var_$i}" done ... (1 Reply)
Discussion started by: ck-18
1 Replies

3. Shell Programming and Scripting

Sed variable substitution when variable constructed of a directory path

Hello, i have another sed question.. I'm trying to do variable substition with sed and i'm running into a problem. my var1 is a string constructed like this: filename1 filerev1 filepath1 my var2 is another string constructed like this: filename2 filerev2 filepath2 when i do... (2 Replies)
Discussion started by: alrinno
2 Replies

4. UNIX for Dummies Questions & Answers

Variable substitution

Hi, That might be pretty simple. How can I generate a variable name and get their value ? Thanks a lot. Something like: >CUSTOMER_NF=26 > object=CUSTOMER > echo ${object}_NF CUSTOMER_NF > echo ${${object}_NF} ksh: ${${object}_NF}: 0403-011 The specified substitution is... (7 Replies)
Discussion started by: Leo_NN
7 Replies

5. Shell Programming and Scripting

variable substitution

file1.ksh #!/bin/ksh test5_create="I am a man" # test5 will be dynamic and the value will be passed from command line a=${1}_create echo $a # i need the output as "I am a man" ./file1.ksh test5 # i run the script like this any suggessions guys... (1 Reply)
Discussion started by: giri_luck
1 Replies

6. Shell Programming and Scripting

Variable Substitution

Hi , I have a variable as follows, Temp=`cat ABC.txt | cut -c5-` This will yeild a part of the date. say , 200912. I would like to substitute this variable's value in a filename. eg: File200912F.zip when i say File$TempF.zip , it is not substituting. Any help ? Thanks in... (2 Replies)
Discussion started by: mohanpadamata
2 Replies

7. Shell Programming and Scripting

How to use variable with command substitution in variable

For example I have variable like below echo $OUTPUT /some/path/`uname -n` when I try to use the variable OUTPUT like below cd $OUTPUT or cd ${OUTPUT} I am getting bad substituion error message $ cd $OUTPUT ksh: cd: bad substitution $ cd ${OUTPUT} ksh: cd: bad substitution ... (1 Reply)
Discussion started by: rajukv
1 Replies

8. Shell Programming and Scripting

Variable substitution

Hi, I have to write a shell script in which I have to substitute a variable within a variable. For example, var1=aaa var2=file.$var1.txt The output should be, echo $var2 file.aaa.txt Can someone please help me in getting this. I tried using eval, but it didnt work. I might be using it... (2 Replies)
Discussion started by: grajp002
2 Replies

9. Shell Programming and Scripting

read variable substitution

Allright so a quick question. I'm building a script that will eventually do a full IP subnet scan. It starts off by first entering an IP address, (capturing host and net ID comes after that) and I want it to use the current IP address if no input is given. Is there a quick way to define the... (1 Reply)
Discussion started by: BisMarc
1 Replies

10. Shell Programming and Scripting

Variable substitution with arrays

Hi all, I have a script with the following gist: declare -a index=(0 1 2 3 4); declare -a animals=(dog cat horse penguin cow); declare -a fruits=(orange apple grapes peach mango); declare -a drinks=(juice milk coffee tea coke); declare -a cities=(toronto paris london glasgow... (18 Replies)
Discussion started by: Kingzy
18 Replies

LEARN ABOUT LINUX

nat

NAT action in tc(8)						       Linux						       NAT action in tc(8)

NAME

       nat - stateless native address translation action

SYNOPSIS

       tc ... action nat DIRECTION OLD NEW

       DIRECTION := { ingress | egress }

       OLD := IPV4_ADDR_SPEC

       NEW := IPV4_ADDR_SPEC

       IPV4_ADDR_SPEC := { default | any | all | in_addr[/{prefix|netmask}]

DESCRIPTION

       The  nat  action allows to perform NAT without the overhead of conntrack, which is desirable if the number of flows or addresses to perform
       NAT on is large. This action is best used in combination with the u32 filter to allow for efficient lookups of a large number of  stateless
       NAT rules in constant time.

OPTIONS

       ingress
	      Translate destination addresses, i.e. perform DNAT.

       egress Translate source addresses, i.e. perform SNAT.

       OLD    Specifies addresses which should be translated.

       NEW    Specifies addresses which OLD should be translated into.

NOTES

       The  accepted address format in OLD and NEW is quite flexible. It may either consist of one of the keywords default, any or all, represent-
       ing the all-zero IP address or a combination of IP address and netmask or prefix length separated by a slash (/) sign.  In  any	case,  the
       mask (or prefix length) value of OLD is used for NEW as well so that a one-to-one mapping of addresses is assured.

       Address	translation  is  done  using  a  combination  of binary operations. First, the original (source or destination) address is matched
       against the value of OLD.  If the original address fits, the new address is created by taking the leading bits from  NEW  (defined  by  the
       netmask of OLD) and taking the remaining bits from the original address.

       There  is  rudimental  support for upper layer protocols, namely TCP, UDP and ICMP.  While for the first two only checksum recalculation is
       performed, the action also takes care of embedded IP headers in ICMP packets by translating the respective address therein, too.

SEE ALSO

       tc(8)

iproute2							    12 Jan 2015 					       NAT action in tc(8)
All times are GMT -4. The time now is 01:11 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy