Shell Programming and Scripting

Here is my situation. You can make all kinds of comments about how I am doing it and why from the networking standpoint, but I am really only looking for comments on how to make it work. Of course, any other ideas for how to do this would be welcome.

I have an iptables firewall that allows only specific ips in to the ftp port. I have a user who needs ftp access but works from a variety of locations and thus, the ip is constantly changing.

So, I read about "port knocking" and my idea is an offshoot of that.

I created a web page that captures the users ip address at the time and writes it to a file. I have two other text files that include the other parts of the iptables string needed for the firewall.

Here is file1.txt:

/sbin/iptables -A INPUT -p tcp -s

Here is ip.txt: (actual ip address masked from forum)

my.ip.my.ip

Here is file 3.txt:

--destination-port 21 -j ACCEPT

So, the idea is that I capture the ip into ip.txt, then cat the three files like this and use sed to put them back on one line, separated by spaces.

cat 1.txt ip.txt 3.txt | sed -n -e ":a" -e "$ s/\n//gp;N;b a" > final.txt

So, now I have the file final.txt that looks like this:

/sbin/iptables -A INPUT -p tcp -s my.ip.my.ip --destination-port 21 -j ACCEPT

The next step is to modify the firewall. I could rename this file to updatefirewall.sh and use this file as a script to modify the firewall like this:

./updatefirewall.sh or something like that.

Or, I could use sed or some other utility to do a search and replace/substitute on the actual firewall script that I have in place. The comment for that particular entry has a distinguishing character at the end of it, so I could search for the string and do a replace with the new string. I came up with the following, which looks for the end of the comment (#) and a new line (\n), and then an ip address and replaces it with "showboat".

sed 'N;s/#\n/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*/showboat/'

That was just for a test. I actually need to replace it with the line:

/sbin/iptables -A INPUT -p tcp -s my.ip.my.ip --destination-port 21 -j ACCEPT

which would be read from the text file final.txt.

So, after all that, my question is, is there a way for sed to read in a string from a file, or would I really need to create a sed script with variables and such?

Here is my situation. You can make all kinds of comments about how I am doing it and why from the networking standpoint, but I am really only looking for comments on how to make it work. Of course, any other ideas for how to do this would be welcome.

I have an iptables firewall that allows only specific ips in to the ftp port. I have a user who needs ftp access but works from a variety of locations and thus, the ip is constantly changing.

So, I read about "port knocking" and my idea is an offshoot of that.

I created a web page that captures the users ip address at the time and writes it to a file. I have two other text files that include the other parts of the iptables string needed for the firewall.

Here is file1.txt:

/sbin/iptables -A INPUT -p tcp -s

Here is ip.txt, the ip was captured: (actual ip address masked from forum)

my.ip.my.ip

Here is file 3.txt:

--destination-port 21 -j ACCEPT

So, the idea is that I capture the ip into ip.txt, then cat the three files like this and use sed to put them back on one line, separated by spaces.

cat 1.txt ip.txt 3.txt | sed -n -e ":a" -e "$ s/\n//gp;N;b a" > final.txt

So, now I have the file final.txt that looks like this:

/sbin/iptables -A INPUT -p tcp -s my.ip.my.ip --destination-port 21 -j ACCEPT

The next step is to modify the firewall. I could rename this file to updatefirewall.sh and use this file as a script to modify the firewall like this:

./updatefirewall.sh or something like that.

Or, I could use sed or some other utility to do a search and replace/substitute on the actual firewall script that I have in place. The comment for that particular entry has a distinguishing character at the end of it, so I could search for the string and do a replace with the new string. I came up with the following, which looks for the end of the comment (#) and a new line (\n), and then an ip address and replaces it with "showboat".

sed 'N;s/#\n/[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*/showboat/'

That was just for a test. It seems to only work if I provide the entire string to replace. I actually need to replace it with the line:

/sbin/iptables -A INPUT -p tcp -s my.ip.my.ip --destination-port 21 -j ACCEPT

which would be read from the text file final.txt.

So, after all that, my question is, is there a way for sed to read in a string from a file, or would I really need to create a sed script with variables and such?