Auto-generating interface address tables
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Auto-generating interface address tables
by Whit Blauvelt
::
Rate this Message:
Hi,
I typically run iptables firewalls with failover provisions, that can result in IPs being added or subtracted from the interfaces. So it's useful to be able to auto-generate a address table which is current for each interface when the compiled firewall script is run. Haven't fully tested, but it looks like this will work: I've created an /etc/fwbuilder directory to store the address tables, which also has a script to create the lists. The script is named "ips.sh": #! /bin/bash IFs="eth0 eth1" ip="/sbin/ip" sort="/usr/bin/sort" awk="/usr/bin/awk" getips() { $ip -f inet addr ls dev $1 | $sort | $awk '/inet / { print $2 }' | $awk -F/ '{ print $1 }'; } for IF in $IFs; do rm "/etc/fwbuilder/$IF.IPs" IPs=`getips $IF` for IP in $IPs; do echo $IP >> "/etc/fwbuilder/$IF.IPs" done done exit 0 In Firewall Settings I have as prolog /etc/fwbuilder/ips.sh Then as an Address Table, selected as Run Time, I have for instance PublicIPs set to read from the file /etc/fwbuilder/eth1.IPs. Whit ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
|
|
Re: Auto-generating interface address tables
by Vadim Kurland ✎
::
Rate this Message:
very cool. Note that if you mark an interface as "dynamic" in fwbuilder GUI, generated script will have shell code similar to yours to extract its ip address at run time. However it won't work if interface has several ip addresses so your solution is a good one. Would you be interested in testing new fwbuilder that has support for failover configurations ? Perhaps it can make these extra scripts unnecessary. --vk On Jul 17, 2009, at 10:52 AM, Whit Blauvelt wrote: > Hi, > > I typically run iptables firewalls with failover provisions, that > can result > in IPs being added or subtracted from the interfaces. So it's useful > to be > able to auto-generate a address table which is current for each > interface > when the compiled firewall script is run. Haven't fully tested, but > it looks > like this will work: > > I've created an /etc/fwbuilder directory to store the address > tables, which > also has a script to create the lists. The script is named "ips.sh": > > > #! /bin/bash > > IFs="eth0 eth1" > ip="/sbin/ip" > sort="/usr/bin/sort" > awk="/usr/bin/awk" > > getips() { > $ip -f inet addr ls dev $1 | $sort | $awk '/inet / { print $2 }' | > $awk -F/ '{ print $1 }'; > } > > for IF in $IFs; do > rm "/etc/fwbuilder/$IF.IPs" > IPs=`getips $IF` > for IP in $IPs; do > echo $IP >> "/etc/fwbuilder/$IF.IPs" > done > done > > exit 0 > > > In Firewall Settings I have as prolog /etc/fwbuilder/ips.sh > > Then as an Address Table, selected as Run Time, I have for instance > PublicIPs set to read from the file /etc/fwbuilder/eth1.IPs. > > Whit > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited > time, > vendors submitting new applications to BlackBerry App World(TM) will > have > the opportunity to enter the BlackBerry Developer Challenge. See > full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > Fwbuilder-discussion mailing list > Fwbuilder-discussion@... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > Vadim Kurland ✍ vadim@... ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Fwbuilder-discussion mailing list Fwbuilder-discussion@... https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion |
| Free embeddable forum powered by Nabble | Forum Help |
