dyn_dns_update.sh

1. #!/bin/bash
2. #set -x
3.  
4. ##Add your dynamic host separated by a space##
5. DYNHOSTS="dynamic.host.number1 dynamic.host.number2"
6.  
7. ##############################
8. ##Don't Edit Below this line##
9. ##############################
10. unset DYNHOSTS
11. unset DYNIP
12. unset HOST_NAME
13.  
14. ## only root can run this script
15. if [ "$(id -u)" != "0" ]; then
16.    echo "Error: This script must be run as root -- Exiting Script"
17.    exit 1
18. fi
19.  
20. # Install DNS Utils #
21. if ! dpkg -l | grep dnsutils >/dev/null 2>&1 ; then
22.     apt-get update
23.     apt-get install dnsutils -y
24. fi
25.  
26. # Add chain(s) to INPUT/OUTPUT filter if they do not exist
27. if ! /sbin/iptables -C INPUT -p tcp -m multiport --dports 8443 -j f2b-unifi-controller >/dev/null 2>&1 ; then
28.     /sbin/iptables -A INPUT -p tcp -m multiport --dports 8443 -j f2b-unifi-controller
29. fi
30.  
31. if ! /sbin/iptables -C INPUT -p tcp -m multiport --dports 22 -j f2b-sshd >/dev/null 2>&1 ; then
32.     /sbin/iptables -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd
33. fi
34.  
35. if ! /sbin/iptables -C f2b-sshd -j RETURN >/dev/null 2>&1 ; then
36.     /sbin/iptables -A f2b-sshd -j RETURN
37. fi
38.  
39. if ! /sbin/iptables -C f2b-unifi-controller -j RETURN >/dev/null 2>&1 ; then
40.     /sbin/iptables -A f2b-unifi-controller -j RETURN
41. fi
42.  
43. if ! /sbin/iptables -C INPUT -i lo -j ACCEPT >/dev/null 2>&1 ; then
44.     /sbin/iptables -A INPUT -i lo -j ACCEPT
45. fi
46.  
47. if ! iptables -C OUTPUT -o lo -j ACCEPT >/dev/null 2>&1 ; then
48.     /sbin/iptables -A OUTPUT -o lo -j ACCEPT
49. fi
50.  
51. if ! /sbin/iptables -C INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >/dev/null 2>&1 ; then
52.     /sbin/iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
53. fi
54.  
55. # Set default chain policies
56. if [ "`sudo iptables -L | grep OUTPUT |  awk '{ print $4 }' | sed 's/.$//'`" != "ACCEPT" ]  ; then
57.     /sbin/iptables -P OUTPUT ACCEPT
58. fi
59. if [ "`sudo iptables -L | grep FORWARD |  awk '{ print $4 }' | sed 's/.$//'`" != "DROP" ]  ; then
60.     /sbin/iptables -P FORWARD DROP
61. fi
62. if [ "`sudo iptables -L | grep INPUT |  awk '{ print $4 }' | sed 's/.$//'`" != "DROP" ]  ; then
63.     /sbin/iptables -P INPUT DROP
64. fi
65.  
66. # Update Dynamic Host
67. for HOST_NAME in $DYNHOSTS; do
68.         DYNIP=$(host $HOST_NAME | grep -iE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" |cut -f4 -d' '|head -n 1)
69.  
70.         # Exit if invalid IP address is returned
71.         case $DYNIP in
72.                 0.0.0.0 )
73.                         exit 1 ;;
74.                 255.255.255.255 )
75.                         exit 1 ;;
76.         esac
77.  
78.         # Exit if IP address not in proper format
79.         if ! [[ $DYNIP =~               (([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) ]]; then
80.                 exit 1
81.         fi
82.  
83.         # If chain for remote doesn't exist, create it
84.         if ! /sbin/iptables -L $HOST_NAME -n >/dev/null 2>&1 ; then
85.             /sbin/iptables -N $HOST_NAME >/dev/null 2>&1
86.         fi
87.        
88.         # Check IP address to see if the chain matches first; skip rest of script if update is not needed
89.         if ! /sbin/iptables -C $HOST_NAME -s $DYNIP -j ACCEPT >/dev/null 2>&1 ; then
90.  
91.                 # Flush old rules
92.                 /sbin/iptables -F $HOST_NAME >/dev/null 2>&1
93.  
94.                 #Add new rule
95.                 /sbin/iptables -I $HOST_NAME -s $DYNIP -j ACCEPT
96.  
97.                 # Add chain to INPUT filter if it doesn't exist
98.                 if ! /sbin/iptables -C INPUT -t filter -j $HOST_NAME >/dev/null 2>&1 ; then
99.                      /sbin/iptables -t filter -I INPUT -j $HOST_NAME
100.                 fi
101.         fi
102.  
103. done