Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #set -x
- unset DYNHOSTS
- unset DYNIP
- unset HOST_NAME
- ##Add "*/5 * * * * /usr/local/bin/dyn_dns_update.sh > /dev/null 2>&1" to run every 5 mins
- ##Add your dynamic host separated by a space##
- DYNHOSTS="dynamic.host.one dynamic.host.two"
- ##############################
- ##Don't Edit Below this line##
- ##############################
- ## only root can run this script
- if [ "$(id -u)" != "0" ]; then
- echo "Error: This script must be run as root -- Exiting Script"
- exit 1
- fi
- # Install DNS Utils #
- if ! dpkg -l | grep dnsutils >/dev/null 2>&1 ; then
- apt-get update -qq
- apt-get install dnsutils -y -qq
- fi
- # Add chain(s) to INPUT/OUTPUT filter if they do not exist
- if ! /sbin/iptables -C INPUT -i lo -j ACCEPT >/dev/null 2>&1 ; then
- /sbin/iptables -A INPUT -i lo -j ACCEPT
- fi
- if ! /sbin/iptables -C INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >/dev/null 2>&1 ; then
- /sbin/iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
- fi
- if ! /sbin/iptables -C INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT >/dev/null 2>&1 ; then
- /sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
- fi
- if ! /sbin/iptables -C INPUT -s 10.128.0.0/9 -j ACCEPT >/dev/null 2>&1 ; then
- /sbin/iptables -A INPUT -s 10.128.0.0/9 -j ACCEPT
- fi
- # Set default chain policies
- if [ "`/sbin/iptables -L | grep OUTPUT | awk '{ print $4 }' | sed 's/.$//'`" != "ACCEPT" ] ; then
- /sbin/iptables -P OUTPUT ACCEPT
- fi
- if [ "`/sbin/iptables -L | grep FORWARD | awk '{ print $4 }' | sed 's/.$//'`" != "DROP" ] ; then
- /sbin/iptables -P FORWARD DROP
- fi
- if [ "`/sbin/iptables -L | grep INPUT | awk '{ print $4 }' | sed 's/.$//'`" != "DROP" ] ; then
- /sbin/iptables -P INPUT DROP
- fi
- # Update Dynamic Host
- for HOST_NAME in $DYNHOSTS; do
- DYNIP=$(host $HOST_NAME | grep -iE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" |cut -f4 -d' '|head -n 1)
- # Exit if invalid IP address is returned
- case $DYNIP in
- 0.0.0.0 )
- exit 1 ;;
- 255.255.255.255 )
- exit 1 ;;
- esac
- # Exit if IP address not in proper format
- if ! [[ $DYNIP =~ (([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) ]]; then
- exit 1
- fi
- # If chain for remote doesn't exist, create it
- if ! /sbin/iptables -L $HOST_NAME -n >/dev/null 2>&1 ; then
- /sbin/iptables -N $HOST_NAME >/dev/null 2>&1
- fi
- # Check IP address to see if the chain matches first; skip rest of script if update is not needed
- if ! /sbin/iptables -C $HOST_NAME -s $DYNIP -p tcp --dport 8080 -j ACCEPT >/dev/null 2>&1 ; then
- # Flush old rules
- /sbin/iptables -F $HOST_NAME >/dev/null 2>&1
- #Add new rule
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8443 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8080 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8880 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8843 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 6789 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 443 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 80 -j ACCEPT
- /sbin/iptables -I $HOST_NAME -s $DYNIP -p udp --dport 3478 -j ACCEPT
- fi
- # Add chain to INPUT filter if it doesn't exist
- if ! /sbin/iptables -C INPUT -t filter -j $HOST_NAME >/dev/null 2>&1 ; then
- /sbin/iptables -A INPUT -t filter -j $HOST_NAME
- fi
- done
Add Comment
Please, Sign In to add comment