gc_unifi_dynamic_dns_update.sh

#!/bin/bash
#set -x
unset DYNHOSTS
unset DYNIP
unset HOST_NAME

##Add "*/5 * * * * /usr/local/bin/dyn_dns_update.sh > /dev/null 2>&1" to run every 5 mins
##Add your dynamic host separated by a space##
DYNHOSTS="dynamic.host.one dynamic.host.two"

##############################
##Don't Edit Below this line##
##############################

## only root can run this script
if [ "$(id -u)" != "0" ]; then
   echo "Error: This script must be run as root -- Exiting Script"
   exit 1
fi

# Install DNS Utils #
if ! dpkg -l | grep dnsutils >/dev/null 2>&1 ; then
    apt-get update -qq
    apt-get install dnsutils -y -qq
fi

# Add chain(s) to INPUT/OUTPUT filter if they do not exist
if ! /sbin/iptables -C INPUT -i lo -j ACCEPT >/dev/null 2>&1 ; then
    /sbin/iptables -A INPUT -i lo -j ACCEPT
fi

if ! /sbin/iptables -C INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT >/dev/null 2>&1 ; then
    /sbin/iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
fi

if ! /sbin/iptables -C INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT >/dev/null 2>&1 ; then
    /sbin/iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
fi

if ! /sbin/iptables -C INPUT -s 10.128.0.0/9 -j ACCEPT >/dev/null 2>&1 ; then
    /sbin/iptables -A INPUT -s 10.128.0.0/9 -j ACCEPT
fi


# Set default chain policies
if [ "`/sbin/iptables -L | grep OUTPUT |  awk '{ print $4 }' | sed 's/.$//'`" != "ACCEPT" ]  ; then
    /sbin/iptables -P OUTPUT ACCEPT
fi
if [ "`/sbin/iptables -L | grep FORWARD |  awk '{ print $4 }' | sed 's/.$//'`" != "DROP" ]  ; then
    /sbin/iptables -P FORWARD DROP
fi
if [ "`/sbin/iptables -L | grep INPUT |  awk '{ print $4 }' | sed 's/.$//'`" != "DROP" ]  ; then
    /sbin/iptables -P INPUT DROP
fi

# Update Dynamic Host
for HOST_NAME in $DYNHOSTS; do
        DYNIP=$(host $HOST_NAME | grep -iE "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" |cut -f4 -d' '|head -n 1)

        # Exit if invalid IP address is returned
        case $DYNIP in
                0.0.0.0 )
                        exit 1 ;;
                255.255.255.255 )
                        exit 1 ;;
        esac

        # Exit if IP address not in proper format
        if ! [[ $DYNIP =~               (([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]) ]]; then
                exit 1
        fi

        # If chain for remote doesn't exist, create it
        if ! /sbin/iptables -L $HOST_NAME -n >/dev/null 2>&1 ; then
            /sbin/iptables -N $HOST_NAME >/dev/null 2>&1
        fi

        # Check IP address to see if the chain matches first; skip rest of script if update is not needed
        if ! /sbin/iptables -C $HOST_NAME -s $DYNIP -p tcp --dport 8080 -j ACCEPT >/dev/null 2>&1 ; then

                # Flush old rules
                /sbin/iptables -F $HOST_NAME >/dev/null 2>&1

                #Add new rule
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8443 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8080 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8880 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 8843 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 6789 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 443 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p tcp --dport 80 -j ACCEPT
                /sbin/iptables -I $HOST_NAME -s $DYNIP -p udp --dport 3478 -j ACCEPT


        fi

        # Add chain to INPUT filter if it doesn't exist
        if ! /sbin/iptables -C INPUT -t filter -j $HOST_NAME >/dev/null 2>&1 ; then
             /sbin/iptables -A INPUT -t filter -j $HOST_NAME
        fi

done