Last active
September 11, 2018 18:59
-
-
Save cristianrasch/f7d4bfbb457cc4f8235a425c70476236 to your computer and use it in GitHub Desktop.
Whitelist IP for Squid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# USAGE: ssh REMOTE_HOST "~/bin/whitelist-ip-4-squid ROSALES $(public-ip)" | |
SQUID_CONFIG=/etc/squid/squid.conf | |
LABEL="$1" | |
NEW_IP="$2" | |
# echo "LABEL: $LABEL, NEW IP: $NEW_IP" | |
# find out the previous IP associated with LABEL | |
IP_RE='[0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3}' | |
OLD_IP=$(egrep "acl $LABEL src ($IP_RE)" $SQUID_CONFIG | cut -d ' ' -f 4) | |
# echo "OLD IP: $OLD_IP" | |
echo "Changing old IP: $OLD_IP => new IP: ${NEW_IP} for label '${LABEL}'" | |
# substitute OLD_IP for NEW_IP | |
sudo sed -i -E -e "s/(acl $LABEL src) $IP_RE/\1 $NEW_IP/" $SQUID_CONFIG | |
sudo systemctl reload squid | |
UFW_RULE_NBR=$(sudo ufw status numbered | egrep "3128/tcp\s+ALLOW IN\s+$OLD_IP" | sed -E 's/^\[([0-9]+)\]/\1/' | cut -d ' ' -f 1) | |
# echo "UFW RULE NBR: $UFW_RULE_NBR" | |
sudo ufw allow proto tcp from $NEW_IP to any port 3128 | |
yes | sudo ufw delete $UFW_RULE_NBR |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment