Created
January 14, 2024 08:19
-
-
Save yunginnanet/b7fe09e137f7c98d406db128e8224305 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# example output: | |
# cleaning duplicate netfilter rules... | |
# updating netfilter rules... | |
# updating iptables... | |
# latest: SHA256 (-) = e32144dcf88d333d2ecfbce61fc2392045c462b3370093b70bd5429c3ae9e922 | |
# current: SHA256 (-) = e32144dcf88d333d2ecfbce61fc2392045c462b3370093b70bd5429c3ae9e922 | |
# backing up old rules... | |
# renamed '/etc/iptables/rules.v4' -> '/etc/iptables/rules.v4.1705220025' | |
# installing new rules... | |
# iptables is now up to date | |
# updating ip6tables... | |
# latest: SHA256 (-) = 7f9b202202eebe6ece23323f206a7aa3b3f1cde90df9cd43dfc4b32ef23f0507 | |
# current: SHA256 (-) = 7f9b202202eebe6ece23323f206a7aa3b3f1cde90df9cd43dfc4b32ef23f0507 | |
# backing up old rules... | |
# renamed '/etc/iptables/rules.v6' -> '/etc/iptables/rules.v6.1705220025' | |
# installing new rules... | |
# ip6tables is now up to date | |
function ipt() { | |
local _cmd="iptables" | |
local _num="4" | |
if [ "$1" == "-6" ]; then | |
_cmd="ip6tables" | |
_num="6" | |
fi | |
echo "updating ${_cmd}..." | |
_ipt="$(sudo "${_cmd}-save")" || return 1 | |
_iptSum="$(echo "$_ipt" | sha256sum --tag)" || return 1 | |
echo "latest: ""${_iptSum}""" | |
_curSum="$(sha256sum --tag </etc/iptables/rules.v${_num})" || return 1 | |
echo "current: ""${_iptSum}""" | |
# check if iptables is already up to date | |
if [ "$_iptSum" = "$_curSum" ]; then | |
echo "${_cmd} is already up to date" | |
return 0 | |
fi | |
echo "backing up old rules..." | |
sudo mv -vn "/etc/iptables/rules.v${_num}" "/etc/iptables/rules.v${_num}.$(date +%s)" || return 1 | |
echo "installing new rules..." | |
echo "$_ipt" | sudo tee "/etc/iptables/rules.v${_num}" >/dev/null || return 1 | |
_curSum="$(sha256sum --tag </etc/iptables/rules.v${_num})" | |
if [ "$_iptSum" == "$_curSum" ]; then | |
echo "${_cmd} is now up to date" | |
return 0 | |
else | |
echo "something went wrong (race?)" | |
return 1 | |
fi | |
} | |
dedup() { | |
ipt="iptables -w" | |
iptables-save | sed -n "/$1/,/COMMIT/p" | grep "^-" | sort | uniq -dc | while read l; do | |
c=$(echo "$l" | sed "s|^[ ]*\([0-9]*\).*$|\1|") | |
rule=$(echo "$l" | sed "s|^[ ]*[0-9]* -A\(.*\)$|-t $1 -D\1|") | |
while [ ${c} -gt 1 ]; do | |
echo "iptables $rule" | |
eval "${ipt} ${rule}" | |
c=$((c - 1)) | |
done | |
done | |
} | |
dedup6() { | |
ip6t="ip6tables -w" | |
ip6tables-save | sed -n "/$1/,/COMMIT/p" | grep "^-" | sort | uniq -dc | while read l; do | |
c=$(echo "$l" | sed "s|^[ ]*\([0-9]*\).*$|\1|") | |
rule=$(echo "$l" | sed "s|^[ ]*[0-9]* -A\(.*\)$|-t $1 -D\1|") | |
while [ ${c} -gt 1 ]; do | |
echo "ip6tables $rule" | |
eval "${ip6t} ${rule}" | |
c=$((c - 1)) | |
done | |
done | |
} | |
function update-netfilter-rules() { | |
echo "cleaning duplicate netfilter rules..." | |
# sourcing the current file's location because I have this in `~/.oh-my-bash/aliases/kayos.aliases.sh` vs a standalone script | |
# meaning sourcing whatever file these funcs are in assures the above functions are in my local scope upon exec. | |
_cmd="source ${BASH_SOURCE[0]} && \ | |
dedup filter && \ | |
dedup nat && \ | |
dedup mangle && \ | |
dedup raw && \ | |
dedup6 filter && \ | |
dedup6 nat && \ | |
dedup6 mangle && \ | |
dedup6 raw" | |
sudo bash -c "${_cmd}" | |
echo "updating netfilter rules..." | |
ipt || return 1 | |
ipt -6 || return 1 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment