1 |
touch /usr/local/sbin/firewall_dynamic_update.bash |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
#!/bin/bash HOSTNAME=yourhost.ddns.net LOGFILE=$HOME/ufw.$HOSTNAME.log Current_IP=$(host $HOSTNAME | head -n1 | cut -f4 -d ' ') if [ ! -f $LOGFILE ]; then /usr/sbin/ufw allow from $Current_IP to any port 2222 /usr/sbin/ufw allow from $Current_IP to any port 9090 /usr/sbin/ufw allow from $Current_IP to any port 8443 echo $Current_IP > $LOGFILE else Old_IP=$(cat $LOGFILE) if [ "$Current_IP" = "$Old_IP" ] ; then echo IP address has not changed else /usr/sbin/ufw delete allow from $Current_IP to any port 2222 /usr/sbin/ufw delete allow from $Current_IP to any port 9090 /usr/sbin/ufw delete allow from $Current_IP to any port 8443 /usr/sbin/ufw allow from $Current_IP to any port 2222 /usr/sbin/ufw allow from $Current_IP to any port 9090 /usr/sbin/ufw allow from $Current_IP to any port 8443 echo $Current_IP > $LOGFILE echo iptables have been updated fi fi |
1 2 |
sudo chown root:root /usr/local/sbin/firewall_dynamic_update.bash sudo chmod +x /usr/local/sbin/firewall_dynamic_update.bash |
1 2 |
sudo crontab -e */5 * * * * /usr/local/sbin/firewall_dynamic_update.bash > /dev/null 2>&1 |