Adding new iptables

SpaceY · October 7, 2008, 12:20pm

Hi, I basically want to create a shell script that reads in the /etc/sysconfig/iptables. When it sees the line "-A INPUT -j REJECT --reject-with icmp-host-prohibited" it will create a new line before it and add in the line from another file which will have "-A INPUT -p udp -m udp --dport 27020 -j ACCEPT"
So it will look like:
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p udp -m udp --dport 27020 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Franklin52 · October 8, 2008, 3:02am

Should be something like:

line=`grep your line from the file here`

awk -v var="$line" '/-A INPUT -j REJECT --reject-with icmp-host-prohibited/{print var}1' /etc/sysconfig/iptables

Regards

era · October 8, 2008, 3:14am

Or with sed:

sed '/-A INPUT -j REJECT --reject-with icmp-host-prohibited/i\
-A INPUT -p udp -m udp --dport 27020 -j ACCEPT' file >newfile

There are different dialects of sed so you might need to experiment a bit -- the backslash might or might not be necessary.

SpaceY · October 8, 2008, 4:50pm

Wierd...since I tried both examples and still didnt work

Franklin52 · October 9, 2008, 2:16am

Did you get errors, no output or wrong output?

Regards

era · October 9, 2008, 3:49am

I'm guessing you might have multiple spaces in your input file, but we can't see those because you didn't use code tags -- please post again with those tags around the sample so we can see the spaces if you can't solve this on your own.

SpaceY · October 9, 2008, 8:47am

Yup, in both cases the output is the same as the original iptables file with no modification being done into a new file.

line=`cat ports | grep 27020`
*** the cat grabs the line -A INPUT -p udp -m udp --dport 27020 -j ACCEPT ***
awk -v var="$line" '/-A INPUT -j REJECT --reject-with icmp-host-prohibited/{print var}1' iptables >newiptables

sed '/-A INPUT -j REJECT --reject-with icmp-host-prohibited/i\
-A INPUT -p udp -m udp --dport 27020 -j ACCEPT' iptables >newiptables

This seems to be interesting. you may be right that it could be a spaces issue.

Franklin52 · October 9, 2008, 9:43am

It seems that the line "-A INPUT -j REJECT --reject-with icmp-host-prohibited" don't match exactly with line you want to replace in the file iptables.

Regards