How to create an executable bash script for these commands?

thixeqi · May 25, 2014, 1:38am

I wish to create an executable bash script that will run the following commands as root, that is, using sudo su

iptables-save | awk '/^
[*]/ { print $1 } 
                     /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }
                     /COMMIT/ { print $0; }' | iptables-restore

My first attempt at bash scripting is as follows:

#!/bin/bash
sudo su
iptables-save | awk '/^
[*]/ { print $1 } 
                     /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }
                     /COMMIT/ { print $0; }' | iptables-restore
sleep 3;
exit 0

Could someone correct the above and make it workable?

sea · May 25, 2014, 5:07am

Save this as a regular text file, from within your favorite text editor, such as gedit, leafpad, eclipse, or alike...

#!/bin/bash
iptables-save | awk '/^[*]/ { print $1 } 
                     /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }
                     /COMMIT/ { print $0; }' | iptables-restore
sleep 3;
exit 0

Right click the file, open properties, switch the register and set 'execute' flag to actvie (or to all users).

Since a regular user, cannot save a script in /usr/bin, (or just /bin), you either can do:

sudo cp ./myscript /usr/bin/

OR
# Assuming the file and you are in your $HOME directory

mv ./myscript ./bin

Once copied, it's 'public' (on your computer) availble, and can be executed like:

sudo myscript

If you have moved the file to your custom bin folder ($HOME/bin is a default location), you have to call it like:

sudo $(which myscript)

sudo su is unnesecary and not recomended.

hth

EDIT:
Or within the script, simply:

sudo iptables-save | awk '......

thixeqi · May 25, 2014, 7:15am

How do you transform the following into a single line?

iptables-save | awk '/^
[*]/ { print $1 } 
                     /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }
                     /COMMIT/ { print $0; }' | iptables-restore

Does it look like this?

iptables-save | awk '^
[*] { print $1 } ^:[A-Z]+ [^-] { print $1 " ACCEPT" ; } COMMIT { print $0; }' | iptables-restore

I removed the "/" wherever it appears. Am I correct to state that the "/" is used to break a long line into smaller lines?

What I plan to do is:

#!/bin/bash
iptables-save | awk '^
[*] { print $1 } ^:[A-Z]+ [^-] { print $1 " ACCEPT" ; } COMMIT { print $0; }' | iptables-restore
sleep 3;
exit 0

Save the above and call it cleariptables.sh. I will set it as executable.

It will be placed in a folder called bin in the following path: /home/bonafide/bin/

(bonafide is the username)

I will create a shortcut to cleariptables.sh on the desktop. The contents of the shortcut will be:

[Desktop Entry]
Version=1.0
Type=Application
Terminal=true
Icon[en_US]=nm-device-wired
Name[en_US]=ClearIPtables
Exec=gksudo /home/bonafide/bin/cleariptables.sh
Comment[en_US]=Flush iptables filters
Name=ClearIPtables
Comment=Flush iptables script
Icon=nm-device-wired

Whenever I click on the desktop shortcut, I will be prompted to enter the password and the script will run.

sea · May 25, 2014, 7:46am

No, its the '\' to break a line.

Cant help you with the awk part, use it too rarley.

But by making a single line, i was refering to the (your prior) usage of:

sudo su
iptables-save...

As the syntax goes like:

sudo command
# OR
su -c "command"

Rest looks fine.
But i wouldnt execute the script from GUI (icon) as long you're unsure if it works.

hth

thixeqi · May 25, 2014, 8:25am

Thanks for the tip.

If '\' is used to break lines, then there is none in the code.

Could you help me transform the following 3 lines into a single line please?

iptables-save | awk '/^
[*]/ { print $1 } 
                     /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }
                     /COMMIT/ { print $0; }' | iptables-restore

But i wouldnt execute the script from GUI (icon) as long you're unsure if it works.
[/quote]

I did run the script but in a terminal using sudo su. I had to copy and paste line by line. The script works. I found the script using Google. (I am sorry I am unable to post the URL here as I have less than 5 posts.)

sea · May 25, 2014, 9:09am

Again, use either sudo OR su .

It is recomended to 'not' use sudo or su inside the script.
As once the script is executeable, it becomes an 'application' or 'command', and thus can be sudo'd.
-> sudo $(which cleariptables.sh)

If you copy line by line, why do you write a script?
Execute the script to try.

The $(which APPNAME) part is required, as the root user, which you become upon su/sudo, dont have $HOME/bin/cleariptables.sh available, so you need to invoke which to supply, or straighly use, the full path to the script.
NOTE: The $(which APPNAME) part will NOT work upon su -c '$(which appname)' , as this one will execute the which as root, which wont find the /home/bonafide/bin dir, despite the script in that.

Can we cosider "How to make an executable bash script" as done,
while i now want to know, is there an error in the script?

Or why do you want to make the awk a one liner?
This doesnt help read ability, and there is no use to it.

Honestly, and i dont want to be mean, 'one-liners' are for 'short' commands,pipes or very simple structures, and the more complex they are, the more advanced one should be.
Prior to attempt one liners, i highly recomend to write code that is properly syntaxed and uses idention. (regarding the script, this is achieved, but since you copied it, doesnt count)

What i wanted to say is:
Once one understands what the code does, one can go for one-liners, otherwise one just aims for unreadable / unfunctional code. (in harsh words)
Until then, one should leave one-liners to those in the know / with the skill.

To understand oneliners (get familiar to them), search for them and split them up into working! multi-liners.

Have a nice sunday!

alister · May 25, 2014, 9:12am

What's the purpose of making it a single line?

Regards,
Alister

thixeqi · May 25, 2014, 10:23am

As originally supplied, I have to copy and paste line by line after sudo-ing in a terminal.

If I can combine the three lines into a single one, then I just have to copy and paste one line in to the terminal.

Is that how it is done? Or can I copy the three lines at one go and paste them directly into a sudo terminal?

---------- Post updated at 14:23 ---------- Previous update was at 14:19 ----------

No, there is no error in the script. I copied it from serverfault dot com/questions/200635/linux-iptables-best-way-to-clear-all-rules-leaving-anything-open

sea · May 25, 2014, 10:46am

What you posted is NOT identical to what's posted there...

Copy paste it again (from that post to your script), and then...
Execute the script and post the error message please, what you typed, and what it puts out.

thixeqi · May 25, 2014, 12:56pm

Which posts of mine is NOT identical to what is posted on serverfault dot com/questions/200635/linux-iptables-best-way-to-clear-all-rules-leaving-anything-open ?