我正在尝试在程序上创建用户链,并在 ibables 中将其删除。 我在想,检查用户链是否存在的最佳方法是什么,以及它是否没有创建它。
使用 ibables(8) 列表链, 将 stdout/ stderr 重定向到 / dev/ null , 并检查退出代码。 如果存在此链, ipables 将退出真实 。
此 shell 函数来自我的iptables 前端脚本 :
chain_exists()
{
[ $# -lt 1 -o $# -gt 2 ] && {
echo "Usage: chain_exists <chain_name> [table]" >&2
return 1
}
local chain_name="$1" ; shift
[ $# -eq 1 ] && local table="--table $1"
iptables $table -n --list "$chain_name" >/dev/null 2>&1
}
请注意,我使用 -n 选项,这样ibables就不会试图解析主机名的 IP 地址。 没有此选项, 您会发现此函数会缓慢 。
然后您可以使用此函数有条件地创建链条 :
chain_exists foo || create_chain foo ...
此处 create_ chail 是创建链的另一个函数。 您可以直接调用 ibables , 但上面的命名让事情变得非常明显。
默认表格 < code> filter 和 IPv4
解决方案 :
user_chain= MY_CHAIN
sudo iptables-save -t filter | awk -F ":| " "/^:${user_chain:?} /" {rc = 1;}; END { exit !rc } && printf "Skip create: ${user_chain:?}
" ||
{ sudo iptables -t filter -N "${user_chain:?}" && printf "Created: ${user_chain:?}
" ;}
第一次运行时的输出 :
Created: MY_CHAIN
其后各期:
Skip create: MY_CHAIN
或者如果你不在乎指纹,那么解决办法是:
user_chain= MY_CHAIN
sudo iptables-save -t filter | awk -F ":| " "/^:${user_chain:?} /" {rc = 1;}; END { exit !rc } ||
sudo iptables -t filter -N "${user_chain:?}"
请注意,以上示例仅涉及 IPv4 ,如果您想要地址为 IPv6 ,则更改
iptables to ip6tablesiptables-save to ip6tables-save在所提供的解决办法中。
解释:
iptables-save -t filter outputs all rules for the IPv4 filter table including chains names (they are prefixed with :) - remove -t filter for outputting rules and chains names for all tablesawk -F ":| " "/^:${user_chain:?} /" {rc = 1;}; END { exit !rc } exits with code 0 if user_chain was found and with ec = 1 if not found.|| sudo iptables -t filter -N "${user_chain:?}" creates user_chain if awk exited with 1 code (a user_chain was not found)我想知道什么是最好的方法 检查是否有用户链 以及它是否没有创造它。
如果你愿意接受重新界定你的要求,以便:
我想确保用户链的存在。
然后,迅速的解决办法可以是:
sudo iptables -N MY_CHAIN || ec=$? && [ ${ec:?} -eq 1 ] || (exit ${ec:?})
The above command ensures that MY_CHAIN exists and exits with 0 code in cases:
iptables exit code - comment
0 - chain MY_CHAIN created1 - iptables error Chain already exists.在 >ibables 退出时,其代码不同于 0 或 或 1 ,然后以该代码的以上退出命令,例如:
2 - iptables v1.8.7 (nf_tables): chain name MY_CHAIN111111111111111111111111111111111111111 too long (must be under 29 chars)4 - iptables v1.8.7 (nf_tables): Could not fetch rule set generation id: Permission denied (you must be root)I m attempting to write a bash script to parse out the following log file and give me a list of CURRENT players in the room (so ignoring players that left, but including players that may have rejoined)...
How can I check the file encoding in a shell script? I need to know if a file is encoded in utf-8 or iso-8859-1. Thanks
I like to write bash shell scripts on my iPhone, put them in an app folder with an icon, plist, etc., so they execute like apps by tapping their icon on SpringBoard. This is not interactive like ...
From a programming standpoint, when you set the bash shell to use vi or emacs via set -o vi or set -o emacs What is actually going on here? I ve been reading a book where it claims the bash shell ...
I am construcing a command in bash dynamically. This works fine: COMMAND="java myclass" ${COMMAND} Now I want to dynamically construct a command that redirectes the output: LOG=">> myfile.log ...
I want perform sha1sum file1 and sha1sum file2 and perform bitwise OR operation with them using bash. Output should be printable i.e 53a23bc2e24d039 ... (160 bit) How can I do this? I know echo $(( ...
I m 试图撰写一个双面文字,处理一个文件清单,其名字在投入档案中每栏一栏储存,就像一个一样。
Is it possible to set the Screen Title using a shell script? I thought about something like sending the key commands ctrl+A shift-A Name enter I searched for about an hour on how to emulate ...