Group :: Rede/Acesso Remoto
RPM: knock
Navegação
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
Patch: knock-0.7.8-alt1.patch
Download
Download
.gear/knock.spec | 113 ++++++++++++
.gear/knockd.init | 112 ++++++++++++
.gear/knockd.sysconfig | 1 +
.gear/rules | 5 +
.../tags/6d4c5ae02a1ceda6b9348713ecd7235fb99e4508 | 13 ++
.gear/tags/list | 1 +
Makefile.am | 4 +-
knockd.conf | 30 ++--
src/knock_add | 189 +++++++++++++++++++++
src/knock_helper_ipt.sh | 189 ---------------------
10 files changed, 451 insertions(+), 206 deletions(-)
diff --git a/.gear/knock.spec b/.gear/knock.spec
new file mode 100644
index 0000000..c88228d
--- /dev/null
+++ b/.gear/knock.spec
@@ -0,0 +1,113 @@
+Name: knock
+Version: 0.7.8
+Release: alt1
+
+Summary: knock is a port-knocking client
+License: GPL
+Group: Networking/Remote access
+
+Url: http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki
+Source0: %name-%version.tar
+Source1: knockd.sysconfig
+Source2: knockd.init
+Patch: %name-%version-%release.patch
+
+# Automatically added by buildreq on Thu Feb 17 2005
+BuildRequires: gcc-c++ libpcap-devel
+
+%description
+Knock is a port-knocking server/client. Port-knocking is a method where a
+server can sniff one of its interfaces for a special "knock" sequence of
+port-hits. When detected, it will run a specified event bound to that port
+knock sequence. These port-hits need not be on open ports, since we use
+libpcap to sniff the raw interface traffic. This package contains the
+knock client.
+
+%package server
+Group: Networking/Remote access
+Summary: knockd is a port-knocking server
+
+%description server
+Knock is a port-knocking server/client. Port-knocking is a method where a
+server can sniff one of its interfaces for a special "knock" sequence of
+port-hits. When detected, it will run a specified event bound to that port
+knock sequence. These port-hits need not be on open ports, since we use
+libpcap to sniff the raw interface traffic. This package contains the
+knockd server.
+
+%prep
+%setup
+%patch -p1
+
+%build
+autoreconf -fisv
+%configure
+%make_build
+
+%install
+%make_install DESTDIR=%buildroot install
+install -pD -m644 %SOURCE1 %buildroot%_sysconfdir/sysconfig/knockd
+install -pD -m755 %SOURCE2 %buildroot%_initdir/knockd
+install -pD -m600 knockd.conf %buildroot%_sysconfdir/knockd.conf
+
+%post server
+%post_service knockd
+
+%preun server
+%preun_service knockd
+
+%postun server
+if [ "$1" -ge "1" ]; then
+ /sbin/service knockd condrestart >/dev/null 2>&1 || :
+fi
+
+%files
+%_bindir/%name
+%_man1dir/knock.1*
+
+%files server
+%doc README.md ChangeLog TODO
+%attr(0755,root,root) %_sbindir/knockd
+%attr(0600,root,root) %config(noreplace) %_sysconfdir/knockd.conf
+%attr(0644,root,root) %config(noreplace) %_sysconfdir/sysconfig/knockd
+%attr(0755,root,root) %config %_initdir/knockd
+%_sbindir/knockd
+%_sbindir/knock_add
+%_man1dir/knockd.1*
+
+%changelog
+* Wed Feb 03 2016 Anton Farygin <rider@altlinux.ru> 0.7.8-alt1
+- new version, build from upstream git
+
+* Wed Apr 17 2013 Dmitry V. Levin (QA) <qa_ldv@altlinux.org> 0.5-alt6.qa1
+- NMU: rebuilt for debuginfo.
+
+* Thu Dec 04 2008 Michael Shigorin <mike@altlinux.org> 0.5-alt6
+- added condstop to initscript (per repocop advice)
+
+* Tue Nov 25 2008 Michael Shigorin <mike@altlinux.org> 0.5-alt5
+- fixed build with gcc 4.3 against glibc 2.8+
+
+* Wed Nov 05 2008 Michael Shigorin <mike@altlinux.org> 0.5-alt5
+- DID NOT fix build
+- updated Url:
+
+* Sun Jan 28 2007 Michael Shigorin <mike@altlinux.org> 0.5-alt4
+- updated Url:
+- added Packager:
+
+* Sun Dec 10 2006 Michael Shigorin <mike@altlinux.org> 0.5-alt3
+- updated Url:
+- spec macro abuse cleanup
+
+* Thu Sep 29 2005 Michael Shigorin <mike@altlinux.org> 0.5-alt2
+- removed duplicated manpage from packages (thanks raorn@)
+
+* Tue Jul 12 2005 Michael Shigorin <mike@altlinux.org> 0.5-alt1
+- 0.5
+- rebuilt for Sisyphus
+- spec cleanup/optimization
+
+* Thu Feb 17 2005 Alexey Beleckiy <sinister@altlinux.ru> 0.4-alt1
+- Initial build
+
diff --git a/.gear/knockd.init b/.gear/knockd.init
new file mode 100644
index 0000000..4e0a41d
--- /dev/null
+++ b/.gear/knockd.init
@@ -0,0 +1,112 @@
+#!/bin/sh
+#
+# chkconfig: - 85 15
+# description: Knock is a port-knocking server/client.
+# processname: knockd
+# config: /etc/knockd.conf
+# pidfile: /var/run/knockd.pid
+
+# Script Author: Simon Matter <simon.matter@invoca.ch>
+# Version: 2004041500
+
+# Source function library.
+if [ -f /etc/init.d/functions ]; then
+ . /etc/init.d/functions
+elif [ -f /etc/rc.d/init.d/functions ] ; then
+ . /etc/rc.d/init.d/functions
+else
+ exit 0
+fi
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is up.
+[ ${NETWORKING} = "no" ] && exit 0+
+# This is our service name
+BASENAME=`basename $0`
+if [ -L $0 ]; then
+ BASENAME=`find $0 -name $BASENAME -printf %l`
+ BASENAME=`basename $BASENAME`
+fi
+
+[ -f /etc/${BASENAME}.conf ] || exit 1+
+OPTIONS=""
+
+# Source service configuration.
+if [ -f /etc/sysconfig/$BASENAME ]; then
+ . /etc/sysconfig/$BASENAME
+else
+ echo "$BASENAME: configfile /etc/sysconfig/$BASENAME does NOT exist !"
+ exit 1
+fi
+
+RETVAL=0
+
+start() {+ echo -n $"Starting $BASENAME: "
+ start_daemon /usr/sbin/$BASENAME -d $OPTIONS
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/$BASENAME
+ return $RETVAL
+}
+
+stop() {+ echo -n $"Shutting down $BASENAME: "
+ #killall $BASENAME
+ stop_daemon $BASENAME
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$BASENAME
+ return $RETVAL
+}
+
+restart() {+ stop
+ start
+}
+
+rhstatus() {+ status $BASENAME
+}
+
+condrestart() {+ [ -e /var/lock/subsys/$BASENAME ] && restart || :
+}
+
+condstop() {+ [ -e /var/lock/subsys/$BASENAME ] && stop || :
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ restart
+ ;;
+ reload)
+ restart
+ ;;
+ condrestart)
+ condrestart
+ ;;
+ condstop)
+ condstop
+ ;;
+ status)
+ rhstatus
+ ;;
+ *)
+ echo $"Usage: $BASENAME {start|stop|restart|reload|condrestart|status}"+ RETVAL=1
+esac
+
+exit $RETVAL
diff --git a/.gear/knockd.sysconfig b/.gear/knockd.sysconfig
new file mode 100644
index 0000000..5bfcdf0
--- /dev/null
+++ b/.gear/knockd.sysconfig
@@ -0,0 +1 @@
+#OPTIONS=""
diff --git a/.gear/rules b/.gear/rules
new file mode 100644
index 0000000..030547e
--- /dev/null
+++ b/.gear/rules
@@ -0,0 +1,5 @@
+tar: v@version@:.
+diff: v@version@:. .
+spec: .gear/knock.spec
+copy: .gear/knockd.init
+copy: .gear/knockd.sysconfig
\ No newline at end of file
diff --git a/.gear/tags/6d4c5ae02a1ceda6b9348713ecd7235fb99e4508 b/.gear/tags/6d4c5ae02a1ceda6b9348713ecd7235fb99e4508
new file mode 100644
index 0000000..6522b80
--- /dev/null
+++ b/.gear/tags/6d4c5ae02a1ceda6b9348713ecd7235fb99e4508
@@ -0,0 +1,13 @@
+object 258a27e5a47809f97c2b9f2751a88c2f94aae891
+type commit
+tag v0.7.8
+tagger Anton Farygin <rider@altlinux.com> 1454501827 +0300
+
+0.7.8
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlax78gACgkQqohfd2vlwKtlzgCeP6lYx1uUeZFmQufr3DLRXr0P
+51YAoJ2His9BSnF4y2iwiyB2c0EBAA6J
+=08dS
+-----END PGP SIGNATURE-----
diff --git a/.gear/tags/list b/.gear/tags/list
new file mode 100644
index 0000000..0e71fd2
--- /dev/null
+++ b/.gear/tags/list
@@ -0,0 +1 @@
+6d4c5ae02a1ceda6b9348713ecd7235fb99e4508 v0.7.8
diff --git a/Makefile.am b/Makefile.am
index c5b15ab..1aa8d3a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -6,7 +6,7 @@ man_MANS = doc/knock.1
if BUILD_KNOCKD
sbin_PROGRAMS = knockd
-dist_sbin_SCRIPTS = src/knock_helper_ipt.sh
+dist_sbin_SCRIPTS = src/knock_add
man_MANS += doc/knockd.1
sysconf_DATA = knockd.conf
endif
@@ -14,7 +14,7 @@ endif
dist_doc_DATA = README.md TODO ChangeLog COPYING
knock_SOURCES = src/knock.c
-knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_helper_ipt.sh
+knockd_SOURCES = src/knockd.c src/list.c src/list.h src/knock_add
%.1: %.1.in
sed -e "s/#VERSION#/$(VERSION)/" $< > $@
diff --git a/knockd.conf b/knockd.conf
index 7c636f0..9c4262c 100644
--- a/knockd.conf
+++ b/knockd.conf
@@ -1,21 +1,21 @@
[options]
logfile = /var/log/knockd.log
-[openSSH]
- sequence = 7000,8000,9000
- seq_timeout = 5
- command = /usr/sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
- tcpflags = syn
+#[openSSH]
+# sequence = 7000,8000,9000
+# seq_timeout = 5
+# command = /sbin/iptables -A INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+# tcpflags = syn
-[closeSSH]
- sequence = 9000,8000,7000
- seq_timeout = 5
- command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
- tcpflags = syn
+#[closeSSH]
+# sequence = 9000,8000,7000
+# seq_timeout = 5
+# command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 22 -j ACCEPT
+# tcpflags = syn
-[openHTTPS]
- sequence = 12345,54321,24680,13579
- seq_timeout = 5
- command = /usr/local/sbin/knock_add -i -c INPUT -p tcp -d 443 -f %IP%
- tcpflags = syn
+#[openHTTPS]
+# sequence = 12345,54321,24680,13579
+# seq_timeout = 5
+# command = /usr/sbin/knock_add -i -c INPUT -p tcp -d 443 -f %IP%
+# tcpflags = syn
diff --git a/src/knock_add b/src/knock_add
new file mode 100755
index 0000000..57d0698
--- /dev/null
+++ b/src/knock_add
@@ -0,0 +1,189 @@
+#!/bin/sh
+
+# Original version to add non-duplicated rules by Greg Kuchyt (greg.kuchyt@gmail.com)
+# Updated to handle deletes and be generic by Paul Rogers (paul.rogers@flumps.org)
+
+SCRIPT_NAME=$(basename $0)
+
+AWK="/bin/awk"
+GREP="/bin/grep"
+IPTABLES="/sbin/iptables"
+SORT="/bin/sort"
+
+COMMENT_APP="knockd "
+COMMENT_DEL="knockd "
+COMMENT_INS="knockd "
+COMMENT_DEFAULT="by knockd"
+
+IPT_CHAIN="INPUT"
+IPT_METHOD=""
+IPT_COMMENT=""
+IPT_SRC_IP=""
+IPT_DST_PORT=""
+IPT_PROTO="tcp"
+IPT_RULE_TARGET="ACCEPT"
+
+DRY_RUN=0
+SEEN=0
+VERBOSE=0
+
+usage() {+ echo "Usage: $SCRIPT_NAME -a|-i|-x -f SRC_IP_ADDR -d DST_PORT [-p|-c|-m|-t|-h|-v]"
+ echo "Options:"
+ echo "-a|--append Action: append a rule to NetFilter"
+ echo "-i|--insert Action: insert a rule to NetFiler"
+ echo "-x|--delete Action: delete a rule from NetFilter"
+ echo "-f|--srcaddr The source IP address to be used"
+ echo "-d|--dstport The destination port to be used in the rule"
+ echo "-p|--proto The protocol that the rule applies to; default: $IPT_PROTO"
+ echo "-c|--chain The NetFilter chain to apply the change to; default: $IPT_CHAIN"
+ echo "-m|--comment Overide default comment text: '$COMMENT_DEFAULT'"
+ echo "-t|--test Test run - don't actually perform an update to NetFilter"
+ echo "-h|--help Print this informational screen and exit"
+ echo "-v|--verbose Print verbose information about actions"
+}
+
+ARGS=$(getopt -o aixf:d:p:c:m::thv -l "append,insert,delete,srcaddr:,dstport:,proto:,chain:,comment::,test,help,verbose" -n $SCRIPT_NAME -- "$@")
+
+if [ $? -ne 0 ];
+then
+ echo "$SCRIPT_NAME - Error! Invalid arguments"
+ usage
+ exit 1
+fi
+
+eval set -- "$ARGS"
+
+while true; do
+ case "$1" in
+ -a|--append)
+ IPT_METHOD="-A"
+ shift;
+ ;;
+ -x|--delete)
+ IPT_METHOD="-D"
+ shift;
+ ;;
+ -i|--insert)
+ IPT_METHOD="-I"
+ shift;
+ ;;
+ -f|--srcaddr)
+ IPT_SRC_IP=$2
+ shift 2;
+ ;;
+ -d|--dstport)
+ IPT_DST_PORT=$2
+ shift 2;
+ ;;
+ -p|--proto)
+ IPT_PROTO=$2
+ shift 2;
+ ;;
+ -c|--chain)
+ IPT_CHAIN=$2
+ shift 2;
+ ;;
+ -m|--comment)
+ case "$2" in
+ "")
+ IPT_COMMENT=$COMMENT_DEFAULT;
+ shift 2;;
+ *)
+ IPT_COMMENT=$2;
+ shift 2 ;;
+ esac
+ ;;
+ -t|--test)
+ DRY_RUN=1
+ shift;
+ ;;
+ -h|--help)
+ usage
+ shift;
+ exit
+ ;;
+ -v|--verbose)
+ VERBOSE=1
+ shift;
+ ;;
+ --)
+ shift;
+ break;
+ ;;
+ esac
+done
+
+# Begin sanity checks
+if [ -z "$IPT_SRC_IP" ]; then
+ echo "$SCRIPT_NAME - Error! Source IP address required"
+ usage
+ exit 1
+fi
+
+if [ -z "$IPT_DST_PORT" ]; then
+ echo "$SCRIPT_NAME - Error! Destination port required"
+ usage
+ exit 1
+fi
+
+if [ -z "$IPT_METHOD" ]; then
+ echo "$SCRIPT_NAME - Error! Valid action option not specified"
+fi
+
+case "$IPT_METHOD" in
+ -A)
+ IPT_COMMENT="$COMMENT_APP $IPT_COMMENT"
+ ;;
+ -I)
+ IPT_COMMENT="$COMMENT_INS $IPT_COMMENT"
+ ;;
+ -D)
+ IPT_COMMENT="$COMMENT_DEL $IPT_COMMENT"
+ ;;
+esac
+
+if [ "$VERBOSE" -eq 1 ]; then
+ echo "$SCRIPT_NAME - Testing rule"
+ echo "$SCRIPT_NAME - action: $IPT_METHOD _ src: $IPT_SRC_IP _ dstport: $IPT_DST_PORT _ proto: $IPT_PROTO _ chain: $IPT_CHAIN _ comment: $IPT_COMMENT"
+fi
+
+COMMENT=""
+if [ -n "$IPT_COMMENT" ]; then
+ COMMENT="-m comment --comment '$IPT_COMMENT'"
+fi
+
+$IPTABLES -L $IPT_CHAIN &> /dev/null
+if [ 0 -ne "$?" ]; then
+ echo "$SCRIPT_NAME - Error: $IPT_CHAIN is not a valid NetFilter chain"
+ exit
+fi
+# End sanity checks
+
+# Dupe checking
+for IP in `$IPTABLES -n -L $IPT_CHAIN | $GREP $IPT_RULE_TARGET | $GREP "/* $IPT_COMMENT */"| $AWK '{print $4}' | $SORT -u`;+do
+ if [ "$VERBOSE" -eq 1 ]; then
+ echo "$SCRIPT_NAME - $IP"
+ fi
+
+ if [ "$IPT_SRC_IP" == "$IP" ]; then
+ SEEN=1
+ fi
+done
+
+if [ "$VERBOSE" -eq 1 ]; then
+ echo "$SCRIPT_NAME - Seen: $SEEN"
+fi
+
+
+if [ "$SEEN" -eq 0 ]; then
+ if [ "$VERBOSE" -eq 1 ]; then
+ echo "$SCRIPT_NAME - $IPT_COMMENT"
+ echo $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
+ fi
+
+ if [ "$DRY_RUN" -eq 0 ]; then
+ eval $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
+ fi
+fi
\ No newline at end of file
diff --git a/src/knock_helper_ipt.sh b/src/knock_helper_ipt.sh
deleted file mode 100644
index 8577331..0000000
--- a/src/knock_helper_ipt.sh
+++ /dev/null
@@ -1,189 +0,0 @@
-#!/bin/sh
-
-# Original version to add non-duplicated rules by Greg Kuchyt (greg.kuchyt@gmail.com)
-# Updated to handle deletes and be generic by Paul Rogers (paul.rogers@flumps.org)
-
-SCRIPT_NAME=$(basename $0)
-
-AWK="/bin/awk"
-GREP="/bin/grep"
-IPTABLES="/sbin/iptables"
-SORT="/bin/sort"
-
-COMMENT_APP="Append "
-COMMENT_DEL="Delete "
-COMMENT_INS="Insert "
-COMMENT_DEFAULT="by knockd"
-
-IPT_CHAIN="INPUT"
-IPT_METHOD=""
-IPT_COMMENT=""
-IPT_SRC_IP=""
-IPT_DST_PORT=""
-IPT_PROTO="tcp"
-IPT_RULE_TARGET="ACCEPT"
-
-DRY_RUN=0
-SEEN=0
-VERBOSE=0
-
-usage() {- echo "Usage: $SCRIPT_NAME -a|-i|-x -f SRC_IP_ADDR -d DST_PORT [-p|-c|-m|-t|-h|-v]"
- echo "Options:"
- echo "-a|--append Action: append a rule to NetFilter"
- echo "-i|--insert Action: insert a rule to NetFiler"
- echo "-x|--delete Action: delete a rule from NetFilter"
- echo "-f|--srcaddr The source IP address to be used"
- echo "-d|--dstport The destination port to be used in the rule"
- echo "-p|--proto The protocol that the rule applies to; default: $IPT_PROTO"
- echo "-c|--chain The NetFilter chain to apply the change to; default: $IPT_CHAIN"
- echo "-m|--comment Overide default comment text: '$COMMENT_DEFAULT'"
- echo "-t|--test Test run - don't actually perform an update to NetFilter"
- echo "-h|--help Print this informational screen and exit"
- echo "-v|--verbose Print verbose information about actions"
-}
-
-ARGS=$(getopt -o aixf:d:p:c:m::thv -l "append,insert,delete,srcaddr:,dstport:,proto:,chain:,comment::,test,help,verbose" -n $SCRIPT_NAME -- "$@")
-
-if [ $? -ne 0 ];
-then
- echo "$SCRIPT_NAME - Error! Invalid arguments"
- usage
- exit 1
-fi
-
-eval set -- "$ARGS"
-
-while true; do
- case "$1" in
- -a|--append)
- IPT_METHOD="-A"
- shift;
- ;;
- -x|--delete)
- IPT_METHOD="-D"
- shift;
- ;;
- -i|--insert)
- IPT_METHOD="-I"
- shift;
- ;;
- -f|--srcaddr)
- IPT_SRC_IP=$2
- shift 2;
- ;;
- -d|--dstport)
- IPT_DST_PORT=$2
- shift 2;
- ;;
- -p|--proto)
- IPT_PROTO=$2
- shift 2;
- ;;
- -c|--chain)
- IPT_CHAIN=$2
- shift 2;
- ;;
- -m|--comment)
- case "$2" in
- "")
- IPT_COMMENT=$COMMENT_DEFAULT;
- shift 2;;
- *)
- IPT_COMMENT=$2;
- shift 2 ;;
- esac
- ;;
- -t|--test)
- DRY_RUN=1
- shift;
- ;;
- -h|--help)
- usage
- shift;
- exit
- ;;
- -v|--verbose)
- VERBOSE=1
- shift;
- ;;
- --)
- shift;
- break;
- ;;
- esac
-done
-
-# Begin sanity checks
-if [ -z "$IPT_SRC_IP" ]; then
- echo "$SCRIPT_NAME - Error! Source IP address required"
- usage
- exit 1
-fi
-
-if [ -z "$IPT_DST_PORT" ]; then
- echo "$SCRIPT_NAME - Error! Destination port required"
- usage
- exit 1
-fi
-
-if [ -z "$IPT_METHOD" ]; then
- echo "$SCRIPT_NAME - Error! Valid action option not specified"
-fi
-
-case "$IPT_METHOD" in
- -A)
- IPT_COMMENT="$COMMENT_APP $IPT_COMMENT"
- ;;
- -I)
- IPT_COMMENT="$COMMENT_INS $IPT_COMMENT"
- ;;
- -D)
- IPT_COMMENT="$COMMENT_DEL $IPT_COMMENT"
- ;;
-esac
-
-if [ "$VERBOSE" -eq 1 ]; then
- echo "$SCRIPT_NAME - Testing rule"
- echo "$SCRIPT_NAME - action: $IPT_METHOD _ src: $IPT_SRC_IP _ dstport: $IPT_DST_PORT _ proto: $IPT_PROTO _ chain: $IPT_CHAIN _ comment: $IPT_COMMENT"
-fi
-
-COMMENT=""
-if [ -n "$IPT_COMMENT" ]; then
- COMMENT="-m comment --comment '$IPT_COMMENT'"
-fi
-
-$IPTABLES -L $IPT_CHAIN &> /dev/null
-if [ 0 -ne "$?" ]; then
- echo "$SCRIPT_NAME - Error: $IPT_CHAIN is not a valid NetFilter chain"
- exit
-fi
-# End sanity checks
-
-# Dupe checking
-for IP in `$IPTABLES -n -L $IPT_CHAIN | $GREP $IPT_RULE_TARGET | $AWK '{print $4}' | $SORT -u`;-do
- if [ "$VERBOSE" -eq 1 ]; then
- echo "$SCRIPT_NAME - $IP"
- fi
-
- if [ "$IPT_SRC_IP" == "$IP" ]; then
- SEEN=1
- fi
-done
-
-if [ "$VERBOSE" -eq 1 ]; then
- echo "$SCRIPT_NAME - Seen: $SEEN"
-fi
-
-
-if [ "$SEEN" -eq 0 ]; then
- if [ "$VERBOSE" -eq 1 ]; then
- echo "$SCRIPT_NAME - $IPT_COMMENT"
- echo $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
- fi
-
- if [ "$DRY_RUN" -eq 0 ]; then
- eval $IPTABLES $IPT_METHOD $IPT_CHAIN -s $IPT_SRC_IP -p $IPT_PROTO --dport $IPT_DST_PORT -j $IPT_RULE_TARGET $COMMENT
- fi
-fi
\ No newline at end of file