Post by rakesh sharmaPost by Floyd L. Davidsonwhile read BANNED JUNK; do
case $BANNED in
[!\#]*) iptables -A FORWARD -j DROP -s $BANNED ;;
esac
done < /root/scripts/bannedsites
Note that the bannedsites file *must* have a newline following
the late entry.
What purpose does the JUUNK variable serve? You don't seem to use it anywhere.
Doing "help read" in bash provides, on the first line, an execellent
descripton of what the second variable does:
"One line is read from the standard input, and the first
word is assigned to the first NAME, the second word to the
second NAME, and so on, with leftover words assigned to the
last NAME."
Hence, without JUNK, the variable BANNED is the entire line. But with
two variables, BANNED gets the first word, and JUNK is the rest of the
line (which in this case are unused). It allows an entry in the
bannedsites file that looks like this:
xxx.xxx.xxx.xxx # this site has nothing of value to us
Without the JUNK variable, that line would be rejected, and the
only way to format it would be with a two line statement,
# this site has nothing of value to us
xxx.xxx.xxx.xxx
Post by rakesh sharmaexec 3< /root/scripts/bannedsites
while IFS= read -r 0<&3 BANNED; do
IFS=" " # i.e., IFS='<space><TAB>'
set x $BANNED;shift
case $BANNED in
''|\#*) # either an empty line/or full of blanks only/or first non-blank
# char is a '#' => a comment line.
:;;
*) iptables -A FORWARD -j DROP -s "$BANNED";;
esac
done
exec 3<&-
I don't understand why you are doing a number of things in that
script:
1) What is the advantage to exec'ing the 3rd fd, as opposed
to just redirecting to stdin?
2) Why use the -r options to read?
3) What is the purpose of resetting IFS ?
4) What value is the "set x $BANNED;shift" statement?
5) The description of what is caught by the first regular
expression in the case statement does not match what it
actually does. I.e., it won't catch empty lines.
6) What is the purpose of the ':' in the first case instance?
Your script rejects *only* lines that begin with the # character
in column 0. And it includes white space in the BANNED
variable. BANNED also becomes the entire line; hence, inlined
comments cannot be done, and formatting of each entry in the
list is very strict, with no white space allowed.
It is very instructive to set up a little test file to determine
exactly what happens with variously formatted lines, and change
the script being studied to echo results to the screen. I do
that rather than assume that what I think is going to happen
happens, because I am almost always /very/ surprised by what
does happen!
Here is how I tested your script:
#!/bin/bash
exec 3< ./foo.test
while IFS= read -r 0<&3 BANNED; do
IFS=" " # i.e., IFS='<space><TAB>'
set x $BANNED;shift
case $BANNED in
' '|\#*) # either an empty line/or full of blanks only/or first non-blank
# char is a '#' => a comment line.
echo "ignored: <$BANNED>"
:;;
*) echo "selected: <$BANNED>"
esac
done
exec 3<&-
exit 0
Below is the data file (edited to indicate TABs, and with
Post by rakesh sharma# comment 1
#comment 2
# comment space 3
<TAB># comment tab 4
<TAB>#comment tab 5
#comment space 6
<TAB><TAB>
<TAB>
<TAB>127.00.00.1 # comment 7
127.00.00.2 # comment 8
127.00.00.3 # comment 9
127.00.00.4 #comment10
127.00.00.5 #comment 11
--
Floyd L. Davidson <http://web.newsguy.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) ***@barrow.com