提交前检查代码

时间:2015-08-08 21:57:07

标签: linux bash unix scripting

我已经制作了如下的iptables脚本:

#!/bin/sh
echo "Kaveen's TCP Redirect SCRIPT"
clear
read -p "Port:" port
echo ""
read -p "Customer IP:" cusip
echo ""
read -p "Your Filtered IP:" filip
echo ""
read -p "Your Secondary IP:" secip
echo "Generating TCP Redirect on port $port from your ip $filip to customer      ip $cusip"
iptables -t nat -A PREROUTING -p tcp -d $filip --dport $port -j DNAT --to-    destination $cusip
echo "TCP Redirect 1/2 OK"
iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
echo "TCP Redirect 2/2 OK"
iptables -t nat -A POSTROUTING -d $cusip -j SNAT --to-source $secip
echo "Better Traffic Movement rule 1/1 OK"
iptables -t nat -A POSTROUTING -j SNAT --to-source $filip
echo "Player Movement Rule 1/1 OK"
echo "Generating reset script...."
echo "#!/bin/sh" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
echo "iptables -F" >> reset.sh
echo "iptables -X" >> reset.sh
echo "iptables -t nat -F" >> reset.sh
echo "iptables -t nat -X" >> reset.sh
echo "iptables -t mangle -F" >> reset.sh
echo "iptables -t mangle -X" >> reset.sh
echo "iptables -P INPUT ACCEPT" >> reset.sh
echo "iptables -P FORWARD ACCEPT" >> reset.sh
echo "iptables -P OUTPUT ACCEPT" >> reset.sh
chmod +x reset.sh
echo "Reset script creation OK"
echo "Reset script can be used via ./reset.sh in directory:"
pwd
echo "TCP Redirect made from $fillip to $cusip on port $port"

现在你可以看到,那里有一堆iptables命令,我喜欢一个函数,或者某种方式我可以检查这些命令,如果出现问题。

它返回FAILED,我还想要一种检查输入人员输入" Port" "客户IP"是PORTS和IP地址,而不是字母,单词,但正确格式化的IP和端口(对于第一个)

1 个答案:

答案 0 :(得分:0)

您可以使用ip route get来帮助确定输入是否是有效的IP地址,假设您的计算机应该能够路由到所有内容。如果你传递的不是IP,它将会失败。

对于端口,你可以测试它是否是一个非常容易像

的正整数 
if [[ $port =~ ^[0-9]+$ ]]; then
    echo "It's a non-negative int!"
fi

如果您想知道它是否属于有效的端口范围,您可以测试它是否在您想要的范围内,例如

if [[ $port -gt 0 && $port -lt 65535 ]]; then
    echo "Port is probably OK"
fi

可能有一种更简单的方法来检查IP部分,但是如果你不愿意接受看起来像IP但是具有无效值的字符串(即八位字节大于255),它会检查它们,但检查是否系统会知道如何尝试将数据包发送到IP对我来说是一个快速的“肮脏的立场”。

在这种情况下,可以使用ip route get中的任何命令成功或失败,就像if一样:

if ip route get $cusip &>/dev/null; then
    echo "$cusip is an address I know how to route to"
else
    echo "I either didn't know what $cusip is or don't know how to get there"
fi

我添加了&>/dev/null来隐藏命令的输出,因为我们不关心它的内容,我们只想知道它是成功还是失败。

相关问题
最新问题