Thor wrote:
HiI'm not sure I understand you correctly, but how about this: ## 0 == LOG ## 1 == DROP ## 2 == LOG & DROP LOGTCP=2; if [ $LOGTCP -eq 0 ]; then #Log forbidden TCP datagrams iptables -A TCP --protocol tcp -m limit --limit 1/minute \ --limit-burst 4 -j LOG --log-level DEBUG --log-prefix 'Denied TCP: ' elif [ $LOGTCP -eq 1 ]; then # Disallow NEW and INVALID incoming from the external interface iptables -A TCP -i $EXTIFACE -m state --state NEW,INVALID -j DROP # Drop all TCP iptables -A TCP -j DROP elif [ $LOGTCP -eq 2 ]; then #Log forbidden TCP datagrams iptables -A TCP --protocol tcp -m limit --limit 1/minute \ --limit-burst 4 -j LOG --log-level DEBUG --log-prefix 'Denied TCP: ' iptables -A TCP --protocol tcp -m -j DROP fi - Jamesif the question is the above then IMHO is better to use the "case" statement case "$LOGTCP" in 0) #Log forbidden TCP datagrams iptables -A TCP --protocol tcp -m limit --limit 1/minute \ --limit-burst 4 -j LOG --log-level DEBUG --log-prefix 'Denied TCP: '; ;; 1) # Disallow NEW and INVALID incoming from the external interface iptables -A TCP -i $EXTIFACE -m state --state NEW,INVALID -j DROP; # Drop all TCP iptables -A TCP -j DROP; ;; 2) #Log forbidden TCP datagrams iptables -A TCP --protocol tcp -m limit --limit 1/minute \ --limit-burst 4 -j LOG --log-level DEBUG --log-prefix 'Denied TCP: '; iptables -A TCP --protocol tcp -m -j DROP; ;; esac --- ;---+---; bye | bye |hor
Thanks for both of your replies. I guess my initial message might not have been to clear, I'm glad to see that you guys got the essential goal that I was working towards.
Are there any books on bash scripting that any of you would recomemd? I have browsed through the Advanced BASH scrypting HOW-TO over at Linuxdoc, but I'd rather have something on paper.
Thanks again, Stef
