Last active
March 12, 2019 00:07
-
-
Save Callumpy/c6a0bff0225cdfa7a15c6ac121f64720 to your computer and use it in GitHub Desktop.
Dynamic IPv6 Firewall Update Script for OpenWRT
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # CONFIGURABLE PARAMETER: PREFIX | |
| # Set the prefix to the name of the rules that need to be updated. (Can update multiple rules with same name) | |
| PREFIX=Web-ServerIPv6 | |
| PREFIX_LEN=${#PREFIX} | |
| # CONFIGURABLE PARAMETER: getIP | |
| # Set your method of getting IPv6 address in here | |
| # Current method is through ip neighbor with MAC address (Lowercase, :)(getIP=$(ip neighbor | grep "Your MAC Here" | grep -v "STALE" | cut -d" " -f1)) | |
| # One example is wget which accesses a page on the web-server showing current IP address (getIP=$(wget --read-timeout=10 http://checkipv6.dyndns.com -q -O -)) | |
| # Another option could be nslookup your domain to get the IPv6 address. getIP=$(nslookup -query=AAAA $hostname) | |
| printf "Getting your IPv6 address... \n" | |
| getIP=$(ip -6 neigh | grep "YOUR MAC ADDRESS" | grep -v "STALE" | grep -v "fe80" | cut -d" " -f1) | |
| if [ "$getIP" = "" ] | |
| then | |
| printf "Failed to get IP." | |
| exit 0 | |
| fi | |
| # Set m flag accordingly, only first match is accepted. | |
| prefix6=$(echo "$getIP" | grep -m 1 -E -o "([0-9a-fA-F]{1,4}(:?)){8}") | |
| if [ "$prefix6" = "" ] | |
| then | |
| printf "Request successful, but no IPv6 detected. \n" | |
| exit 0 | |
| fi | |
| printf "Your current IPv6: {$prefix6}\n\n" | |
| changed=0 | |
| index=0 | |
| name=$(uci get firewall.@rule[$index].name 2> /dev/null) | |
| while [ "$name" != "" ] | |
| do | |
| subname=${name:0:$PREFIX_LEN} | |
| if [ "$subname" == "$PREFIX" ] | |
| then | |
| dest_ip=$(uci get firewall.@rule[$index].dest_ip 2> /dev/null) | |
| printf "Current stored IP address: {$dest_ip} \n" | |
| if [ "$dest_ip" != "$prefix6" ] | |
| then | |
| printf "The IP has changed! \n" | |
| printf "Updating\n\n" | |
| changed=1 | |
| uci set firewall.@rule[$index].dest_ip=$prefix6 | |
| uci commit firewall | |
| else | |
| printf "IP is the same, no changes made.\n" | |
| fi | |
| break 2 | |
| fi | |
| index=$(expr $index + 1) | |
| name=$(uci get firewall.@rule[$index].name 2> /dev/null) | |
| done | |
| if [ $changed -eq 1 ] | |
| then | |
| printf "Restarting firewall... \n" | |
| /etc/init.d/firewall reload 2> /dev/null | |
| printf "All up to date. \n" | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment