Skip to content

Instantly share code, notes, and snippets.

@IAmStoxe
Last active October 12, 2023 17:29
Show Gist options
  • Save IAmStoxe/fb00e6e1409a5831e9cf2214c4e723e7 to your computer and use it in GitHub Desktop.
Save IAmStoxe/fb00e6e1409a5831e9cf2214c4e723e7 to your computer and use it in GitHub Desktop.
Add Inbound IPv4 Ports to iptables Configuration for Oracle Ubuntu (OCI)

Gist: Add Inbound IPv4 Ports to iptables Configuration

Description:

This Bash script allows sysadmins and developers to easily add inbound IPv4 port rules to the iptables configuration of an Ubuntu server. Rather than using UFW, this script directly manipulates the iptables configuration, ensuring that new rules are inserted in the correct order to be effectively considered by the firewall.

Prerequisites:

  • An Ubuntu server.
  • Root or sudo access to the server.

Usage:

  1. Clone the Gist: Download the script add_port.sh from the Gist and upload it to your server.

  2. Permission Assignment: Ensure the script has execute permissions by running the following command:

    chmod +x add_port.sh
  3. Execute the Script: Run the script with the desired port number as an argument using superuser privileges:

    sudo ./add_port.sh <port_number>

    Replace <port_number> with the actual port number you want to allow through the firewall.

Parameters:

  • <port_number>: (Required) The port number you want to open in the firewall. Must be a valid port number (1-65535).

Notes:

  • The script performs a basic validation of the port number but does not check if the port is already in use or already allowed through iptables.
  • Always verify the new iptables rules after applying them and ensure connectivity to avoid unintentional lockouts.
  • Additional security measures (e.g., IP whitelisting) might be needed for opened ports to mitigate potential risks.
  • The script assumes that the SSH rule (port 22) is present in the iptables configuration file and inserts the new rule after it. Adjust the script as needed based on your specific iptables configuration.
  • Please thoroughly test the script in a secure environment before using it in production to ensure it behaves as expected.

Disclaimer:

Use this script at your own risk. The author is not responsible for any network issues, lockouts, or security vulnerabilities that may arise from the use of this script.

Contribution:

Feel free to fork this Gist and contribute by submitting a Pull Request. Ensure that your code is clean and well-commented.

#!/bin/bash
# Script to add inbound IPv4 ports to the iptables configuration.
# Ensure the script is being run as root
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root"
exit 1
fi
# Ensure port number is provided
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <port_number>"
exit 1
fi
PORT=$1
# Validate port number
if ! [[ $PORT =~ ^[0-9]+$ ]] || [ "$PORT" -lt 1 ] || [ "$PORT" -gt 65535 ]; then
echo "Invalid port number: $PORT"
exit 1
fi
# Backup the original iptables rules file
cp /etc/iptables/rules.v4 /etc/iptables/rules.v4.bak
# Add the new rule above the last rule (which is likely the REJECT rule)
sed -i "/-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT/a -A INPUT -p tcp -m state --state NEW -m tcp --dport $PORT -j ACCEPT" /etc/iptables/rules.v4
# Apply the new rules
iptables-restore < /etc/iptables/rules.v4
# Check if the new rules are applied correctly
iptables -L INPUT
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment