[Fwbuilder-discussion] Auto-generating interface address tables

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi,

I typically run iptables firewalls with failover provisions, that can result
in IPs being added or subtracted from the interfaces. So it's useful to be
able to auto-generate a address table which is current for each interface
when the compiled firewall script is run. Haven't fully tested, but it looks
like this will work:

I've created an /etc/fwbuilder directory to store the address tables, which
also has a script to create the lists. The script is named "ips.sh":

#! /bin/bash

IFs="eth0 eth1"
ip="/sbin/ip"
sort="/usr/bin/sort"
awk="/usr/bin/awk"

getips() {
  $ip -f inet addr ls dev $1 | $sort | $awk '/inet / { print $2 }' | $awk -F/ '{ print $1 }';
}

for IF in $IFs; do
  rm "/etc/fwbuilder/$IF.IPs"
  IPs=`getips $IF`
  for IP in $IPs; do
    echo $IP >> "/etc/fwbuilder/$IF.IPs"
  done
done

exit 0

In Firewall Settings I have as prolog /etc/fwbuilder/ips.sh

Then as an Address Table, selected as Run Time, I have for instance
PublicIPs set to read from the file /etc/fwbuilder/eth1.IPs. 

Whit