Using bash script to merge 2 ipset rules

1

I have 2 ipset rules in 2 files, they are:

file 1: /etc/ipset.up.rules

add mynetrulesssh 103.207.38.64/26
add mynetrulesssh 103.207.38.96
add mynetrulesssh 222.186.34.122

file 2: /etc/ipset.up.rules.new

add mynetrulesssh 103.207.38.0/24
add mynetrulesssh 222.186.34.0/24

I want to merge those ipset rules so the output will eval (execute) in these sequences:

del mynetrulesssh 103.207.38.64/26
del mynetrulesssh 103.207.38.96
add mynetrulesssh 103.207.38.0/24
del mynetrulesssh 222.186.34.122
add mynetrulesssh 222.186.34.0/24

I use this script to merge them but it does not delete properly, please help.

#!/bin/bash

## create by dedetok April 2016

## last update 2016-04-15

## GNU GPL v3

## Disclaimer: experimental, use it with your own risk

echo "download from http://www.garasiku.web.id/ipset.up.rules into /etc/ipset.up.rules.new"

wget -O /etc/ipset.up.rules.new http://www.garasiku.web.id/ipset.up.rules

chmod 444 /etc/ipset.up.rules.new

chown root:root /etc/ipset.up.rules.new

## Compare ipset.up.rules vs ipset.uprules.new

echo "updating new rules"

diff --new-line-format="+ %L" --old-line-format="- $L" <(sort /etc/ipset.up.rules) <(sort /etc/ipset.up.rules.new) |

while IFS=' ' read -r r1 r2 r3 r4; do

 if [ "$r2" = "add" ]; then

  if [ "$r1" = "+" ]; then

   cmdline="/sbin/ipset $r2 $r3 $r4"

   echo "eval $cmdline"

   eval "$cmdline"

  fi

  if [ "$r2" = "-" ]; then

   cmdline="/sbin/ipset del $r3 $r4"

   echo "eval $cmdline"

   eval "$cmdline"

  fi

 fi

done

echo "Saving new ipset rules into /etc/ipset.up.rules"

eval "/sbin/ipset save > /etc/ipset.up.rules"

echo "End process"

problem with script: /etc/ipset.up.rules (file 1) contains current rule (old rules). after I download a new rules, /etc/ipset.up.rules.new (file 2), I want to merge it into file 1. To avoid multiple ip in my ipset (file 1), I want the script to remove all IP with particular netmask/subnet and replace it with a new one. in case ip 103.207.38.*, I want the script run these sequences 

ipset del mynetrulesssh 103.207.38.64/26
ipset del mynetrulesssh 103.207.38.96
ipset add mynetrulesssh 103.207.38.0/24

in case ip 222.186.34.*, I want the script run these sequences 

ipset del mynetrulesssh 222.186.34.122
ipset add mynetrulesssh 222.186.34.0/24

I guest something wrong during comparing process i.e. diff process. i'm newbie in bash. this is my first script.

Dedetok

Posted 2016-07-15T09:14:09.623

Reputation: 39

What is the issue you are facing with your code? – Fazlin – 2016-07-15T10:58:01.720

How exactly do you want to sort the rules? – Michael Vehrs – 2016-07-18T09:33:31.037

No answers

Asked: 2016-07-15T09:14:09.623

Viewed: 400 times

Active: 2016-07-19T01:17:58.303