我在两个文件中有 2 个 ipset 规则,它们是:
文件 1:/etc/ipset.up.rules
add mynetrulesssh 103.207.38.64/26
add mynetrulesssh 103.207.38.96
add mynetrulesssh 222.186.34.122
文件 2:/etc/ipset.up.rules.new
add mynetrulesssh 103.207.38.0/24
add mynetrulesssh 222.186.34.0/24
我想合并这些 ipset 规则,以便输出将按照以下序列进行评估(执行):
del mynetrulesssh 103.207.38.64/26
del mynetrulesssh 103.207.38.96
add mynetrulesssh 103.207.38.0/24
del mynetrulesssh 222.186.34.122
add mynetrulesssh 222.186.34.0/24
我使用这个脚本来合并它们,但它不能正确删除,请帮忙。
#!/bin/bash
## create by dedetok April 2016
## last update 2016-04-15
## GNU GPL v3
## Disclaimer: experimental, use it with your own risk
echo "download from http://www.garasiku.web.id/ipset.up.rules into /etc/ipset.up.rules.new"
wget -O /etc/ipset.up.rules.new http://www.garasiku.web.id/ipset.up.rules
chmod 444 /etc/ipset.up.rules.new
chown root:root /etc/ipset.up.rules.new
## Compare ipset.up.rules vs ipset.uprules.new
echo "updating new rules"
diff --new-line-format="+ %L" --old-line-format="- $L" <(sort /etc/ipset.up.rules) <(sort /etc/ipset.up.rules.new) |
while IFS=' ' read -r r1 r2 r3 r4; do
if [ "$r2" = "add" ]; then
if [ "$r1" = "+" ]; then
cmdline="/sbin/ipset $r2 $r3 $r4"
echo "eval $cmdline"
eval "$cmdline"
fi
if [ "$r2" = "-" ]; then
cmdline="/sbin/ipset del $r3 $r4"
echo "eval $cmdline"
eval "$cmdline"
fi
fi
done
echo "Saving new ipset rules into /etc/ipset.up.rules"
eval "/sbin/ipset save > /etc/ipset.up.rules"
echo "End process"
脚本问题:/etc/ipset.up.rules(文件 1)包含当前规则(旧规则)。我下载新规则 /etc/ipset.up.rules.new(文件 2)后,想将其合并到文件 1 中。为避免我的 ipset(文件 1)中存在多个 ip,我想让脚本删除所有具有特定网络掩码/子网的 IP,并用新的 IP 替换。如果 ip 为 103.207.38.*,我想让脚本运行这些序列
ipset del mynetrulesssh 103.207.38.64/26
ipset del mynetrulesssh 103.207.38.96
ipset add mynetrulesssh 103.207.38.0/24
如果 ip 为 222.186.34.*,我希望脚本运行这些序列
ipset del mynetrulesssh 222.186.34.122
ipset add mynetrulesssh 222.186.34.0/24
我猜测在比较过程即差异过程期间出现了一些错误。我是 bash 新手。这是我的第一个脚本。