Understanding part of Linux Bash Script

Question

I´m trying to understand a Linux Bash Script. The aim of the script is to limit the access to server services only for some dyndns users (by use of ufw rules). Part of the script:

ALLOWEDUSERS="client1.dyndns.org client2.dyndns.org"

for host in $ALLOWEDUSERS ; do
    ip=`host $host | cut -d ' ' -f 4`
    if [ $? -eq 0 ]; then
       ufw allow proto tcp from $ip to any
    fi
done

okay

for host in $ALLOWEDUSERS ; do

is clear, it loops through ALLOWEDUSERS,

as far as I understand

if [ $? -eq 0 ]; then

checks if the command executed before is true (if so the ufw rule is added)

but how does the rest of the snippet

ip=`host $host | cut -d ' ' -f 4`

checks if the client ip is the one from the allowed dyndns account?

thanks a lot for your help,

tony

Barmar · Accepted Answer

The script is essentially equivalent to:

ALLOWEDUSERS="client1.dyndns.org client2.dyndns.org"

for host in $ALLOWEDUSERS ; do
    ip=`host $host | cut -d ' ' -f 4`
    ufw allow proto tcp from $ip to any
done

The if in the original script was checking the result of cut, not host, and it was always successful, so it served no useful purpose.

When the DynDNS hostname is valid, a rule will be added to the firewall to allow it.

When the hostname isn't found, the host command prints:

Host clientN.dyndns.org not found: 3(NXDOMAIN)

so $ip will be found:. This will try to do:

ufw allow proto tcp from found: to any

Since that's not a valid firewall rule, I expect it will be ignored and an error message issued.

If you want to do what the script was apparently trying to do, it should be:

ALLOWEDUSERS="client1.dyndns.org client2.dyndns.org"

for host in $ALLOWEDUSERS ; do
    hostresult=`host $host`
    if [ $? -eq 0 ]; then
        ip=`echo "$hostresult" | cut -d ' ' -f 4`
        ufw allow proto tcp from $ip to any
    fi
done

Understanding part of Linux Bash Script

Answers (2)

Related Questions