Sometimes this script fails to update the iptables
- by AlJo
It does not happen often, but sometimes after running the below script, checking the iptables with service iptables status shows that they weren't updated and the script doesn't output any error.
The iptables is structured as look-up tree (long repeated sections snipped):
#!/bin/sh
iptables -t nat -F
iptables -t nat -X
iptables -F
iptables -X
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 93.225.0.0/16 -j ACCEPT
iptables -A INPUT -s 15.102.0.0/16 -j ACCEPT
iptables -A INPUT -s 47.122.0.0/16 -j ACCEPT
iptables -N MY_CHAIN_L1-0
iptables -N MY_CHAIN_L1-1
iptables -N MY_CHAIN_L1-2
iptables -N MY_CHAIN_L1-3
iptables -N MY_CHAIN_L1-4
iptables -N MY_CHAIN_L1-5
iptables -N MY_CHAIN_L1-6
iptables -N MY_CHAIN_L1-7
iptables -N MY_CHAIN_L1-8
iptables -N MY_CHAIN_L1-9
iptables -N MY_CHAIN_L1-10
iptables -N MY_CHAIN_L1-11
iptables -N MY_CHAIN_L1-12
iptables -N MY_CHAIN_L1-13
iptables -N MY_CHAIN_L1-14
iptables -N MY_CHAIN_L1-15
iptables -N MY_CHAIN_L1-16
iptables -N MY_CHAIN_L1-17
iptables -N MY_CHAIN_L1-18
iptables -N MY_CHAIN_L1-19
iptables -N MY_CHAIN_L1-20
iptables -N MY_CHAIN_L1-21
iptables -N MY_CHAIN_L1-22
iptables -N MY_CHAIN_L1-23
iptables -N MY_CHAIN_L1-24
iptables -N MY_CHAIN_L1-25
iptables -N MY_CHAIN_L1-26
iptables -N MY_CHAIN_L1-27
iptables -N MY_CHAIN_L1-28
iptables -N MY_CHAIN_L1-29
iptables -N MY_CHAIN_L1-30
iptables -N MY_CHAIN_L1-31
iptables -N MY_CHAIN_L1-32
iptables -N MY_CHAIN_L1-33
iptables -N MY_CHAIN_L1-34
iptables -N MY_CHAIN_L1-35
iptables -N MY_CHAIN_L1-36
iptables -N MY_CHAIN_L1-37
iptables -A INPUT -m iprange --src-range 1.54.96.0-5.133.179.255 -j MY_CHAIN_L1-0
iptables -A INPUT -m iprange --src-range 5.133.180.0-24.113.159.255 -j MY_CHAIN_L1-1
[snip]
iptables -A INPUT -m iprange --src-range 195.13.45.0-198.11.255.255 -j MY_CHAIN_L1-29
iptables -A INPUT -m iprange --src-range 198.12.64.0-199.19.215.255 -j MY_CHAIN_L1-30
iptables -A INPUT -m iprange --src-range 199.21.96.0-200.31.3.255 -j MY_CHAIN_L1-31
iptables -A INPUT -m iprange --src-range 200.31.11.0-202.171.255.255 -j MY_CHAIN_L1-32
iptables -A INPUT -m iprange --src-range 203.130.134.192-206.212.255.255 -j MY_CHAIN_L1-33
iptables -A INPUT -m iprange --src-range 206.214.64.0-211.155.95.255 -j MY_CHAIN_L1-34
iptables -A INPUT -m iprange --src-range 212.19.128.0-216.176.191.255 -j MY_CHAIN_L1-35
iptables -A INPUT -m iprange --src-range 216.189.0.0-218.23.255.255 -j MY_CHAIN_L1-36
iptables -A INPUT -m iprange --src-range 218.30.96.0-223.255.231.255 -j MY_CHAIN_L1-37
iptables -A MY_CHAIN_L1-0 -s 1.54.96.0/20 -j DROP
iptables -A MY_CHAIN_L1-0 -s 1.208.0.0/12 -j DROP
iptables -A MY_CHAIN_L1-0 -s 1.224.0.0/11 -j DROP
[snip]
iptables -A MY_CHAIN_L1-0 -s 5.133.178.0/23 -j DROP
iptables -A MY_CHAIN_L1-0 -j ACCEPT
iptables -A MY_CHAIN_L1-1 -s 5.133.180.0/22 -j DROP
iptables -A MY_CHAIN_L1-1 -s 5.135.0.0/16 -j DROP
iptables -A MY_CHAIN_L1-1 -s 5.153.232.0/21 -j DROP
[snip]
iptables -A MY_CHAIN_L1-1 -s 24.113.128.0/19 -j DROP
iptables -A MY_CHAIN_L1-1 -j ACCEPT
.
.
.
iptables -A MY_CHAIN_L1-29 -s 195.13.45.0/24 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.20.224.0/19 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.31.216.0/26 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.58.245.0/24 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.60.164.0/23 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.60.240.0/22 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.62.10.0/23 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.110.30.0/23 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.154.0.0/16 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.190.13.0/24 -j DROP
iptables -A MY_CHAIN_L1-29 -s 195.211.152.0/22 -j DROP
iptables -A MY_CHAIN_L1-1 -j ACCEPT
[snip more of same to end of script]
Can anyone see why this script would silently fail to update the iptables sometimes? Maybe it's not the script?
Thanks
