-
Notifications
You must be signed in to change notification settings - Fork 2
/
allow-ip
executable file
·94 lines (80 loc) · 2.69 KB
/
allow-ip
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
# SPDX-FileCopyrightText: 2019 - 2024 sudorook <daemon@nullcodon.com>
#
# SPDX-License-Identifier: GPL-3.0-or-later
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <https://www.gnu.org/licenses/>.
set -euo pipefail
ROOT="$(dirname "${0}")"
source "${ROOT}"/globals
! check_command grep ip sed && exit 3
# Command line script to add a routing table entry for an IP address. Useful
# for accessing network printers when behind a VPN that interferes with access
# to local machines addressed by a local/internal DNS.
function print_usage {
show_header "Usage: allow-ip -i|--ip <ip address> -m|--mask <bitmask>"
}
OPTIONS=hi:m:
LONGOPTIONS=help,ip:,mask:
PARSED=$(getopt -o "${OPTIONS}" --long "${LONGOPTIONS}" -n "${0}" -- "${@}")
eval set -- "${PARSED}"
while [ ${#} -ge 1 ]; do
case "${1}" in
-i | --ip)
# If IP address given as xxx.xxx.xxx.xxx:
if [[ "${2}" == "$(echo "${2}" |
sed -n "s/^\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\)$/\1/p")" ]]; then
IP="${2}"
# If IP address and netmask given as xxx.xxx.xxx.xxx/xx:
elif [[ "${2}" == "$(echo "${2}" |
sed -n "s/^\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\/[0-9]\+\)$/\1/p")" ]]; then
IP="$(echo "${2}" | cut -d"/" -f1)"
MASK="$(echo "${2}" | cut -d"/" -f2)"
fi
shift 2
;;
-m | --mask)
if ((${2} >= 0 && ${2} <= 32)); then
MASK="${2}"
fi
shift 2
;;
-h | --help)
print_usage
exit
;;
--)
shift
break
;;
*)
show_error "What was that?"
exit 3
;;
esac
done
# Exit if no ip address supplied.
if ! [[ -v IP ]]; then
show_error "Give me the IP address."
exit 3
fi
# If the net mask is not specified, only allow the IP address given.
MASK="${MASK:-32}"
GATEWAY=$(ip route list |
grep -e "enp[0-9]\+s[0-9a-f]\+" -e "wlp[0-9]\+s[0-9a-f]\+" |
sed -n "s/^default via \([0-9\.]\+\) dev .*/\1/p" | head -1)
IFACE=$(ip route show |
grep -e "${GATEWAY}" |
sed -n "s/^default via [0-9\.]\+ dev \([a-z0-9]\+\) .*/\1/p")
sudo ip route add "${IP}/${MASK}" via "${GATEWAY}" dev "${IFACE}"