-
-
Save saudiqbal/65571e46652aaa5a42ce2b063abfe8f0 to your computer and use it in GitHub Desktop.
Dynamic IPv6 Firewall Update Script for OpenWRT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # CONFIGURABLE PARAMETER: PREFIX | |
| # Set the prefix to the name of the rules that need to be updated. (Can update multiple rules with same name) | |
| PREFIX=Web-ServerIPv6 | |
| PREFIX_LEN=${#PREFIX} | |
| # CONFIGURABLE PARAMETER: getIP | |
| # Set your method of getting IPv6 address in here | |
| # Current method is through ip neighbor with MAC address (Lowercase, :)(getIP=$(ip neighbor | grep "Your MAC Here" | grep -v "STALE" | cut -d" " -f1)) | |
| # One example is wget which accesses a page on the web-server showing current IP address (getIP=$(wget --read-timeout=10 http://checkipv6.dyndns.com -q -O -)) | |
| # Another option could be nslookup your domain to get the IPv6 address. getIP=$(nslookup -query=AAAA $hostname) | |
| printf "Getting your IPv6 address... \n" | |
| getIP=$(ip -6 neigh | grep "YOUR MAC ADDRESS" | grep -v "STALE" | grep -v "fe80" | cut -d" " -f1) | |
| if [ "$getIP" = "" ] | |
| then | |
| printf "Failed to get IP." | |
| exit 0 | |
| fi | |
| # Set m flag accordingly, only first match is accepted. | |
| prefix6=$(echo "$getIP" | grep -m 1 -E -o "([0-9a-fA-F]{1,4}(:?)){8}") | |
| if [ "$prefix6" = "" ] | |
| then | |
| printf "Request successful, but no IPv6 detected. \n" | |
| exit 0 | |
| fi | |
| printf "Your current IPv6: {$prefix6}\n\n" | |
| changed=0 | |
| index=0 | |
| name=$(uci get firewall.@rule[$index].name 2> /dev/null) | |
| while [ "$name" != "" ] | |
| do | |
| subname=${name:0:$PREFIX_LEN} | |
| if [ "$subname" == "$PREFIX" ] | |
| then | |
| dest_ip=$(uci get firewall.@rule[$index].dest_ip 2> /dev/null) | |
| printf "Current stored IP address: {$dest_ip} \n" | |
| if [ "$dest_ip" != "$prefix6" ] | |
| then | |
| printf "The IP has changed! \n" | |
| printf "Updating\n\n" | |
| changed=1 | |
| uci set firewall.@rule[$index].dest_ip=$prefix6 | |
| uci commit firewall | |
| else | |
| printf "IP is the same, no changes made.\n" | |
| fi | |
| break 2 | |
| fi | |
| index=$(expr $index + 1) | |
| name=$(uci get firewall.@rule[$index].name 2> /dev/null) | |
| done | |
| if [ $changed -eq 1 ] | |
| then | |
| printf "Restarting firewall... \n" | |
| /etc/init.d/firewall reload 2> /dev/null | |
| printf "All up to date. \n" | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
SSH into your router and create a file, call it whatever you like, mine is called “dynamic_ipv6_update” with ‘chmod +x’ for execution.
Paste the code into the file, editing the PREFIX to whatever you called your Traffic Rule, and set the MAC address to your server’s MAC address (use lowercase and colons).
Test run the script, it will talk you through what is happening.
Create a cronjob to run the file (can be done through Luci in System->Scheduled Tasks). Mine is “*/20 * * * * /usr/bin/dynamic_ipv6_update > /dev/null 2>&1”