0

I can't find anything on the web about this but I can find that I shouldn't use quotes on the EOT but in my case I don't so if anyone could help me here that would be awesome..........

This is part of a script to setup new Debian installs

PROBLEM: I don't get access to $PORT inside the cat/EOT here-document when it runs.

setUPiptables()
{

    if ! grep -e '-A INPUT -p tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules
    then
        cat << EOT >> /etc/iptables.test.rules
        *filter


        IPTABLES-CODE-HERE

        # Allows SSH connections
        # The --dport number is the same as in /etc/ssh/sshd_config
        -A INPUT -p tcp -m state --state NEW --dport $PORT -j ACCEPT


        IPTABLES-CODE-HERE

        COMMIT
EOT
        sleep 5
        /sbin/iptables-restore < /etc/iptables.test.rules || exit 127
        sleep 5
        /sbin/iptables-save > /etc/iptables.up.rules || exit 127
        sleep 3
        printf "#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules" > /etc/network/if-pre-up.d/iptables
        chmod +x /etc/network/if-pre-up.d/iptables
        sleep 6
    fi
}

QUESTION:

Can you find/see the problem with $PORT in the cat iptables code?

codeforester
  • 39,467
  • 16
  • 112
  • 140
somethingSomething
  • 830
  • 7
  • 20
  • 43

2 Answers2

1

Try to use, as this is duplicate answer of this question:

cat <<'EOT' >> /etc/iptables.test.rules

Ashutosh
  • 518
  • 7
  • 20
  • 1
    Eh? That's not dereferencing the variable at all, that's putting the *literal* text `$PORT` into the heredoc. If the OP wants their heredoc to be nothing *but* literal text, the better way to do it is to change `< – Charles Duffy Sep 11 '18 at 23:39
  • @CharlesDuffy I had the same issue, for me this worked. – Ashutosh Sep 11 '18 at 23:41
  • 1
    I don't believe what you had was genuinely the same issue. The OP is running `read -r port; PORT=$port` *before* they generate the heredoc, so they want the value they read from the user -- not the variable reference -- to go into the heredoc. – Charles Duffy Sep 11 '18 at 23:42
  • See the code actually running at https://ideone.com/lYeM97 -- no `\$PORT` is needed to dereference the variable. – Charles Duffy Sep 11 '18 at 23:44
  • 1
    If what the OP wants is to *not* dereference it, by contrast, their question is a duplicate (we have lots of entries for this already in the knowledgebase). See for example [How to cat <> a file containing code?](https://stackoverflow.com/questions/22697688/how-to-cat-eof-a-file-containing-code), [How to suppress variable substitution in bash heredocs](https://stackoverflow.com/questions/31645341/how-to-suppress-variable-substitution-in-bash-heredocs), etc. – Charles Duffy Sep 11 '18 at 23:49
  • 1
    ...and do note the bullet point regarding questions which "*have already been asked and answered many times before*" in the "Answer Well-Asked Questions" section of [How to Answer](https://stackoverflow.com/help/how-to-answer). – Charles Duffy Sep 11 '18 at 23:54
  • @somethingSomething Let me check and update you soon! – Ashutosh Sep 12 '18 at 00:21
1

I apologize for taking peoples time on this issue it was a beginner mistake that I was reading the filename in the grep and not the actual file(/etc/iptables.test.rules), so I was concatenating the HERE-DOC multiple times inside the actual file that iptables-save was trying to use with $PORT duplicates and off course it fails with all the extra code(gibberish).

Problem solved...... sorry from Iceland.

So I didn't create/code a check if iptables was set and the file /etc/iptables.test.rules existed and so I was appending double iptables code into a file already containing the code I was writing.

Thank you @CharlesDuffy for your time and advice/guidance

somethingSomething
  • 830
  • 7
  • 20
  • 43