0

I am trying to block Digital Ocean IP addresses automatically based on an API request. It creates a text file that simply looks like:

103.253.144.0/22
104.131.0.0/18
104.131.128.0/20
104.131.144.0/20

If I manually type the command:

$ sudo ufw insert 1 deny from 103.253.144.0/22 to any

The result is

Rule inserted

In my simple bash script when running the following:

#!/bin/bash

while IFS= read -r line; do
    echo "Inserting: $line"
    ufw insert 1 deny from "$line" to any
    sleep 2
    exit 1
done < ocean.txt

I get

Inserting: 103.253.144.0/22
ERROR: Bad source address

I am assuming that bash is interpreting $line incorrectly .. I even thought it might be an array element, so I tried "{{ line }}" as well to no avail. What am I doing wrong here? this seems so basic!

Here is the output of bash -x

+ IFS=
+ read -r line
' echo 'Inserting: 103.253.144.0/22
Inserting: 103.253.144.0/22
+ ufw insert 1 deny from $'103.253.144.0/22\r' to any
ERROR: Bad source address
+ sleep 2
+ exit 1
Zak
  • 6,976
  • 2
  • 26
  • 48
  • What good is a `while` loop with an `exit` inside it? You're ignoring everything but the first line; might as well not loop at all. – Charles Duffy Jun 21 '23 at 16:21
  • @CharlesDuffy the `exit` is so that it only runs 1 iteration for my test .. Which is failing .. I will remove the `exit` once I can actually get the rule to insert. – Zak Jun 21 '23 at 16:22
  • If you do want to only read the first line, you don't need any loop at all; `IFS= read -r line – Charles Duffy Jun 21 '23 at 16:22
  • That said, if you want to loop _until `ufw` fails_, then put `|| exit` after the `ufw` line and ufw failing will cause the script to immediately abort. – Charles Duffy Jun 21 '23 at 16:22
  • And use `bash -x yourscript` to log what it's doing; that log will show if there's something like nonprintable characters in your input file. You can also put the line `set -x` inside the script. – Charles Duffy Jun 21 '23 at 16:23
  • 1
    If `bash -x` or `set -x` shows you `$'103.253.144.0/23\r'`, that tells you your input file is saved in DOS format instead of as a UNIX text file. – Charles Duffy Jun 21 '23 at 16:24
  • ...if that were the case, the question would be duplicative of [Are shell scripts sensitive to encodings and line endings?](https://stackoverflow.com/questions/39527571/are-shell-scripts-sensitive-to-encoding-and-line-endings) – Charles Duffy Jun 21 '23 at 16:25
  • Updated with output of `-x` – Zak Jun 21 '23 at 16:26
  • Which would be what you are talking about .. The `\r` line ending? – Zak Jun 21 '23 at 16:27
  • 1
    Yup. `dos2unix ocean.txt` is your quick solution. You can also change `IFS=` to `IFS=$'\r'` before the `read`, or use any of the other solutions described in the linked duplicate. – Charles Duffy Jun 21 '23 at 16:27
  • @CharlesDuffy Thank you .. No need to close the question .. I will delete it .. Unless you think it would be a valuable question to close and forward to the duplicate .. Either way, delete or mark duplicate. Thank you. – Zak Jun 21 '23 at 16:30
  • I think it's fine to leave it as a duplicate -- if it gets search hits or upvotes the system will keep it, if it doesn't it'll eventually get reaped. – Charles Duffy Jun 21 '23 at 16:33

0 Answers0