2

I'm trying to write a very simple script to check whether iptables are already updated for Synergy to work. The current script is:

if [[ $SYNERGY = "yes" ]]
then
    echo "Synergy is active"
else
    sudo iptables -I INPUT -p tcp --dport 24800 -j ACCEPT
    export SYNERGY=yes
fi

But it does not work (I'm always asked for the sudo password each time I open a new terminal)
I also tried with this modified version, but the result is the same

syn="yes"
if [ "$SYNERGY" = "$syn" ]
then
    echo "Synergy is active"
else
    sudo iptables -I INPUT -p tcp --dport 24800 -j ACCEPT
    export SYNERGY=yes
fi

Where is the issue?

Improve this question
4
  • How is SYNERGY variable getting set? Commented Dec 3, 2014 at 14:10
  • it might be asking root password to execute the command sudo iptables -I INPUT -p tcp --dport 24800 -j ACCEPT Commented Dec 3, 2014 at 14:11
  • @anubhava variable SYNERGY is set in the export command in the else statement Commented Dec 3, 2014 at 16:07
  • @RBH scope of the script is just to avoid passing the sudo password each time I open a new terminal Commented Dec 3, 2014 at 16:09

2 Answers 2

Reset to default
3

If you are expecting this to be run from one terminal/shell session and to affect other unrelated terminals/shell sessions then the issue is that that isn't how export works.

export sets the variable in the environment of the current process so that any processes spawned from this process also have it in their environment. Notice how I said "spawned from"? It only applies to processes that process spawns. Unrelated processes aren't affected.

If you want something globally checkable then you either need a flag/lock/state file of some sort or an actual runtime check of the iptables configuration.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

My first attempt was exactly to check iptables, but I soon understood it was the wrong way to approach the problem, as to check iptables I need to be root and I fall again in the password checking each time I open a new terminal. Do you have any suggestion to find a simple solution? As you understood I didn't work too much in linux scripting
@sthor69 Why is this something you need to be doing often? Can you not just set this as the normal configuration of the system and be done with it? As I said in my answer you can use a flag/lock/state file instead of an exported variable for the check (but then you also need to ensure that the file is cleaned up when appropriate).
As I said I'm rather a newbie in linux scripting, so I'd like to find a solution working with file and I don't know how to manage flags and states. Before starting working on them, I tried another solution that seems to work, putting the iptables command in /etc/profile. Is there any drawbacks with this solution?
@sthor69 flags and state aren't magic terms. They are descriptive ones. The point was that you get to maintain a file (somewhere in the filesystem) which indicates that the iptables rule has been added and test that file instead of the variable. And yes, putting it in /etc/profile is not a good solution but it is on the right path to making it a proper system setting. What distribution is this?
It is an Ubuntu 14.04
|
0

Just to help those who have the same question, this is how I managed to persist firewall settings:

sudo apt-get install iptables-presistent

and then the rules specified in the files rules.v4 or rules.v6 in /etc/iptables are automatic loaded at startup

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.