-2

My apologies for not being clearer with my first request.

I've been struggling with trying to get what should be a pretty simple bash script command to process but I'm getting screwed up by the single quote character. My intent is to create a shell script that would accept a variable (a subnet notation) from the command line and then execute a command that would run the firewall-cmd command with some specific syntax (including single quotes, which is screwing me up), and then reload the firewall rules. I'm using printf that creates the correct script, but I can't figure out how to execute that text string/line without getting "" characters in the output, and trying to create a variable with the string I want also screws things up.

So, I'd love to be able to type in "./banish.sh 1.22.228.0/24", it would execute the printf-generated command, and then also reload the firewalld rules.

My current code:

#! /bin/bash

printf "firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=$1 drop'\n" 
firewall-cmd --reload

I realize the "printf" command is really just echoing that text to the screen and not executing it (like it does for the "firewall-cmd --reload" line, but if I try to assign the output of printf to a variable, that then starts putting all the back slashes in it.

Any thoughts? TIA

zephyr325
  • 1
  • Duplicate of https://unix.stackexchange.com/q/131766/237982 – jesse_b Aug 09 '23 at 22:04
  • What exactly have you tried so far? I just ran the following and it worked: export TEST='1.22.228.0/24' && printf "firewall-cmd --permanent --add-rule='rule family=ipv4 source address=$TEST drop'\n" | tee /tmp/test.txt – ajgringo619 Aug 09 '23 at 22:05
  • 1
    Show what you're doing. The commands you have there don't even try to run that first firewall-cmd, and there are no backslashes on sight here. Anyway, I don't see what the point of the printf is to begin with, i.e. why mess with strings and not just run the command with the variable directly. – ilkkachu Aug 10 '23 at 04:10

3 Answers3

0

Thank you everyone for all the help. Bottom line, I was:

  1. way over-thinking this, and
  2. thought I had to use a single quote in the executed string, but actually a double quote works.

I'm pretty sure the problem was with trying to correctly include the single quote in the command. What I've ended up with, which works, is:

#! /bin/bash

firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=$1 drop" 
firewall-cmd --reload

So now when I run the script, everything works correctly. Thanks for the support on what should have been a trivial thing to do.

zephyr325
  • 1
0

You could use array variables to construct big commands with spaces in your parameters.

It's pretty to read, accept dynamic construction, ready for spaces into parameters, and more safe than eval command.

It's also fun to print commands.

#! /usr/bin/env bash

One array item ("...") per parameter


declare -a fw_cmd_1=(
    "firewall-cmd"
    "--permanent"
    "--add-rich-rule='rule family=ipv4 source address=$1 drop'"
)
declare -a fw_cmd_2=(
    "firewall-cmd"
    "--reload"
)


printf "Command 1: %s\n" "${fw_cmd_1[*]}"
"${fw_cmd_1[@]}"


printf "Command 2: %s\n" "${fw_cmd_2[*]}"
"${fw_cmd_2[@]}"
Arnaud Valmary
  • 718
  • They likely don't want hard quotes in the --add-rich-rule=... argument. Not that the question shows it, but usually one doesn't and their self-answer shows that too. – ilkkachu Aug 12 '23 at 14:22
-3

You can use backslash \ scape character to ignore the nested quotes:

command="firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 source address=$1 drop\"" 
printf "$command\n"
$command

This should work.

Magenta
  • 15