now i try it with ```
chkconfig: 5 9999 9999
https://serverfault.com/questions/176055/how-to-change-linux-services-startup-boot-order
now i try it with ```
https://serverfault.com/questions/176055/how-to-change-linux-services-startup-boot-order
Hold on -- OpenWrt isn't a desktop/server Linux-based distro. Most of what you read about "Linux" will not apply to OpenWrt startup and service management.
Think through what needs to be up and running for your script to work.
Think about what happens if, for example:
we-be-hackers.org
If you're doing this in startup scripts, the first two will cause OpenWrt (and most "sane" OSes) to fail to boot as the script fails and returns an error.
Edit:
Also look at mktemp
as it's good practice to not be able to predict where temporary files are being written. You probably should put it under /tmp/
somewhere as well, since there's no reason to thrash flash for a temporary file.
I need a fast as possible to make my webserver public - that's currently the only one thing..
That seems to work:
#!/bin/sh /etc/rc.common
# chkconfig: 5 9999 9999
START=9999
STOP=9999
start() {
set -x
# sleep 30
rm /etc/init.d/public_ip.txt > /dev/null 2>&1
wget -qO- https://api.ipify.org > /etc/init.d/public_ip.txt
for IP in $(cat /etc/init.d/public_ip.txt); do iptables -t nat -A PREROUTING -d $IP -m tcp -p tcp --
dport 80 -j DNAT --to-destination 192.168.1.21; done
iptables -t nat -A POSTROUTING -d 192.168.1.21 -s 192.168.1.0/24 -j SNAT --to-source 192.168.1.1
# rm -f /etc/init.d/public_ip.txt
}
stop() {
rm /etc/init.d/public_ip.txt > /dev/null 2>&1
}
Thank you very much!!!
Best regards,
Jan
LOL -- You're concerned about blocking a bunch of "bad" URLs, but you're running your webserver on OpenWRT? Let me guess, uhttpd
?
Do yourself a favor and run it on something like a Raspberry Pi and nginx
, behind your OpenWrt device.
Edit: I now followed what you're trying to do, seemingly getting your public IP, not a block list.
No, the reason for that firewall is completely different:
No configurable router from ISP (but with dmz), additional own router, net loopback problem on isp router..
Regards,
Jan
See comment on that thread -- DNS is probably a lot easier solution than all you're going through with this. Might need DDNS to make it "cleaner"
OK thx.
Regards, Jan