diff --git a/geo-nft.sh b/geo-nft.sh index 7f1d022..624c46a 100755 --- a/geo-nft.sh +++ b/geo-nft.sh @@ -15,8 +15,9 @@ # https://github.com/wirefalls/geo-nft # https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 # -# This script requires write access to /etc, /var/log and the install -# directory (base_dir), which by default is: /etc/nftables/geo-nft. +# This script requires write access to the pathnames of the geo_conf and +# errorlog files as well as the install directory (base_dir), which by +# default is: /etc/nftables/geo-nft. # # Supply the -s command line argument to silence verbose output. #====================================================================== @@ -24,15 +25,15 @@ # Standard script variables. # Semantic version number of this script. -geo_nft_ver=v2.2.9 +geo_nft_ver=v2.2.10 # Filename of this script. script_name="geo-nft.sh" -# User configuration file. +# User configuration pathname/filename. geo_conf="/etc/geo-nft.conf" -# Error log filename. This file logs errors in addition to the systemd Journal. +# Error log pathname/filename. This file logs errors in addition to the systemd Journal. errorlog="/var/log/geo-nft-error.log" # Geolocation database filename. @@ -100,14 +101,23 @@ error_log() { fi } +# Verify that the nft program is available and store it's pathname. +nft="$(command -v nft)" +if [ ! $? -eq 0 ]; then + error_log "Unable to find the 'nft' program to determine it's pathname. Verify that" \ + "the nft program is located in a directory in your PATH environment" \ + "variable. The nft program is part of the 'nftables' package. Exiting..." + exit 1 +fi + # Verify the status of nftables check_nftables() { nftables_status="$(systemctl is-active nftables.service)" - if [ "$nftables_status" = "inactive" ]; then + if [ "$nftables_status" != "active" ]; then print_line "\n" - error_log "Nftables is not active. Verify that nftables is installed" \ + error_log "nftables is not active. Verify that nftables is installed" \ "and running with: sudo systemctl status nftables" \ - "Nftables can be restarted with: sudo systemctl restart nftables" + "nftables can be restarted with: sudo systemctl restart nftables" fi } @@ -361,16 +371,13 @@ check_dir() { # Verify that required programs are available. check_programs() { - local reqd_programs="awk curl grep gunzip nft sed sort stat" + local reqd_programs="awk curl grep gunzip sed sort stat" for p in $reqd_programs do command -v "$p" > /dev/null 2>&1 if [ ! $? -eq 0 ]; then error_log "This script requires the '$p' program, not found in \$PATH. Exiting..." - if [ "$p" = "nft" ]; then - error_log "The 'nft' program is part of the 'nftables' package." - fi exit 1 fi done @@ -441,7 +448,7 @@ check_refill_config() { print_line "\n" "Checking for settings in $refill_conf" "\n" # Create an array to store the output that will be written to the refill-sets.nft script. - local refill_sets_array=("#!/usr/bin/nft -f") + local refill_sets_array=("#!${nft} -f") refill_sets_array+=("") refill_sets_array+=("#=====================================================") refill_sets_array+=("# Auto-generated by $script_name $geo_nft_ver - Do not modify") @@ -563,7 +570,6 @@ check_refill_config() { # Test if the country code is already in the array (country code repeated in refill-sets.conf list). if [[ "${cc4_array[*]}" =~ (^|[^[:alpha:]])$cc([^[:alpha:]]|$) ]]; then - #if [[ -v $cc4_array[$cc] ]]; then error_log "Country code '$cc' is duplicated in your 'define-ipv4' line in $refill_conf." \ "Remove any duplicates from the line shown below. The duplicate entry will be skipped." \ "Bad line: $line" @@ -1052,8 +1058,11 @@ main() { # Start a timer for the script run time. local starttime=$(date +%s) - # Verify that the /etc directory is writable. - check_dir "/etc" + # Verify that the $geo_conf directory exists and is writable. + check_dir "${geo_conf%/*}" + + # Verify that the $errorlog directory exists and is writable. + check_dir "${errorlog%/*}" # Verify that required programs are available. check_programs @@ -1073,6 +1082,9 @@ main() { # Print the nftables version string from the nft program. print_line "\n" "$(nft -v)" "\n" + # Print the location of the nft program. + print_line "\n" "Found 'nft' in: ${nft%/*}" "\n" + # Set user default settings. set_defaults