Last active
July 11, 2025 15:13
-
-
Save eggbean/bfd81df997e405d9cabe9eb7682a95a9 to your computer and use it in GitHub Desktop.
Revisions
-
eggbean revised this gist
Jul 29, 2023 . 1 changed file with 14 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,12 +1,12 @@ #!/bin/bash # Oracle firewall update script # Usage: oci-fupdate [ <source-CIDR> ] [ --query ] # # Updates an existing Network Security Group to allow SSH access through the OCI # firewall to reach instances in a public subnet, like bastion hosts. With no # argument your current public IP address is used, or you can add a source address # block in CIDR format. The --query option returns the current source address. # # Add your variables below. To find the values, first find the ocid for your NSG: # @@ -32,6 +32,14 @@ if [[ -e $(dirname "$0")/${0##*/}.env ]]; then source "$(dirname "$0")/${0##*/}.env" fi # Query current rule source block if [[ $* =~ --query ]]; then printf "%s%s\n" "Current source block CIDR: " \ "$(oci network nsg rules list \ --nsg-id $nsg_id | jq -r 'first(.data[]) | .source')" exit fi # Update rule definition if [[ -z $1 ]]; then source_cidr="$(curl -s ipv4.icanhazip.com)/32" @@ -45,7 +53,7 @@ json_update_rule_file=$(mktemp) cat > "${json_update_rule_file}" << EOF [ { "description": "Allow ssh in", "direction": "INGRESS", "id": "$rule_id", "is-stateless": false, -
Jul 27, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,66 @@ #!/bin/bash # Oracle firewall update script # Usage: oci-fupdate [ <source-CIDR> ] # # Updates an existing Network Security Group to allow SSH access through the # OCI firewall to reach instances in a public subnet, like bastion hosts. With # no argument your current public IP address is used, or you can add a source # address block in CIDR format. # # Add your variables below. To find the values, first find the ocid for your NSG: # # $ oci network nsg list \ # --compartment-id <compartment-ocid> \ # --query 'data[].{id:id,"display-name":"display-name" }' \ # --output table # # ...then get the rule id: # # $ oci network nsg rules list \ # --nsg-id <nsg-ocid> # Variables compartment_id='ocid1.compartment.oc1..aaaaaaaacvben...' nsg_id='ocid1.networksecuritygroup.oc1.uk-london-1.aaaaaaaa3mhk...' rule_id='6DF56F' port=22 # Or, source variables file if it exists so # that they can be left out of git repository if [[ -e $(dirname "$0")/${0##*/}.env ]]; then source "$(dirname "$0")/${0##*/}.env" fi # Update rule definition if [[ -z $1 ]]; then source_cidr="$(curl -s ipv4.icanhazip.com)/32" else source_cidr="$1" fi echo Modifying an existing NSG rule echo ============================== json_update_rule_file=$(mktemp) cat > "${json_update_rule_file}" << EOF [ { "description": "Allow SSH in", "direction": "INGRESS", "id": "$rule_id", "is-stateless": false, "protocol": "6", "source": "$source_cidr", "source-type": "CIDR_BLOCK", "tcp-options": { "destination-port-range": { "max": $port, "min": $port } } } ] EOF oci network nsg rules update --nsg-id $nsg_id \ --security-rules file://"$json_update_rule_file"