#!/bin/bash

[[ -n $KNOCKING_STATUS ]] && 
    INTERFACE=$(ip -br a | grep -E "172.28" | awk '{print $1}') || \
    INTERFACE=$(ip -br a | grep -E "^eth" | awk '{print $1}')

echo -E "
[options]
Interface = ${INTERFACE%@*}

[openNGINX]
sequence    = 8100, 7200, 13000
seq_timeout = 5
command     = /sbin/iptables -D INPUT -p tcp --dport 80 -j REJECT
tcpflags    = syn

[closeNGINX]
sequence    = 6300, 5200, 12001
seq_timeout = 5
command     = /sbin/iptables -A INPUT -p tcp --dport 80 -j REJECT
tcpflags    = syn
" > /etc/knockd.conf

/sbin/iptables -A INPUT -p tcp --dport 80 -j REJECT