0

How do I check for an error in a command before I run it, for example, if i wanted to run an iptables command, but say someone input something wrong into the variable of the script I made, for example "asdiojaosdi" for the $port variable, and when the script tries to plug that into the iptables command, it returns an error, I want it to echo "Error"

I want syntax to check this HUGE command

    iptables -t nat -A PREROUTING -p tcp -d $filip --dport $port -j DNAT --to-destination $cusip && iptables -A FORWARD -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT && iptables -t nat -A POSTROUTING -d $cusip -j SNAT --to-source $secip && iptables -t nat -A POSTROUTING -j SNAT --to-source $filip
Improve this question
3
  • Some commands have a dry run option. You want something that works for ALL commands or just iptables? Commented Aug 7, 2015 at 19:20
  • 3
    Hmm, what if there were a universal interface for all commands to test the validity of their inputs? It would be like … Haskell. For better or worse, given the rich variety of commands in the programmable universe, there is no universal solution to do this without the risk of side effects. Commented Aug 7, 2015 at 19:53
  • I'd like something that works for EVERYTHING Commented Aug 8, 2015 at 21:39

1 Answer 1

Reset to default
1

In IXish environments, programs commonly return a value different from 0 in case of failure. Error messages are expected to be logged to standard error, which can be captured via redirecting file descriptor 2.

You can test for this like so:

#!/bin/bash

program option1 option2 2>error.log.$$
result=$? 
if [ $result -ne 0 ]; then
  echo program failed with result=$result: $(cat error.log.$$)
  rm error.log.$$
fi
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

And then the question becomes 'did the failed attempt to run the command do any damage', and the answer should be "No", but if it isn't, then you have a problem. And its particularly problematic if the command did as much as it could and committed the changes that were OK. Sometimes, you can make a copy of the operational config file, and try applying the changes to the copy, and if that works, run the changes on the live system. It varies between commands, though — and depends on the scope of the command.
To add to Jonathan's comment: Writing robust and save code implies more than just checking the outcome of any function. If a program/function is parameterised (which obviously often is the case) an essential task is to add as much validation of the input/the arguments passed as possible and only if this validation is passed successfully call the program/function('s body).
Thanks for this answer, What would the syntax be for that script if i wanted to run an iptables command, like an iptables -t nat -A how would I write a script to include that.
@KaveenK: Why not just just replace program and option? by your program's name and options?
I've fixed it, actually I forgot the ? after the $, Thanks for all the help, I got the script working!
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.