From 3c1f18d4173dae7e4f8e9d13b8ba69069553f89e Mon Sep 17 00:00:00 2001
From: Valentin CZERYBA <valcze80@gmail.com>
Date: Sat, 4 Mar 2023 10:47:04 +0100
Subject: [PATCH] fix path iptables for refill_blacklist

---
 roles/deploy-web/files/refill_blacklist.sh | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/roles/deploy-web/files/refill_blacklist.sh b/roles/deploy-web/files/refill_blacklist.sh
index 7238c4d..e820798 100644
--- a/roles/deploy-web/files/refill_blacklist.sh
+++ b/roles/deploy-web/files/refill_blacklist.sh
@@ -1,11 +1,12 @@
 #!/bin/bash
 
+IPTABLES=/usr/sbin/iptables
 BLACKLIST=/etc/sentinel/blacklist
-chain_count=$(iptables -L BLACKLIST -n | wc -l)
+chain_count=$(${IPTABLES} -L BLACKLIST -n | wc -l)
 if [ ${chain_count} -eq 0 ]; then
-	iptables -N BLACKLIST
-	iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j BLACKLIST
-	iptables -I INPUT 1 -p tcp -m tcp --dport 443 -j BLACKLIST
+	${IPTABLES} -N BLACKLIST
+	${IPTABLES} -I INPUT 1 -p tcp -m tcp --dport 80 -j BLACKLIST
+	${IPTABLES} -I INPUT 1 -p tcp -m tcp --dport 443 -j BLACKLIST
 
 fi
 if [ ! -f ${BLACKLIST} ]; then
@@ -13,7 +14,7 @@ if [ ! -f ${BLACKLIST} ]; then
 fi
 if [ ${chain_count} -gt 2 ]; then
 	chain_count=$(echo ${chain_count}-2 |bc)
-	iptables_ip=($(iptables -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
+	iptables_ip=($(${IPTABLES} -nvL BLACKLIST | tail -n ${chain_count}  | awk '{print $8}'))
 	for i in $(cat ${BLACKLIST})
 	do
 		block_ip=1
@@ -24,13 +25,13 @@ if [ ${chain_count} -gt 2 ]; then
 			fi
 		done
 		if [ ${block_ip} -eq 1 ]; then
-			iptables -A BLACKLIST -s ${i} -j DROP
+			${IPTABLES} -A BLACKLIST -s ${i} -j DROP
 		fi
 	done
 else
 	for i in $(cat ${BLACKLIST})
 	do
-		iptables -A BLACKLIST -s ${i} -j DROP
+		${IPTABLES} -A BLACKLIST -s ${i} -j DROP
 	done
 fi