Uno Greco: Linux IPTables Firewall #4

4o Script (Firewall)

#!/bin/bash

PATH="/bin:/sbin:/usr/bin"

# Script
pid="/var/run/stats.pid" # PID file
setup="/etc/firewall"
sysiptables="/etc/sysconfig/iptables"

# Interfaces
INET="eth0" # Upload Interface
WNET="eth1" # Internet Interface - Upload
FAKE="eth1" # Wireless Bridge
LAN="eth2" # Download Interface - Download
VPN="ppp0" # VPN

# Firewall
BANNED="192.168.0.254"
LAN_MASK="192.168.0.0/24"
WNET_MASK="11.11.11.0/29"
LAN_IP="192.168.0.1"
INET_IP="11.11.11.4"
WNET_IP="10.122.7.62"
DSL_IP="11.11.11.1"
FAKE_IP="192.168.1.2"
VPN_IP="192.168.3.1"
VPN_MASK="192.168.3.0/24"
NICK="192.168.0.3"
DREAM="192.168.0.4"
DB="192.168.0.11"

start () {

if [ "$1" = "firewall" ]
then
. $setup/iptables
elif [ "$1" = "qos" ]
then
. $setup/iproute
elif [ $1 = ]
then
. $setup/iptables
. $setup/iproute
fi
}

stop () {

if [ "$1" = "firewall" ]
then
# IPTABLES Rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
elif [ "$1" = "qos" ]
then
# IPROUTE Rules
tc qdisc del dev $INET root
tc qdisc del dev $LAN root
elif [ $1 = ]
then
# IPTABLES Rules
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# IPROUTE Rules
tc qdisc del dev $INET root
tc qdisc del dev $LAN root
fi

if [ -f $pid ]
then
rm -rf $pid
fi
}

mrtgstats () {
if [ -z $1 ]
then
echo "Please specify a QOS queue"
else
bw=`tc -s class ls dev $LAN
grep -A1 "htb $1 "
grep Sent
awk '{print $2}'`
echo $bw
echo 0
fi
}

genfire () {
iptables -Z INVALID
iptables -Z INVPACKETS
iptables -Z GOOD_TCP_PACKETS
iptables -Z BAD_TCP_PACKETS
iptables -Z BADPACKETS
iptables -Z TCP_FLAGS
iptables -Z BADFLAGS
iptables -Z IEXT
iptables -Z WEXT
iptables -Z LAN
iptables -Z OK
iptables -Z LAN_NET
iptables -Z NET_LAN
iptables -Z INPUT
iptables -Z OUTPUT
iptables -Z FORWARD
iptables -t nat -Z
iptables -t mangle -Z

echo y
iptables-save > $sysiptables
}

case "$1" in
start)
start $2
;;
stop)
stop $2
;;
restart)
stop
start
;;
mrtgstats)
mrtgstats $2
;;
genfire)
genfire
;;
*)
echo $"Usage: `basename $0` {start
stop
restart
mrtgstats
genfire}"
exit 1
esac

# EOF

Uno Greco

Friday 27 August 2010

Linux IPTables Firewall #4

No comments:

Post a Comment