| verzia 2.19, 2005/03/01 23:17:11 |
verzia 2.24, 2005/04/18 22:49:30 |
|
|
| # Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
| # All rights reserved. |
# All rights reserved. |
| # |
# |
| # $Platon: scripts/shell/firewall/fw-universal.sh,v 2.18 2005/03/01 21:47:20 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.23 2005/04/15 22:07:18 rajo Exp $ |
| # |
# |
| # Changelog: |
# Changelog: |
| # 2003-10-24 - created |
# 2003-10-24 - created |
| Riadok 95 unload_modules() |
|
| Riadok 95 unload_modules() |
|
| print_iface_status() |
print_iface_status() |
| { # {{{ |
{ # {{{ |
| # Print interfaces: |
# Print interfaces: |
| echo "# iface | IP addr | broadcast | netmask | HW addr" |
echo "# iface | IP addr | Gateway | broadcast | netmask | HW addr" |
| for iface in $interfaces; do |
for iface in $interfaces; do |
| IP="IP_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
IP="IP_$iface"; Gateway="Gateway_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
| echo "$iface | ${!IP} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
echo "$iface | ${!IP} | ${!Gateway} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
| done |
done |
| } # }}} |
} # }}} |
| |
|
| Riadok 118 antispoof_on() |
|
| Riadok 118 antispoof_on() |
|
| done |
done |
| } # }}} |
} # }}} |
| |
|
| |
forward_on() |
| |
{ # {{{ |
| |
echo -en "NAT: Enabling packet forwarding..." |
| |
echo 1 > /proc/sys/net/ipv4/ip_forward |
| |
echo " done." |
| |
} # }}} |
| |
|
| |
forward_off() |
| |
{ # {{{ |
| |
echo -en "NAT: Disabling packet forwarding..." |
| |
echo 0 > /proc/sys/net/ipv4/ip_forward |
| |
echo " done." |
| |
} # }}} |
| |
|
| # clear status of iptable chains |
# clear status of iptable chains |
| remove_chains() |
remove_chains() |
| { # {{{ |
{ # {{{ |
| Riadok 275 mangle_output() |
|
| Riadok 289 mangle_output() |
|
| masquerade() |
masquerade() |
| { # {{{ |
{ # {{{ |
| if [ ! -z "$NAT_LAN_IFACE" ]; then |
if [ ! -z "$NAT_LAN_IFACE" ]; then |
| |
echo -en "NAT: Enabling packet forwarding..." |
| |
echo 1 > /proc/sys/net/ipv4/ip_forward |
| |
echo " done." |
| echo -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
echo -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
| |
|
| ip="IP_$NAT_SUBNET_IFACE"; |
ip="IP_$NAT_SUBNET_IFACE"; |
|
|
| |
|
| } # }}} |
} # }}} |
| |
|
| |
bann_ip_adresses() |
| |
{ # {{{ |
| |
# |
| |
# This feature has been developed for following reason: |
| |
# UbiCrawler spam our website with many requests (they are duplicit requests of the same page!) |
| |
# And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension) |
| |
# |
| |
# Bann them too! |
| |
# |
| |
#IP address is: 146.48.97.11 146.48.97.13 |
| |
# User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)" |
| |
# |
| |
if [ ! -z "$BANNED_IP" ]; then |
| |
echo -en "Dropping ALL packets from IP:" |
| |
for banned_ip in $BANNED_IP; do |
| |
echo -en " $banned_ip" |
| |
$IPTABLES -A INPUT -s $banned_ip -j DROP |
| |
$IPTABLES -A FORWARD -s $banned_ip -j DROP |
| |
done |
| |
echo " done." |
| |
fi |
| |
} # }}} |
| |
|
| allow_accept_all() |
allow_accept_all() |
| { # {{{ |
{ # {{{ |
| if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
| Riadok 577 accept_loopback() |
|
| Riadok 617 accept_loopback() |
|
| |
|
| # Loopback není radno omezovat |
# Loopback není radno omezovat |
| echo -en "Accepting loopback:" |
echo -en "Accepting loopback:" |
| $IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT |
$IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT |
| |
$IPTABLES -A OUTPUT -o $LO_IFACE -j ACCEPT |
| echo " done." |
echo " done." |
| |
|
| } # }}} |
} # }}} |
| Riadok 618 parse_ifconfig() |
|
| Riadok 659 parse_ifconfig() |
|
| END { printf "\ninterfaces=\"%s\"; export interfaces;\n", interfaces; } |
END { printf "\ninterfaces=\"%s\"; export interfaces;\n", interfaces; } |
| '` |
'` |
| |
|
| |
eval `perl -e ' |
| |
$\ = "\n"; |
| |
open(FILE, "/proc/net/route") or die "Can not open /proc/net/route: $!"; |
| |
my @columns = split(/\s+/, <FILE>); |
| |
while (my $line = <FILE>) { |
| |
my $iface; |
| |
my @vals = split(/\s+/, $line); |
| |
foreach my $key (@columns) { |
| |
$iface->{$key} = shift @vals; |
| |
} |
| |
|
| |
foreach my $key (qw( Gateway Destination )) { |
| |
print "${key}_$iface->{Iface}=", |
| |
qw("), hex2ip($iface->{$key}), qw("), |
| |
"; export ${key}_$iface->{Iface};"; |
| |
} |
| |
foreach my $key (qw( Flags MTU Metric Window IRTT )) { |
| |
print "${key}_$iface->{Iface}=", |
| |
qw("), $iface->{$key}, qw("), |
| |
"; export ${key}_$iface->{Iface};"; |
| |
} |
| |
} |
| |
close(FILE); |
| |
|
| |
|
| |
sub hex2ip |
| |
{ # {{{ |
| |
my ($str) = @_; |
| |
my @block; |
| |
|
| |
my $hex = uc($str); |
| |
|
| |
while (length($hex)) { |
| |
my $x = ord(substr($hex, 0, 1)); |
| |
my $y = ord(substr($hex, 1, 1)); |
| |
|
| |
$x = $x > 64 ? $x - 55 : $x - 48; |
| |
$y = $y > 64 ? $y - 55 : $y - 48; |
| |
|
| |
push @block, 16 * $x + $y; |
| |
$hex = substr($hex, 2); |
| |
} |
| |
|
| |
return join(".", reverse @block); |
| |
|
| |
} # }}} |
| |
'` |
| # Now we have defined variables like this: |
# Now we have defined variables like this: |
| # IFACE_eth0 HWaddr_eth0 IP_eth0 Bcast_eth0 Mask_eth0 |
# IFACE_eth0 HWaddr_eth0 IP_eth0 Bcast_eth0 Mask_eth0 |
| # IFACE_lo HWaddr_lo IP_lo Bcast_lo Mask_lo |
# IFACE_lo HWaddr_lo IP_lo Bcast_lo Mask_lo |
| Riadok 651 for iface in $interfaces; do |
|
| Riadok 739 for iface in $interfaces; do |
|
| INTERFACES="$INTERFACES $iface"; |
INTERFACES="$INTERFACES $iface"; |
| fi |
fi |
| done |
done |
| |
INTERFACES_ACCEPT_ALL="$IFACE_ACCEPT_ALL" |
| |
|
| |
|
| case "$1" in |
case "$1" in |
|
|
| # |
# |
| # (un)commnet next lines as needed |
# (un)commnet next lines as needed |
| # |
# |
| |
bann_ip_adresses |
| allow_accept_all |
allow_accept_all |
| nmap_scan_filter |
nmap_scan_filter |
| invalid_packet_filter |
invalid_packet_filter |
|
|
| set_default_policy |
set_default_policy |
| remove_chains |
remove_chains |
| unload_modules |
unload_modules |
| |
forward_off |
| ;; |
;; |
| |
|
| status) |
status) |
Prihlásiť
Registrácia
English
![[BACK]](http://cvsweb.platon.sk/icons/back.gif){kind=icon}
![[TXT]](http://cvsweb.platon.sk/icons/text.gif){kind=icon}
![[DIR]](http://cvsweb.platon.sk/icons/dir.gif){kind=icon}
Vyššie na