#!/bin/bash #(c) Roy Cohen 2012 :roy.cohen@cgi.com #CGI :George Hintzenweg 89 3068 AX Rotterdam, Netherlands 088 5640000 #objective :IPtables administarion tool #last update :23/11/2012 #version :0.1 # Parameters IPT=/sbin/iptables echo -e " Welcome" ###############################IPTABLE SERVICES PROGRAM BEGINS HERE############################### checkstatus() { opt_checkstatus=1 while [ $opt_checkstatus != 7 ] do clear #echo -e "\nChoose the Option Bellow!!!\n echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n" echo -e " 1. Save the iptables\n 2. Status of Iptables\n 3. Start iptables Services\n 4. Stop iptables Services\n 5. Restart iptable Services\n 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n 7. Go back to Main Menu" read opt_checkstatus case $opt_checkstatus in 1) echo -e "*******************************************************\n" /etc/init.d/iptables save echo -e "\n*******************************************************\n" echo -e "Press Enter key to Continue..." read temp;; 2) echo -e "*******************************************************\n" /etc/init.d/iptables status echo -e "*******************************************************" echo -e "Press Enter key to Continue..." read temp;; 3) echo -e "*******************************************************\n" /etc/init.d/iptables start echo -e "*******************************************************\n" echo -e "Press Enter key to Continue..." read temp;; 4) echo -e "*******************************************************\n" /etc/init.d/iptables stop echo -e "*******************************************************\n" echo -e "Press Enter key to Continue..." read temp;; 5) echo -e "*******************************************************\n" /etc/init.d/iptables restart echo -e "*******************************************************\n" echo -e "Press Enter key to Continue..." read temp;; 6) iptables -F echo -e "*******************************************************" echo -e "All the Rules from the Iptables are Flushed!!!" echo -e "*******************************************************\n" echo -e "Press Enter key to Continue..." read temp;; 7) main;; *) echo -e "Wrong Option Selected!!!" esac done } ###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### buildfirewall() { ##############Chose interface############### echo -e " Configure a Network Interface or a Destination Networks?\n 1. A Network Interface 2. No Network Interface. Destination Networks Only" read opt_int case $opt_int in 1) echo -e "\nPlease Enter a Network Interface." read interface ;; 2) interface="NULL" ;; *) echo -e "Wrong option Selected!!!" esac ###############Getting the Chain############ echo -e "Using Which Chain of Filter Table?\n 1. INPUT 2. OUTPUT 3. Forward" read opt_ch case $opt_ch in 1) chain="INPUT" ;; 2) chain="OUTPUT" ;; 3) chain="FORWARD" ;; *) echo -e "Wrong Option Selected!!!" esac #########Getting Source IP Address########## #Label echo -e " 1. Firewall using Single Source IP\n 2. Firewall using Source Subnet\n 3. Firewall using for All Source Networks\n 4. Firewall choose a source file contationing ip addesses" read opt_ip case $opt_ip in 1) echo -e "\nPlease Enter the IP Address of the Source" read ip_source ;; 2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)" read ip_source ;; 3) ip_source="0/0" ;; 4) echo -e "\nPlease Enter the file name." read ip_source ;; #5) ip_source = "NULL" ;; *) echo -e "Wrong Option Selected" esac #########Getting Destination IP Address########## echo -e " 1. Firewall using Single Destination IP\n 2. Firewall using Destination Subnet\n 3. Firewall using for All Destination Networks\n 4. Firewall using a file" read opt_ip case $opt_ip in 1) echo -e "\nPlease Enter the IP Address of the Destination" read ip_dest ;; 2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)" read ip_dest ;; 3) ip_dest="0/0" ;; 4) echo -e "\nPlease Enter the file name." read ip_dest ;; #5) ip_dest = "NULL" ;; *) echo -e "Wrong Option Selected" esac ###############Getting the Protocol############# echo -e " 1. All Traffic of TCP 2. Specific TCP Service 3. Specific Port 4. Specific Port Number 5. Using no Protocol" read proto_ch case $proto_ch in 1) proto=TCP ;; 2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)" read proto ;; 3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)" read proto ;; 4) echo -e "Enter the Port Number: " read proto ;; 5) proto="NULL" ;; *) echo -e "Wrong option Selected!!!" esac #############What to do With Rule############# echo -e "What to do with Rule? 1. Accept the Packet 2. Reject the Packet 3. Drop the Packet 4. Create Log" read rule_ch case $rule_ch in 1) rule="ACCEPT" ;; 2) rule="REJECT" ;; 3) rule="DROP" ;; 4) rule="LOG" ;; esac ###################Generating the Rule#################### echo -e "\n\tPress Enter key to Generate the Complete Rule!!!" read temp echo -e "The Generated Rule is \n" for ipdetails in `cat $ip_source` do if [[ $interface == *eth* ]] ; then echo -e "\n$IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule\n " gen=1 else if [ $interface == "NULL"] ; then echo -e "\n$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule\n " gen=2 else if [ $proto == "NULL" ]; then echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -j $rule\n" gen=3 else if [[ $proto == * ]]; then echo -e "\niptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule\n" gen=4 fi fi fi fi echo -e "\n\tDo you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2" read yesno if [ $yesno == 1 ] && [ $gen == 1 ]; then $IPT -A $chain -s $ipdetails -i $interface -p $proto -j $rule else if [ $yesno == 1 ] && [ $gen == 2 ]; then $IPT -A $chain -s $ipdetails -d $ip_dest -p $proto -j $rule else if [ $yesno == 1 ] && [ $gen == 3 ]; then iptables -A $chain -s $ip_source -d $ip_dest -j $rule else if [ $yesno == 1 ] && [ $gen == 4 ]; then iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule else if [ $yesno == 2 ]; then main fi fi fi fi fi } main() { ROOT_UID=0 if [ $UID == $ROOT_UID ]; then clear opt_main=1 while [ $opt_main != 4 ] do echo -e "************************************************************************" #############Check Whether the iptables installed or not############ echo -e "\t*****Main Menu*****\n 1. Check Iptables Package\n 2. Iptables Services\n 3. Build Your Firewall with Iptables\n 4. Exit" read opt_main case $opt_main in 1) echo -e "******************************" rpm -q iptables echo -e "******************************" ;; 2) checkstatus ;; 3) buildfirewall ;; 4) exit 0 ;; *) echo -e "Wrong option Selected!!!" esac done else echo -e "You Must be the ROOT to Perfom this Task!!!" fi } main exit 0