745 lines
		
	
	
		
			26 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
			
		
		
	
	
			745 lines
		
	
	
		
			26 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
| #!/bin/bash
 | |
| #(c) Roy Cohen 23/11/2012    :roy@wondercohen.nl
 | |
| #original script             :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
 | |
| #objective                   :IPtables administering tool
 | |
| #last update                 :29/11/2012
 | |
| #version                     :0.2
 | |
| 
 | |
| 
 | |
| # Parameters
 | |
| IPT="/sbin/iptables"
 | |
| IPTSAVE="/etc/init.d/iptables save"
 | |
| 
 | |
| 
 | |
| echo -e""
 | |
| ###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
 | |
| function checkstatus()
 | |
|  {
 | |
|   opt_checkstatus=1
 | |
|  while [ $opt_checkstatus != 7 ]
 | |
|       do
 | |
|        clear
 | |
|   #echo -e "\nChoose the Option Bellow!!!\n
 | |
|   echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
 | |
|   echo -e "   1. Save the iptables\n
 | |
|    2. Status of Iptables\n
 | |
|    3. Start iptables Services\n
 | |
|    4. Stop iptables Services\n
 | |
|    5. Restart iptable Services\n
 | |
|    6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
 | |
|    7. Go back to Main Menu"
 | |
|   read opt_checkstatus
 | |
|   case $opt_checkstatus in
 | |
|    1) echo -e "*******************************************************\n" 
 | |
|                /etc/init.d/iptables save 
 | |
|       echo -e "\n*******************************************************\n"
 | |
|     echo -e "Press Enter key to Continue..."
 | |
|     read temp;;
 | |
|    2) echo -e "*******************************************************\n"
 | |
|                /etc/init.d/iptables status 
 | |
|       echo -e "*******************************************************"
 | |
|                                 echo -e "Press Enter key to Continue..."
 | |
|                                      read temp;;
 | |
|    3) echo -e "*******************************************************\n"  
 | |
|                /etc/init.d/iptables start 
 | |
|       echo -e "*******************************************************\n"
 | |
|                                  echo -e "Press Enter key to Continue..."
 | |
|                                        read temp;;
 | |
|    
 | |
|    4) echo -e "*******************************************************\n"
 | |
|                /etc/init.d/iptables stop
 | |
|       echo -e "*******************************************************\n"
 | |
|                                 echo -e "Press Enter key to Continue..."
 | |
|                                      read temp;;
 | |
|      
 | |
|              5) echo -e "*******************************************************\n"
 | |
|                       /etc/init.d/iptables restart 
 | |
|       echo -e "*******************************************************\n"
 | |
|                                 echo -e "Press Enter key to Continue..."
 | |
|                                      read temp;;
 | |
|    6) iptables -F 
 | |
|    echo -e "*******************************************************"
 | |
|    echo -e "All the Rules from the Iptables are Flushed!!!"
 | |
|    echo -e "*******************************************************\n"
 | |
|                                 echo -e "Press Enter key to Continue..."
 | |
|                                  read temp;;
 | |
|    7) main;;
 | |
|    *) echo -e "Wrong Option Selected!!!"
 | |
|   esac
 | |
|  done
 | |
|  }
 | |
| ###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### 
 | |
| function buildfirewall()
 | |
|  {
 | |
|    function buildfirewallprogram ()
 | |
|    {
 | |
|       ###############Getting the Chain############
 | |
|       clear
 | |
|       echo -e "Using Which Chain of Filter Table?\n
 | |
|       1. INPUT
 | |
|       2. OUTPUT
 | |
|       3. Forward
 | |
|       4. Go back to Main Menu"
 | |
|       read opt_ch
 | |
|       case $opt_ch in
 | |
|        1) chain="INPUT" ;;
 | |
|        2) chain="OUTPUT" ;;
 | |
|        3) chain="FORWARD" ;;
 | |
|        4) main;;
 | |
|        *) echo -e "Wrong Option Selected!!!"
 | |
|       esac
 | |
|  
 | |
| 
 | |
|       #########Getting Source IP Address##########
 | |
|       #Label
 | |
|        
 | |
|       echo -e "Please the Source IP Address\n
 | |
|       1. Firewall using Single Source IP
 | |
|       2. Firewall using Source Subnet
 | |
|       3. Firewall using for All Source Networks
 | |
|       4. Firewall choose a source file containing ip addesses
 | |
|       5. Go back to Main Menu"
 | |
|       read opt_ip_srource
 | |
|        
 | |
|       case $opt_ip_srource in
 | |
|        1) echo -e "\nPlease Enter the IP Address of the Source"
 | |
|        read ip_source ;;
 | |
|        2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
 | |
|        read ip_source ;;
 | |
|        3) ip_source="0/0" ;;
 | |
|        4) echo -e "\nPlease Enter the file name."
 | |
|        read ip_source ;;
 | |
|        5) main;;
 | |
|        #6) ip_source = "NULL" ;;
 | |
|        *) echo -e "Wrong Option Selected"
 | |
|       esac
 | |
| 		
 | |
|       ##############Chose interface###############
 | |
|       echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
 | |
|       1. Configure a Network Interface
 | |
|       2. Configure a Destination Networks Only
 | |
|       3. Go back to Main Menu"
 | |
|         read opt_int
 | |
|         case $opt_int in
 | |
|             1) echo -e "\nPlease Enter a Network Interface."
 | |
|             read interface ;;
 | |
|             2) interface="NULL" ;;
 | |
|             3) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|         esac 
 | |
| 	
 | |
| 	if [ $opt_int == "2" ]; then
 | |
|       #########Getting Destination IP Address##########
 | |
|       echo -e "Please Enter the IP Address of the Destination\n
 | |
|       1. Firewall using Single Destination IP
 | |
|       2. Firewall using Destination Subnet
 | |
|       3. Firewall using for All Destination Networks
 | |
|       4. Go back to Main Menu"
 | |
| 
 | |
|       read opt_ip_dest
 | |
|         case $opt_ip_dest in
 | |
|             1) echo -e "\nPlease Enter the IP Address of the Destination"
 | |
|             read ip_dest ;;
 | |
|             2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
 | |
|             read ip_dest ;;
 | |
|             3) ip_dest="0/0" ;;
 | |
|             4) main;;
 | |
|             *) echo -e "Wrong Option Selected"
 | |
|            esac
 | |
| 		   
 | |
|       ###############Getting the Protocol#############
 | |
|       echo -e "
 | |
|       1. All Traffic of TCP
 | |
|       2. Specific TCP Service
 | |
|       3. Not using a specific Protocol
 | |
|       4. Go back to Main Menu"
 | |
|         read proto_ch
 | |
|            case $proto_ch in
 | |
|             1) proto=tcp ;;
 | |
|             2) echo -e "Enter the TCP Service Name:"
 | |
|            read proto ;;
 | |
|             3) proto="NULL" ;;
 | |
|             4) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
|      ###############Getting the Destination Port#############
 | |
|       echo -e "\nConfigure the Destination Port\n
 | |
|       1. Specific Destination Port
 | |
|       2. No Destination Port
 | |
|       3. Go back to Main Menu"
 | |
|         read port_ch
 | |
|            case $port_ch in
 | |
|             1) echo -e "Enter the Destination Port:"
 | |
|            read port ;;
 | |
|             2) prot="NULL" ;;
 | |
|             3) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
| 	
 | |
|      #############What to do With Rule############# 
 | |
|       echo -e "\nWhat to do with Rule?
 | |
|       1. Accept the Packet
 | |
|       2. Reject the Packet
 | |
|       3. Drop the Packet
 | |
|       4. Create Log
 | |
|       5. Go back to Main Menu"
 | |
|            read rule_ch
 | |
|            case $rule_ch in 
 | |
|             1) rule="ACCEPT" ;;
 | |
|             2) rule="REJECT" ;;
 | |
|             3) rule="DROP" ;;
 | |
|             4) rule="LOG" ;;
 | |
|             5) main;;
 | |
|            esac
 | |
| 	else
 | |
| 
 | |
|       ###############Getting the Protocol#############
 | |
|       echo -e "
 | |
|       1. All Traffic of TCP
 | |
|       2. Specific TCP Service
 | |
|       3. Not using a specific Protocol
 | |
|       4. Go back to Main Menu"
 | |
|         read proto_ch
 | |
|            case $proto_ch in
 | |
|             1) proto=tcp ;;
 | |
|             2) echo -e "Enter the TCP Service Name:"
 | |
|            read proto ;;
 | |
|             3) proto="NULL" ;;
 | |
|             4) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
|      ###############Getting the Destination Port#############
 | |
|       echo -e "\nConfigure the Destination Port\n
 | |
|       1. Specific Destination Port
 | |
|       2. No Destination Port
 | |
|       3. Go back to Main Menu"
 | |
|         read port_ch
 | |
|            case $port_ch in
 | |
|             1) echo -e "Enter the Destination Port:"
 | |
|            read port ;;
 | |
|             2) prot="NULL" ;;
 | |
|             3) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
|              
 | |
|            #############What to do With Rule############# 
 | |
|       echo -e "\nWhat to do with Rule?
 | |
|       1. Accept the Packet
 | |
|       2. Reject the Packet
 | |
|       3. Drop the Packet
 | |
|       4. Create Log
 | |
|       5. Go back to Main Menu"
 | |
|            read rule_ch
 | |
|            case $rule_ch in 
 | |
|             1) rule="ACCEPT" ;;
 | |
|             2) rule="REJECT" ;;
 | |
|             3) rule="DROP" ;;
 | |
|             4) rule="LOG" ;;
 | |
|             5) main;;
 | |
|            esac
 | |
| 	fi
 | |
| }
 | |
| ###################Generating the Rule####################
 | |
| buildfirewallprogram
 | |
| 
 | |
| function generate_rule_single_ip()
 | |
| {
 | |
| 		if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
 | |
| 			gen=1
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
 | |
| 			gen=2
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
 | |
| 			gen=3
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
 | |
| 			gen=4
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 			gen=5
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
 | |
| 			gen=6
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
 | |
| 			gen=7
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 			gen=8
 | |
| 	fi
 | |
| 
 | |
| echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
 | |
| read yesno
 | |
| 
 | |
| 	if [ $yesno == 1 ] && [ $gen == 1 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 2 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 3 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 4 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 5 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 6 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 7 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
 | |
| 	elif [ $yesno == 1 ] && [ $gen == 8 ]; then
 | |
| 		$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 	elif [ $yesno == 2 ]; then
 | |
| 
 | |
| 	main
 | |
| 	fi
 | |
| 	
 | |
| }
 | |
| 
 | |
| function generate_rule_multiple_ip()
 | |
| {
 | |
|     for ipdetails in `cat $ip_source`
 | |
|     do
 | |
| 		if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
 | |
| 			gen=1
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
 | |
| 			gen=2
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
 | |
| 			gen=3
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
 | |
| 			gen=4
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 			gen=5
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
 | |
| 			gen=6
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
 | |
| 			gen=7
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 			gen=8
 | |
| 		fi
 | |
| done
 | |
| 
 | |
| echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
 | |
| read yesno
 | |
| 	for ipdetails in `cat $ip_source`
 | |
| 	do
 | |
| 		if [ $yesno == 1 ] && [ $gen == 1 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 2 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 3 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 4 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 5 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 6 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 7 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 8 ]; then
 | |
| 			$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 2 ]; then
 | |
| 		main
 | |
| 		fi
 | |
| 	done
 | |
| }
 | |
| 
 | |
| echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
 | |
| read temp
 | |
| echo -e "The Generated Rule is \n"
 | |
| ##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
 | |
| 
 | |
| if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
 | |
|     generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
 | |
| 	$IPTSAVE
 | |
| 	echo -e "Press Enter key to Continue..."
 | |
|     read temp
 | |
| 	main
 | |
| else
 | |
|     generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
 | |
| 	$IPTSAVE
 | |
| 	echo -e "Press Enter key to Continue..."
 | |
|     read temp
 | |
| 	main
 | |
| fi
 | |
| 
 | |
| }
 | |
| 
 | |
| ##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE############################### 
 | |
| function delfirewall()
 | |
| {
 | |
|     function deleteonerule () 
 | |
|     {
 | |
| 	echo -e "
 | |
|       1. Delete one rule
 | |
|       2. Go back to Main Menu"
 | |
|       read opt_delete_one_rule
 | |
| 
 | |
|       case $opt_delete_one_rule in
 | |
|        1) echo -e "\nPlease Eneter the Rule."
 | |
|        read one_rule ;;
 | |
|        2) main;;
 | |
|        *) echo -e "Wrong Option Selected"
 | |
|       esac
 | |
|     echo "$one_rule"| sed 's/-A/-D/g'
 | |
|     echo "Do you want to remove this rule, Yes=1 , No=2"
 | |
|     read yesno
 | |
| 
 | |
|     if [ $yesno == 1 ] ; then
 | |
|     $IPT `echo $one_rule |  sed 's/-A/-D/g'`
 | |
|     else
 | |
|     main
 | |
|     fi
 | |
|     }  
 | |
| 
 | |
|     function delprogram ()
 | |
|     {
 | |
| 	###############Getting the Chain############
 | |
|       clear
 | |
|       echo -e "Using Which Chain of Filter Table?\n
 | |
|       1. INPUT
 | |
|       2. OUTPUT
 | |
|       3. Forward
 | |
|       4. Go back to Main Menu"
 | |
|       read opt_ch
 | |
|       case $opt_ch in
 | |
|        1) chain="INPUT" ;;
 | |
|        2) chain="OUTPUT" ;;
 | |
|        3) chain="FORWARD" ;;
 | |
|        4) main;;
 | |
|        *) echo -e "Wrong Option Selected!!!"
 | |
|       esac
 | |
|      
 | |
|       #########Getting Source IP Address##########
 | |
|        
 | |
|       echo -e "
 | |
|       1. Firewall using Single Source IP
 | |
|       2. Firewall using Source Subnet
 | |
|       3. Firewall using for All Source Networks
 | |
|       4. Firewall choose a source file containing ip addesses
 | |
|       5. Go back to Main Menu"
 | |
|       read opt_ip_srource
 | |
|        
 | |
|       case $opt_ip_srource in
 | |
|        1) echo -e "\nPlease Enter the IP Address of the Source"
 | |
|        read ip_source ;;
 | |
|        2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
 | |
|        read ip_source ;;
 | |
|        3) ip_source="0/0" ;;
 | |
|        4) echo -e "\nPlease Enter the file name."
 | |
|        read ip_source ;;
 | |
|        5) main;;
 | |
|        #6) ip_source = "NULL" ;;
 | |
|        *) echo -e "Wrong Option Selected"
 | |
|       esac
 | |
|            ##############Chose interface###############
 | |
|       echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
 | |
|       1. Configure a Network Interface
 | |
|       2. Configure a Destination Networks Only
 | |
|       3. Go back to Main Menu"
 | |
|         read opt_int
 | |
|         case $opt_int in
 | |
|             1) echo -e "\nPlease Enter a Network Interface."
 | |
|             read interface ;;
 | |
|             2) interface="NULL" ;;
 | |
|             3) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|         esac  
 | |
|       if [ $opt_int == "2" ]; then
 | |
|       #########Getting Destination IP Address##########
 | |
|       echo -e "Please Enter the IP Address of the Destination\n
 | |
|       1. Firewall using Single Destination IP
 | |
|       2. Firewall using Destination Subnet
 | |
|       3. Firewall using for All Destination Networks
 | |
|       4. Go back to Main Menu"
 | |
| 
 | |
|       read opt_ip_dest
 | |
|         case $opt_ip_dest in
 | |
|             1) echo -e "\nPlease Enter the IP Address of the Destination"
 | |
|             read ip_dest ;;
 | |
|             2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
 | |
|             read ip_dest ;;
 | |
|             3) ip_dest="0/0" ;;
 | |
|             4) main;;
 | |
|             *) echo -e "Wrong Option Selected"
 | |
|            esac
 | |
| 		   
 | |
|       ###############Getting the Protocol#############
 | |
|       echo -e "
 | |
|       1. All Traffic of TCP
 | |
|       2. Specific TCP Service
 | |
|       3. Not using a specific Protocol
 | |
|       4. Go back to Main Menu"
 | |
|         read proto_ch
 | |
|            case $proto_ch in
 | |
|             1) proto=tcp ;;
 | |
|             2) echo -e "Enter the TCP Service Name:"
 | |
|            read proto ;;
 | |
|             3) proto="NULL" ;;
 | |
|             4) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
|      ###############Getting the Destination Port#############
 | |
|       echo -e "\nConfigure the Destination Port\n
 | |
|       1. Specific Destination Port
 | |
|       2. No Destination Port
 | |
|       3. Go back to Main Menu"
 | |
|         read port_ch
 | |
|            case $port_ch in
 | |
|             1) echo -e "Enter the Destination Port:"
 | |
|            read port ;;
 | |
|             2) prot="NULL" ;;
 | |
|             3) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
| 	
 | |
|      #############What to do With Rule############# 
 | |
|       echo -e "\nWhat to do with Rule?
 | |
|       1. Accept the Packet
 | |
|       2. Reject the Packet
 | |
|       3. Drop the Packet
 | |
|       4. Create Log
 | |
|       5. Go back to Main Menu"
 | |
|            read rule_ch
 | |
|            case $rule_ch in 
 | |
|             1) rule="ACCEPT" ;;
 | |
|             2) rule="REJECT" ;;
 | |
|             3) rule="DROP" ;;
 | |
|             4) rule="LOG" ;;
 | |
|             5) main;;
 | |
|            esac
 | |
| 	else
 | |
| 
 | |
|       ###############Getting the Protocol#############
 | |
|       echo -e "
 | |
|       1. All Traffic of TCP
 | |
|       2. Specific TCP Service
 | |
|       3. Not using a specific Protocol
 | |
|       4. Go back to Main Menu"
 | |
|         read proto_ch
 | |
|            case $proto_ch in
 | |
|             1) proto=tcp ;;
 | |
|             2) echo -e "Enter the TCP Service Name:"
 | |
|            read proto ;;
 | |
|             3) proto="NULL" ;;
 | |
|             4) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
|      ###############Getting the Destination Port#############
 | |
|       echo -e "\nConfigure the Destination Port\n
 | |
|       1. Specific Destination Port
 | |
|       2. No Destination Port
 | |
|       3. Go back to Main Menu"
 | |
|         read port_ch
 | |
|            case $port_ch in
 | |
|             1) echo -e "Enter the Destination Port:"
 | |
|            read port ;;
 | |
|             2) prot="NULL" ;;
 | |
|             3) main;;
 | |
|             *) echo -e "Wrong option Selected!!!"
 | |
|            esac
 | |
|              
 | |
|            #############What to do With Rule############# 
 | |
|       echo -e "\nWhat to do with Rule?
 | |
|       1. Accept the Packet
 | |
|       2. Reject the Packet
 | |
|       3. Drop the Packet
 | |
|       4. Create Log
 | |
|       5. Go back to Main Menu"
 | |
|            read rule_ch
 | |
|            case $rule_ch in 
 | |
|             1) rule="ACCEPT" ;;
 | |
|             2) rule="REJECT" ;;
 | |
|             3) rule="DROP" ;;
 | |
|             4) rule="LOG" ;;
 | |
|             5) main;;
 | |
|            esac
 | |
| 	fi
 | |
| 	
 | |
| ###################Generating the Rule####################
 | |
| 
 | |
|     function del_rule_single_ip()
 | |
|     {
 | |
| 
 | |
| 	if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
 | |
| 			gen=1
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
 | |
| 			gen=2
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
 | |
| 			gen=3
 | |
| 		elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
 | |
| 			gen=4
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 			gen=5
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
 | |
| 			gen=6
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
 | |
| 			gen=7
 | |
| 		elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 			echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 			gen=8
 | |
| 	fi
 | |
| 
 | |
| 	echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
 | |
| 	read yesno
 | |
| 
 | |
| 	if [ $yesno == 1 ] && [ $gen == 1 ]; then
 | |
| 		$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 2 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 3 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 4 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 5 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 6 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 7 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
 | |
| 		elif [ $yesno == 1 ] && [ $gen == 8 ]; then
 | |
| 			$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 		elif [ $yesno == 2 ]; then
 | |
| 		main
 | |
| 	fi
 | |
|     }
 | |
| 	
 | |
|     function del_rule_multiple_ip()
 | |
|     {
 | |
|     for ipdetails in `cat $ip_source`
 | |
|     do
 | |
| 			if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
 | |
| 					gen=1
 | |
| 				elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
 | |
| 					gen=2
 | |
| 				elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
 | |
| 					gen=3
 | |
| 				elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
 | |
| 					gen=4
 | |
| 				elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 					gen=5
 | |
| 				elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
 | |
| 					gen=6
 | |
| 				elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
 | |
| 					gen=7
 | |
| 				elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
 | |
| 					echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
 | |
| 					gen=8
 | |
| 			fi
 | |
| 	done
 | |
| 	
 | |
| 		echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
 | |
| 		read yesno
 | |
| 	for ipdetails in `cat $ip_source`
 | |
| 	do
 | |
| 		if [ $yesno == 1 ] && [ $gen == 1 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 2 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 3 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 4 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 5 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 6 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 7 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
 | |
| 			elif [ $yesno == 1 ] && [ $gen == 8 ]; then
 | |
| 				$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
 | |
| 			elif [ $yesno == 2 ]; then
 | |
| 			main
 | |
| 		fi
 | |
| 	done
 | |
| 	}
 | |
| 
 | |
| echo "$opt_ip_srource"
 | |
| echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
 | |
| read temp
 | |
| echo -e "The Generated Rule is \n"
 | |
| if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
 | |
|     del_rule_single_ip  2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
 | |
| 	$IPTSAVE
 | |
| else
 | |
|     del_rule_multiple_ip  2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
 | |
| 	$IPTSAVE
 | |
| fi
 | |
| 
 | |
|  }
 | |
| echo -e "\t**********************|Delete your Iptable Menu|***************************\n
 | |
|  1. Delete a Custum Rule
 | |
|  2. Delete one Rule
 | |
|  3. Back to Main Menu"
 | |
|  
 | |
|  read opt_delfirewall
 | |
|  case $opt_delfirewall in
 | |
|   1) delprogram ;;
 | |
|   2) deleteonerule  2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
 | |
|   3) main ;;
 | |
|   *) echo -e "Wrong option Selected!!!"
 | |
| esac
 | |
| 
 | |
| } 
 | |
|  
 | |
|  
 | |
| function main()
 | |
| {
 | |
|  ROOT_UID=0
 | |
|  if [ $UID == $ROOT_UID ];
 | |
|  then
 | |
|  clear
 | |
|  opt_main=1
 | |
|  while [ $opt_main != 6 ]
 | |
|  do
 | |
| echo -e "************************************************************************" 
 | |
| #############Check Whether the iptables installed or not############ 
 | |
|  echo -e "\t**********************|Main Menu|***************************\n
 | |
|  1. Check Iptables Package\n
 | |
|  2. Iptables Services\n
 | |
|  3. Build Your Firewall with Iptables\n
 | |
|  4. Delete Your Firewall with Iptables\n
 | |
|  5. EDSN script\n
 | |
|  6. Exit"
 | |
|  read opt_main
 | |
|  case $opt_main in
 | |
|   1) echo -e "******************************"
 | |
|     rpm -q iptables 
 | |
|      echo -e "******************************" ;;
 | |
|   2) checkstatus  2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
 | |
|   3) buildfirewall ;;
 | |
|   4) delfirewall ;;
 | |
|   5) sh setIptables_config2.sh 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
 | |
|   6) exit 0 ;;
 | |
|   *) echo -e "Wrong option Selected!!!"
 | |
|  esac
 | |
| done
 | |
| else
 | |
|  echo -e "You Must be the ROOT to Perfom this Task!!!"
 | |
| fi
 | |
| }
 | |
| main
 | |
| exit 0 |