743 lines
26 KiB
Bash
743 lines
26 KiB
Bash
#!/bin/bash
|
|
#(c) Roy Cohen 23/11/2012 :roy@wondercohen.nl
|
|
#original script :http://www.howtoforge.com/bash-script-for-configuring-iptables-firewall
|
|
#objective :IPtables administering tool
|
|
#last update :29/11/2012
|
|
#version :0.2
|
|
|
|
|
|
# Parameters
|
|
IPT="/sbin/iptables"
|
|
IPTSAVE="/etc/init.d/iptables save"
|
|
|
|
|
|
echo -e""
|
|
###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
|
|
function checkstatus()
|
|
{
|
|
opt_checkstatus=1
|
|
while [ $opt_checkstatus != 7 ]
|
|
do
|
|
clear
|
|
#echo -e "\nChoose the Option Bellow!!!\n
|
|
echo -e "\n\t*****Note: Save your Iptables before stop/Restart the iptables Services*****\n"
|
|
echo -e " 1. Save the iptables\n
|
|
2. Status of Iptables\n
|
|
3. Start iptables Services\n
|
|
4. Stop iptables Services\n
|
|
5. Restart iptable Services\n
|
|
6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)\n
|
|
7. Go back to Main Menu"
|
|
read opt_checkstatus
|
|
case $opt_checkstatus in
|
|
1) echo -e "*******************************************************\n"
|
|
/etc/init.d/iptables save
|
|
echo -e "\n*******************************************************\n"
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp;;
|
|
2) echo -e "*******************************************************\n"
|
|
/etc/init.d/iptables status
|
|
echo -e "*******************************************************"
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp;;
|
|
3) echo -e "*******************************************************\n"
|
|
/etc/init.d/iptables start
|
|
echo -e "*******************************************************\n"
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp;;
|
|
|
|
4) echo -e "*******************************************************\n"
|
|
/etc/init.d/iptables stop
|
|
echo -e "*******************************************************\n"
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp;;
|
|
|
|
5) echo -e "*******************************************************\n"
|
|
/etc/init.d/iptables restart
|
|
echo -e "*******************************************************\n"
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp;;
|
|
6) iptables -F
|
|
echo -e "*******************************************************"
|
|
echo -e "All the Rules from the Iptables are Flushed!!!"
|
|
echo -e "*******************************************************\n"
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp;;
|
|
7) main;;
|
|
*) echo -e "Wrong Option Selected!!!"
|
|
esac
|
|
done
|
|
}
|
|
###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE###############################
|
|
function buildfirewall()
|
|
{
|
|
function buildfirewallprogram ()
|
|
{
|
|
###############Getting the Chain############
|
|
clear
|
|
echo -e "Using Which Chain of Filter Table?\n
|
|
1. INPUT
|
|
2. OUTPUT
|
|
3. Forward
|
|
4. Go back to Main Menu"
|
|
read opt_ch
|
|
case $opt_ch in
|
|
1) chain="INPUT" ;;
|
|
2) chain="OUTPUT" ;;
|
|
3) chain="FORWARD" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong Option Selected!!!"
|
|
esac
|
|
|
|
|
|
#########Getting Source IP Address##########
|
|
#Label
|
|
|
|
echo -e "Please the Source IP Address\n
|
|
1. Firewall using Single Source IP
|
|
2. Firewall using Source Subnet
|
|
3. Firewall using for All Source Networks
|
|
4. Firewall choose a source file containing ip addesses
|
|
5. Go back to Main Menu"
|
|
read opt_ip_srource
|
|
|
|
case $opt_ip_srource in
|
|
1) echo -e "\nPlease Enter the IP Address of the Source"
|
|
read ip_source ;;
|
|
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
|
read ip_source ;;
|
|
3) ip_source="0/0" ;;
|
|
4) echo -e "\nPlease Enter the file name."
|
|
read ip_source ;;
|
|
5) main;;
|
|
#6) ip_source = "NULL" ;;
|
|
*) echo -e "Wrong Option Selected"
|
|
esac
|
|
|
|
##############Chose interface###############
|
|
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
|
|
1. Configure a Network Interface
|
|
2. Configure a Destination Networks Only
|
|
3. Go back to Main Menu"
|
|
read opt_int
|
|
case $opt_int in
|
|
1) echo -e "\nPlease Enter a Network Interface."
|
|
read interface ;;
|
|
2) interface="NULL" ;;
|
|
3) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
|
|
if [ $opt_int == "2" ]; then
|
|
#########Getting Destination IP Address##########
|
|
echo -e "Please Enter the IP Address of the Destination\n
|
|
1. Firewall using Single Destination IP
|
|
2. Firewall using Destination Subnet
|
|
3. Firewall using for All Destination Networks
|
|
4. Go back to Main Menu"
|
|
|
|
read opt_ip_dest
|
|
case $opt_ip_dest in
|
|
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
|
read ip_dest ;;
|
|
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
|
read ip_dest ;;
|
|
3) ip_dest="0/0" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong Option Selected"
|
|
esac
|
|
|
|
###############Getting the Protocol#############
|
|
echo -e "
|
|
1. All Traffic of TCP
|
|
2. Specific TCP Service
|
|
3. Not using a specific Protocol
|
|
4. Go back to Main Menu"
|
|
read proto_ch
|
|
case $proto_ch in
|
|
1) proto=tcp ;;
|
|
2) echo -e "Enter the TCP Service Name:"
|
|
read proto ;;
|
|
3) proto="NULL" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
###############Getting the Destination Port#############
|
|
echo -e "\nConfigure the Destination Port\n
|
|
1. Specific Destination Port
|
|
2. No Destination Port
|
|
3. Go back to Main Menu"
|
|
read port_ch
|
|
case $port_ch in
|
|
1) echo -e "Enter the Destination Port:"
|
|
read port ;;
|
|
2) prot="NULL" ;;
|
|
3) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
|
|
#############What to do With Rule#############
|
|
echo -e "\nWhat to do with Rule?
|
|
1. Accept the Packet
|
|
2. Reject the Packet
|
|
3. Drop the Packet
|
|
4. Create Log
|
|
5. Go back to Main Menu"
|
|
read rule_ch
|
|
case $rule_ch in
|
|
1) rule="ACCEPT" ;;
|
|
2) rule="REJECT" ;;
|
|
3) rule="DROP" ;;
|
|
4) rule="LOG" ;;
|
|
5) main;;
|
|
esac
|
|
else
|
|
|
|
###############Getting the Protocol#############
|
|
echo -e "
|
|
1. All Traffic of TCP
|
|
2. Specific TCP Service
|
|
3. Not using a specific Protocol
|
|
4. Go back to Main Menu"
|
|
read proto_ch
|
|
case $proto_ch in
|
|
1) proto=tcp ;;
|
|
2) echo -e "Enter the TCP Service Name:"
|
|
read proto ;;
|
|
3) proto="NULL" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
###############Getting the Destination Port#############
|
|
echo -e "\nConfigure the Destination Port\n
|
|
1. Specific Destination Port
|
|
2. No Destination Port
|
|
3. Go back to Main Menu"
|
|
read port_ch
|
|
case $port_ch in
|
|
1) echo -e "Enter the Destination Port:"
|
|
read port ;;
|
|
2) prot="NULL" ;;
|
|
3) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
|
|
#############What to do With Rule#############
|
|
echo -e "\nWhat to do with Rule?
|
|
1. Accept the Packet
|
|
2. Reject the Packet
|
|
3. Drop the Packet
|
|
4. Create Log
|
|
5. Go back to Main Menu"
|
|
read rule_ch
|
|
case $rule_ch in
|
|
1) rule="ACCEPT" ;;
|
|
2) rule="REJECT" ;;
|
|
3) rule="DROP" ;;
|
|
4) rule="LOG" ;;
|
|
5) main;;
|
|
esac
|
|
fi
|
|
}
|
|
###################Generating the Rule####################
|
|
buildfirewallprogram
|
|
|
|
function generate_rule_single_ip()
|
|
{
|
|
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
|
gen=1
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
|
|
gen=2
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule"
|
|
gen=3
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
|
gen=4
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=5
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
|
|
gen=6
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
|
|
gen=7
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=8
|
|
fi
|
|
|
|
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
|
read yesno
|
|
|
|
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
|
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
|
$IPT -A $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
|
$IPT -A $chain -s $ip_source -i $interface --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
|
$IPT -A $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
|
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
|
$IPT -A $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
|
$IPT -A $chain -s $ip_source -d $ip_dest --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
|
$IPT -A $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 2 ]; then
|
|
|
|
main
|
|
fi
|
|
|
|
}
|
|
|
|
function generate_rule_multiple_ip()
|
|
{
|
|
for ipdetails in `cat $ip_source`
|
|
do
|
|
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
|
gen=1
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
|
|
gen=2
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule"
|
|
gen=3
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
|
gen=4
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=5
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
|
|
gen=6
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
|
|
gen=7
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=8
|
|
fi
|
|
done
|
|
|
|
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
|
read yesno
|
|
for ipdetails in `cat $ip_source`
|
|
do
|
|
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
|
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
|
$IPT -A $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
|
$IPT -A $chain -s $ipdetails -i $interface --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
|
$IPT -A $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
|
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
|
$IPT -A $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
|
$IPT -A $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
|
$IPT -A $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 2 ]; then
|
|
main
|
|
fi
|
|
done
|
|
}
|
|
|
|
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
|
read temp
|
|
echo -e "The Generated Rule is \n"
|
|
##CHOSE TO LOOP A FILE OR A SINGLE IP ADDRESS ###################################
|
|
|
|
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
|
|
generate_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
|
$IPTSAVE
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp
|
|
main
|
|
else
|
|
generate_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
|
$IPTSAVE
|
|
echo -e "Press Enter key to Continue..."
|
|
read temp
|
|
main
|
|
fi
|
|
|
|
}
|
|
|
|
##############################DELETE FIREWALL PROGRAM BEGINS FROM HERE###############################
|
|
function delfirewall()
|
|
{
|
|
function deleteonerule ()
|
|
{
|
|
echo -e "
|
|
1. Delete one rule
|
|
2. Go back to Main Menu"
|
|
read opt_delete_one_rule
|
|
|
|
case $opt_delete_one_rule in
|
|
1) echo -e "\nPlease Eneter the Rule."
|
|
read one_rule ;;
|
|
2) main;;
|
|
*) echo -e "Wrong Option Selected"
|
|
esac
|
|
echo "$one_rule"| sed 's/-A/-D/g'
|
|
echo "Do you want to remove this rule, Yes=1 , No=2"
|
|
read yesno
|
|
|
|
if [ $yesno == 1 ] ; then
|
|
$IPT `echo $one_rule | sed 's/-A/-D/g'`
|
|
else
|
|
main
|
|
fi
|
|
}
|
|
|
|
function delprogram ()
|
|
{
|
|
###############Getting the Chain############
|
|
clear
|
|
echo -e "Using Which Chain of Filter Table?\n
|
|
1. INPUT
|
|
2. OUTPUT
|
|
3. Forward
|
|
4. Go back to Main Menu"
|
|
read opt_ch
|
|
case $opt_ch in
|
|
1) chain="INPUT" ;;
|
|
2) chain="OUTPUT" ;;
|
|
3) chain="FORWARD" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong Option Selected!!!"
|
|
esac
|
|
|
|
#########Getting Source IP Address##########
|
|
|
|
echo -e "
|
|
1. Firewall using Single Source IP
|
|
2. Firewall using Source Subnet
|
|
3. Firewall using for All Source Networks
|
|
4. Firewall choose a source file containing ip addesses
|
|
5. Go back to Main Menu"
|
|
read opt_ip_srource
|
|
|
|
case $opt_ip_srource in
|
|
1) echo -e "\nPlease Enter the IP Address of the Source"
|
|
read ip_source ;;
|
|
2) echo -e "\nPlease Enter the Source Subnet (e.g 192.168.10.0/24)"
|
|
read ip_source ;;
|
|
3) ip_source="0/0" ;;
|
|
4) echo -e "\nPlease Enter the file name."
|
|
read ip_source ;;
|
|
5) main;;
|
|
#6) ip_source = "NULL" ;;
|
|
*) echo -e "Wrong Option Selected"
|
|
esac
|
|
##############Chose interface###############
|
|
echo -e " \nDo you want to Configure a Network Interface or a Destination Networks?\n
|
|
1. Configure a Network Interface
|
|
2. Configure a Destination Networks Only
|
|
3. Go back to Main Menu"
|
|
read opt_int
|
|
case $opt_int in
|
|
1) echo -e "\nPlease Enter a Network Interface."
|
|
read interface ;;
|
|
2) interface="NULL" ;;
|
|
3) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
if [ $opt_int == "2" ]; then
|
|
#########Getting Destination IP Address##########
|
|
echo -e "Please Enter the IP Address of the Destination\n
|
|
1. Firewall using Single Destination IP
|
|
2. Firewall using Destination Subnet
|
|
3. Firewall using for All Destination Networks
|
|
4. Go back to Main Menu"
|
|
|
|
read opt_ip_dest
|
|
case $opt_ip_dest in
|
|
1) echo -e "\nPlease Enter the IP Address of the Destination"
|
|
read ip_dest ;;
|
|
2) echo -e "\nPlease Enter the Destination Subnet (e.g 192.168.10.0/24)"
|
|
read ip_dest ;;
|
|
3) ip_dest="0/0" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong Option Selected"
|
|
esac
|
|
|
|
###############Getting the Protocol#############
|
|
echo -e "
|
|
1. All Traffic of TCP
|
|
2. Specific TCP Service
|
|
3. Not using a specific Protocol
|
|
4. Go back to Main Menu"
|
|
read proto_ch
|
|
case $proto_ch in
|
|
1) proto=tcp ;;
|
|
2) echo -e "Enter the TCP Service Name:"
|
|
read proto ;;
|
|
3) proto="NULL" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
###############Getting the Destination Port#############
|
|
echo -e "\nConfigure the Destination Port\n
|
|
1. Specific Destination Port
|
|
2. No Destination Port
|
|
3. Go back to Main Menu"
|
|
read port_ch
|
|
case $port_ch in
|
|
1) echo -e "Enter the Destination Port:"
|
|
read port ;;
|
|
2) prot="NULL" ;;
|
|
3) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
|
|
#############What to do With Rule#############
|
|
echo -e "\nWhat to do with Rule?
|
|
1. Accept the Packet
|
|
2. Reject the Packet
|
|
3. Drop the Packet
|
|
4. Create Log
|
|
5. Go back to Main Menu"
|
|
read rule_ch
|
|
case $rule_ch in
|
|
1) rule="ACCEPT" ;;
|
|
2) rule="REJECT" ;;
|
|
3) rule="DROP" ;;
|
|
4) rule="LOG" ;;
|
|
5) main;;
|
|
esac
|
|
else
|
|
|
|
###############Getting the Protocol#############
|
|
echo -e "
|
|
1. All Traffic of TCP
|
|
2. Specific TCP Service
|
|
3. Not using a specific Protocol
|
|
4. Go back to Main Menu"
|
|
read proto_ch
|
|
case $proto_ch in
|
|
1) proto=tcp ;;
|
|
2) echo -e "Enter the TCP Service Name:"
|
|
read proto ;;
|
|
3) proto="NULL" ;;
|
|
4) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
###############Getting the Destination Port#############
|
|
echo -e "\nConfigure the Destination Port\n
|
|
1. Specific Destination Port
|
|
2. No Destination Port
|
|
3. Go back to Main Menu"
|
|
read port_ch
|
|
case $port_ch in
|
|
1) echo -e "Enter the Destination Port:"
|
|
read port ;;
|
|
2) prot="NULL" ;;
|
|
3) main;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
|
|
#############What to do With Rule#############
|
|
echo -e "\nWhat to do with Rule?
|
|
1. Accept the Packet
|
|
2. Reject the Packet
|
|
3. Drop the Packet
|
|
4. Create Log
|
|
5. Go back to Main Menu"
|
|
read rule_ch
|
|
case $rule_ch in
|
|
1) rule="ACCEPT" ;;
|
|
2) rule="REJECT" ;;
|
|
3) rule="DROP" ;;
|
|
4) rule="LOG" ;;
|
|
5) main;;
|
|
esac
|
|
fi
|
|
|
|
###################Generating the Rule####################
|
|
|
|
function del_rule_single_ip()
|
|
{
|
|
|
|
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
|
gen=1
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule"
|
|
gen=2
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule"
|
|
gen=3
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule"
|
|
gen=4
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=5
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule"
|
|
gen=6
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule"
|
|
gen=7
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=8
|
|
fi
|
|
|
|
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
|
read yesno
|
|
|
|
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
|
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
|
$IPT -D $chain -s $ip_source -i $interface -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
|
$IPT -D $chain -s $ip_source -i $interface --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
|
$IPT -D $chain -s $ip_source -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
|
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
|
$IPT -D $chain -s $ip_source -d $ip_dest -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
|
$IPT -D $chain -s $ip_source -d $ip_dest --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
|
$IPT -D $chain -s $ip_source -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 2 ]; then
|
|
main
|
|
fi
|
|
}
|
|
|
|
function del_rule_multiple_ip()
|
|
{
|
|
for ipdetails in `cat $ip_source`
|
|
do
|
|
if [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
|
gen=1
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule"
|
|
gen=2
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule"
|
|
gen=3
|
|
elif [ $opt_int == 1 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule"
|
|
gen=4
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=5
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 2 ] && [ $port_ch == 1 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule"
|
|
gen=6
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 3 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule"
|
|
gen=7
|
|
elif [ $opt_int == 2 ] && [ $proto_ch == 1 ] && [ $port_ch == 2 ]; then
|
|
echo "$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule"
|
|
gen=8
|
|
fi
|
|
done
|
|
|
|
echo -e "\n\tDo you want to Enter and Save the Above rule to the IPTABLES? Yes=1 , No=2"
|
|
read yesno
|
|
for ipdetails in `cat $ip_source`
|
|
do
|
|
if [ $yesno == 1 ] && [ $gen == 1 ]; then
|
|
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 2 ]; then
|
|
$IPT -D $chain -s $ipdetails -i $interface -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 3 ]; then
|
|
$IPT -D $chain -s $ipdetails -i $interface --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 4 ]; then
|
|
$IPT -D $chain -s $ipdetails -i $interface -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 5 ]; then
|
|
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 6 ]; then
|
|
$IPT -D $chain -s $ipdetails -d $ip_dest -p $proto --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 7 ]; then
|
|
$IPT -D $chain -s $ipdetails -d $ip_dest --dport $port -j $rule
|
|
elif [ $yesno == 1 ] && [ $gen == 8 ]; then
|
|
$IPT -D $chain -s $ipdetails -d $ip_dest -p tcp --dport $port -j $rule
|
|
elif [ $yesno == 2 ]; then
|
|
main
|
|
fi
|
|
done
|
|
}
|
|
|
|
echo "$opt_ip_srource"
|
|
echo -e "\n\tPress Enter key to Generate the Complete Rule!!!"
|
|
read temp
|
|
echo -e "The Generated Rule is \n"
|
|
if [ $opt_ip_srource == "1" ] || [ $opt_ip_srource == "2" ] ; then
|
|
del_rule_single_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
|
$IPTSAVE
|
|
else
|
|
del_rule_multiple_ip 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log
|
|
$IPTSAVE
|
|
fi
|
|
|
|
}
|
|
echo -e "\t**********************|Delete your Iptable Menu|***************************\n
|
|
1. Delete a Custum Rule
|
|
2. Delete one Rule
|
|
3. Back to Main Menu"
|
|
|
|
read opt_delfirewall
|
|
case $opt_delfirewall in
|
|
1) delprogram ;;
|
|
2) deleteonerule 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
|
3) main ;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
|
|
}
|
|
|
|
|
|
function main()
|
|
{
|
|
ROOT_UID=0
|
|
if [ $UID == $ROOT_UID ];
|
|
then
|
|
clear
|
|
opt_main=1
|
|
while [ $opt_main != 6 ]
|
|
do
|
|
echo -e "************************************************************************"
|
|
#############Check Whether the iptables installed or not############
|
|
echo -e "\t**********************|Main Menu|***************************\n
|
|
1. Check Iptables Package\n
|
|
2. Iptables Services\n
|
|
3. Build Your Firewall with Iptables\n
|
|
4. Delete Your Firewall with Iptables\n
|
|
6. Exit"
|
|
read opt_main
|
|
case $opt_main in
|
|
1) echo -e "******************************"
|
|
rpm -q iptables
|
|
echo -e "******************************" ;;
|
|
2) checkstatus 2>&1 | tee -a IpTab_$(date +%Y%m%d%H%M).log ;;
|
|
3) buildfirewall ;;
|
|
4) delfirewall ;;
|
|
6) exit 0 ;;
|
|
*) echo -e "Wrong option Selected!!!"
|
|
esac
|
|
done
|
|
else
|
|
echo -e "You Must be the ROOT to Perfom this Task!!!"
|
|
fi
|
|
}
|
|
main
|
|
exit 0 |