• iptables 配置脚本


    
    
    #!/bin/bash
    ##############USMAN AKRAM "FA05-BTN-005" (~*Lucky*~) BTN-6########
    ######COMSATS INSTITUTE OF INFORMATION TECHNOLOGY - ABBOTTABAD####
    echo -e "****************Welcome*************"
    ###############################IPTABLE SERVICES PROGRAM BEGINS HERE###############################
    checkstatus()
     {
      opt_checkstatus=1
     while [ $opt_checkstatus != 7 ]
          do
           clear
      #echo -e "
    Choose the Option Bellow!!!
    
      echo -e "
    	*****Note: Save your Iptables before stop/Restart the iptables Services*****
    "
      echo -e "   1. Save the iptables
    
       2. Status of Iptables
    
       3. Start iptables Services
    
       4. Stop iptables Services
    
       5. Restart iptable Services
    
       6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**)
    
       7. Go back to Main Menu"
      read opt_checkstatus
      case $opt_checkstatus in
       1) echo -e "*******************************************************
    " 
                   /etc/init.d/iptables save 
          echo -e "
    *******************************************************
    "
        echo -e "Press Enter key to Continue..."
        read temp;;
       2) echo -e "*******************************************************
    "
                   /etc/init.d/iptables status 
          echo -e "*******************************************************"
                                    echo -e "Press Enter key to Continue..."
                                         read temp;;
       3) echo -e "*******************************************************
    "  
                   /etc/init.d/iptables start 
          echo -e "*******************************************************
    "
                                     echo -e "Press Enter key to Continue..."
                                           read temp;;
       
       4) echo -e "*******************************************************
    "
                   /etc/init.d/iptables stop
          echo -e "*******************************************************
    "
                                    echo -e "Press Enter key to Continue..."
                                         read temp;;
         
                 5) echo -e "*******************************************************
    "
                          /etc/init.d/iptables restart 
          echo -e "*******************************************************
    "
                                    echo -e "Press Enter key to Continue..."
                                         read temp;;
       6) iptables -F 
       echo -e "*******************************************************"
       echo -e "All the Rules from the Iptables are Flushed!!!"
       echo -e "*******************************************************
    "
                                    echo -e "Press Enter key to Continue..."
                                     read temp;;
       7) main;;
       *) echo -e "Wrong Option Selected!!!"
      esac
     done
     }
    ###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### 
    buildfirewall()
     {
      ###############Getting the Chain############
      echo -e "Using Which Chain of Filter Table?
    
      1. INPUT
      2. OUTPUT
      3. Forward"
      read opt_ch
      case $opt_ch in
       1) chain="INPUT" ;;
       2) chain="OUTPUT" ;;
       3) chain="FORWARD" ;;
       *) echo -e "Wrong Option Selected!!!"
      esac
     
      #########Getting Source IP Address##########
      #Label
       
      echo -e "
      1. Firewall using Single Source IP
    
      2. Firewall using Source Subnet
    
      3. Firewall using for All Source Networks
    "
      read opt_ip
       
      case $opt_ip in
       1) echo -e "
    Please Enter the IP Address of the Source"
       read ip_source ;;
       2) echo -e "
    Please Enter the Source Subnet (e.g 192.168.10.0/24)"
       read ip_source ;;
       3) ip_source="0/0" ;;
       #4) ip_source = "NULL" ;;
       *) echo -e "Wrong Option Selected"
      esac
      #########Getting Destination IP Address##########
       echo -e "
      1. Firewall using Single Destination IP
    
                    2. Firewall using Destination Subnet
    
             3. Firewall using for All Destination Networks
    "
      
         read opt_ip
                  case $opt_ip in
            1) echo -e "
    Please Enter the IP Address of the Destination"
                         read ip_dest ;;
                   2) echo -e "
    Please Enter the Destination Subnet (e.g 192.168.10.0/24)"
                         read ip_dest ;;
                   3) ip_dest="0/0" ;;
            #4) ip_dest = "NULL" ;;
                   *) echo -e "Wrong Option Selected"
           esac
           ###############Getting the Protocol#############
           echo -e "
           1. Block All Traffic of TCP
           2. Block Specific TCP Service
           3. Block Specific Port
           4. Using no Protocol"
           read proto_ch
           case $proto_ch in
            1) proto=TCP ;;
            2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)"
           read proto ;;
            3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)" 
           read proto ;;
            4) proto="NULL" ;;
            *) echo -e "Wrong option Selected!!!"
           esac
     
           #############What to do With Rule############# 
           echo -e "What to do with Rule?
           1. Accept the Packet
           2. Reject the Packet
           3. Drop the Packet
           4. Create Log"
           read rule_ch
           case $rule_ch in 
            1) rule="ACCEPT" ;;
            2) rule="REJECT" ;;
            3) rule="DROP" ;;
            4) rule="LOG" ;;
           esac
    ###################Generating the Rule####################
    echo -e "
    	Press Enter key to Generate the Complete Rule!!!"
    read temp
    echo -e "The Generated Rule is 
    "
    if [ $proto == "NULL" ]; then
     echo -e "
    iptables -A $chain -s $ip_source -d $ip_dest -j $rule
    "
     gen=1
    else
     echo -e "
    iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule
    "
     gen=2
    fi 
    echo -e "
    	Do you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2"
    read yesno
    if [ $yesno == 1 ] && [ $gen == 1 ]; then
     iptables -A $chain -s $ip_source -d $ip_dest -j $rule
    else if [ $yesno == 1 ] && [ $gen == 2 ]; then
     iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule         
       
    else if [ $yesno == 2 ]; then
     
     main
    fi
    fi
    fi
    }
          
    main()
    {
     ROOT_UID=0
     if [ $UID == $ROOT_UID ];
     then
     clear
     opt_main=1
     while [ $opt_main != 4 ]
     do
    echo -e "///////////////////
    " 
    #############Check Whether the iptables installed or not############ 
     echo -e "	*****Main Menu*****
    
     1. Check Iptables Package
    
     2. Iptables Services
    
     3. Build Your Firewall with Iptables
    
     4. Exit"
     read opt_main
     case $opt_main in
      1) echo -e "******************************"
        rpm -q iptables 
         echo -e "******************************" ;;
      2) checkstatus ;;
      3) buildfirewall ;;
      4) exit 0 ;;
      *) echo -e "Wrong option Selected!!!"
     esac
    done
    else
     echo -e "You Must be the ROOT to Perfom this Task!!!"
    fi
    }
    main
    exit 0
    View Code
    
    
    
     
  • 相关阅读:
    Python学习笔记4—列表List
    Python学习笔记3—字符串
    电力项目十六--数据字典二
    电力项目十五--数据字典
    maven项目引入jar包
    电力项目十四--js添加highslider特效
    电力项目十三--js添加浮动框
    电力项目十二--运行监控中添加进度条
    panzer 电力项目十一--hibernate操作大文本字段Blob和Clob
    电力项目十--整合文本编辑器
  • 原文地址:https://www.cnblogs.com/carry00/p/10287692.html
Copyright © 2020-2023  润新知