#!/bin/bash ##############USMAN AKRAM "FA05-BTN-005" (~*Lucky*~) BTN-6######## ######COMSATS INSTITUTE OF INFORMATION TECHNOLOGY - ABBOTTABAD#### echo -e "****************Welcome*************" ###############################IPTABLE SERVICES PROGRAM BEGINS HERE############################### checkstatus() { opt_checkstatus=1 while [ $opt_checkstatus != 7 ] do clear #echo -e " Choose the Option Bellow!!! echo -e " *****Note: Save your Iptables before stop/Restart the iptables Services***** " echo -e " 1. Save the iptables 2. Status of Iptables 3. Start iptables Services 4. Stop iptables Services 5. Restart iptable Services 6. Flush iptables (**Use Carefully_it will remove all the rules from iptables**) 7. Go back to Main Menu" read opt_checkstatus case $opt_checkstatus in 1) echo -e "******************************************************* " /etc/init.d/iptables save echo -e " ******************************************************* " echo -e "Press Enter key to Continue..." read temp;; 2) echo -e "******************************************************* " /etc/init.d/iptables status echo -e "*******************************************************" echo -e "Press Enter key to Continue..." read temp;; 3) echo -e "******************************************************* " /etc/init.d/iptables start echo -e "******************************************************* " echo -e "Press Enter key to Continue..." read temp;; 4) echo -e "******************************************************* " /etc/init.d/iptables stop echo -e "******************************************************* " echo -e "Press Enter key to Continue..." read temp;; 5) echo -e "******************************************************* " /etc/init.d/iptables restart echo -e "******************************************************* " echo -e "Press Enter key to Continue..." read temp;; 6) iptables -F echo -e "*******************************************************" echo -e "All the Rules from the Iptables are Flushed!!!" echo -e "******************************************************* " echo -e "Press Enter key to Continue..." read temp;; 7) main;; *) echo -e "Wrong Option Selected!!!" esac done } ###############################BUILD FIREWALL PROGRAM BEGINS FROM HERE############################### buildfirewall() { ###############Getting the Chain############ echo -e "Using Which Chain of Filter Table? 1. INPUT 2. OUTPUT 3. Forward" read opt_ch case $opt_ch in 1) chain="INPUT" ;; 2) chain="OUTPUT" ;; 3) chain="FORWARD" ;; *) echo -e "Wrong Option Selected!!!" esac #########Getting Source IP Address########## #Label echo -e " 1. Firewall using Single Source IP 2. Firewall using Source Subnet 3. Firewall using for All Source Networks " read opt_ip case $opt_ip in 1) echo -e " Please Enter the IP Address of the Source" read ip_source ;; 2) echo -e " Please Enter the Source Subnet (e.g 192.168.10.0/24)" read ip_source ;; 3) ip_source="0/0" ;; #4) ip_source = "NULL" ;; *) echo -e "Wrong Option Selected" esac #########Getting Destination IP Address########## echo -e " 1. Firewall using Single Destination IP 2. Firewall using Destination Subnet 3. Firewall using for All Destination Networks " read opt_ip case $opt_ip in 1) echo -e " Please Enter the IP Address of the Destination" read ip_dest ;; 2) echo -e " Please Enter the Destination Subnet (e.g 192.168.10.0/24)" read ip_dest ;; 3) ip_dest="0/0" ;; #4) ip_dest = "NULL" ;; *) echo -e "Wrong Option Selected" esac ###############Getting the Protocol############# echo -e " 1. Block All Traffic of TCP 2. Block Specific TCP Service 3. Block Specific Port 4. Using no Protocol" read proto_ch case $proto_ch in 1) proto=TCP ;; 2) echo -e "Enter the TCP Service Name: (CAPITAL LETTERS!!!)" read proto ;; 3) echo -e "Enter the Port Name: (CAPITAL LETTERS!!!)" read proto ;; 4) proto="NULL" ;; *) echo -e "Wrong option Selected!!!" esac #############What to do With Rule############# echo -e "What to do with Rule? 1. Accept the Packet 2. Reject the Packet 3. Drop the Packet 4. Create Log" read rule_ch case $rule_ch in 1) rule="ACCEPT" ;; 2) rule="REJECT" ;; 3) rule="DROP" ;; 4) rule="LOG" ;; esac ###################Generating the Rule#################### echo -e " Press Enter key to Generate the Complete Rule!!!" read temp echo -e "The Generated Rule is " if [ $proto == "NULL" ]; then echo -e " iptables -A $chain -s $ip_source -d $ip_dest -j $rule " gen=1 else echo -e " iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule " gen=2 fi echo -e " Do you want to Enter the Above rule to the IPTABLES? Yes=1 , No=2" read yesno if [ $yesno == 1 ] && [ $gen == 1 ]; then iptables -A $chain -s $ip_source -d $ip_dest -j $rule else if [ $yesno == 1 ] && [ $gen == 2 ]; then iptables -A $chain -s $ip_source -d $ip_dest -p $proto -j $rule else if [ $yesno == 2 ]; then main fi fi fi } main() { ROOT_UID=0 if [ $UID == $ROOT_UID ]; then clear opt_main=1 while [ $opt_main != 4 ] do echo -e "/////////////////// " #############Check Whether the iptables installed or not############ echo -e " *****Main Menu***** 1. Check Iptables Package 2. Iptables Services 3. Build Your Firewall with Iptables 4. Exit" read opt_main case $opt_main in 1) echo -e "******************************" rpm -q iptables echo -e "******************************" ;; 2) checkstatus ;; 3) buildfirewall ;; 4) exit 0 ;; *) echo -e "Wrong option Selected!!!" esac done else echo -e "You Must be the ROOT to Perfom this Task!!!" fi } main exit 0