Firewall

Pubblicato il di

Questo è uno stupidissimo script bash che tramite poche domande configura un firewall generico.

#!/bin/bash
#
#
IPTABLES="/sbin/iptables"
INTERFACE="0"
SSH_PORT=""
WWW_PORT=""
FTP_PORT=""

echo -e "\n\n ***********************************"
echo " * Read README.TXT before use it ! *"
echo -e " *********************************** \n\n"
if [ $INTERFACE = "0"  ]
then
echo "Enter by with interface you are connect to the net"
echo " Exemple : eth0 ppp0...."
read answer
INTERFACE=answer
echo -e "\n\n Enter here if you want to open ssh port"
echo " Enter [Y]es \ [N]o "
read answer
if [ $answer = "Y" ] || [ $answer = "y" ]
then
SSH_PORT="ACCEPT"
else
SSH_PORT="DROP"
fi
echo -e "\n\n Enter here if you want to open www port"
echo " Enter [Y]es \ [N]o "
read answer
if [ $answer = "Y" ] || [ $answer = "y" ]
then
WWW_PORT="ACCEPT"
else
WWW_PORT="DROP"
fi

echo -e "\n\n Enter here if you want to open ftp server port"
echo " Enter [Y]es \ [N]o "
read answer
if [ $answer = "Y" ] || [ $answer = "y" ]
then
FTP_PORT="ACCEPT"
else
FTP_PORT="DROP"
fi
fi
###   Flush Rules
$IPTABLES -F INPUT
$IPTABLES -F OUTPUT

###   Drop All
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD DROP

###   INPUT Rules
$IPTABLES -A INPUT -i $INTERFACE -p tcp --dport 22 -j $SSH_PORT
$IPTABLES -A INPUT -i $INTERFACE -p tcp --dport 80 -j $WWW_PORT
$IPTABLES -A INPUT -i $INTERFACE -p tcp --dport 21 -j $FTP_PORT
$IPTABLES -A INPUT -i $INTERFACE -s 0.0.0.0/0 -p icmp --icmp-type echo-reply -j ACCEPT
$IPTABLES -A INPUT -i $INTERFACE -s 0.0.0.0/0 -p tcp ! --syn -j ACCEPT
$IPTABLES -A INPUT -i $INTERFACE -s 0.0.0.0/0 -p udp -j ACCEPT

$IPTABLES -L

## End Bash Script

ATTENZIONE !!!!!

*********************************************
* !! Read this before use Open_Firewall !! *
*********************************************

This is a firewall to protect yours system on the net.
If you run Open_Firewall ( as root ) it ask you all configuration parameters.
If you what to run it, in yous Pc without asking every times the configurations, you can *****modify***** the line 2-3-4-5 in files Open_Firewall.

In line call
INTERFACE=”0″ you can write INTERFACE=”eth0″ if you are using eth0 interfaces or INTERFACE=”ppp0″ if you use a connection by ppp0.
In line SSH_PORT=”” , WWW_PORT=””, FTP_PORT=””, you put ACCEPT if you whant to open the port, esle DROP.

DONT LEAVE IT BLACK IF YOU MODIFY INTERFACE=”0″

For example you can write

INTERFACE=”ppp0″
SSH_PORT=”ACCEPT”
WWW_PORT=”DROP”
FTP_PORT=”DROP”

or

INTERFACE=”eth3″
SSH_PORT=”ACCEPT”
WWW_PORT=”DROP”
FTP_PORT=”DROP”

Have a nice day….

Open Firewall (tar.gz)

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *