iptables --- auto script
来源:互联网 发布:python检测sql注入 编辑:程序博客网 时间:2024/06/08 02:04
#!/bin/bash## configuration iptables# ///////////////////////////////////////////////////////////# Author: nixawk# Webpage: http://blog.csdn.net/nixawk# Date: Dec 9 05:59:16 EST 2014# ///////////////////////////////////////////////////////////# ============================================================# Initialize all settings (iptables, srcip, dstip, and so on)# ============================================================# Check current user permision.if [[ "$UID" -ne 0 ]];then echo "[-] Must be root to execute it."fi# Get iptables pathIPTSBIN="$(which iptables)"INTERFACE="eth0"if [[ -e "$IPTSBIN" ]];then echo "$IPTSBIN"else echo "[-] could not find iptables" exit 1fi# Get source ip (TCP data out, from localhost)SRCIP=`ip addr show $INTERFACE | grep "inet " |awk -F " " '{print $2}' | awk -F "/" '{print $1}'`# Get destination ip (TCP data out, from localhost)DSTIP="0.0.0.0/0"## ============================================================# set default filter policy to [DROP]# ============================================================function filter_default_policy { echo "[+] iptable filter: from [ACCEPT] to [DROP]" $IPTSBIN -t filter -P INPUT DROP $IPTSBIN -t filter -P OUTPUT DROP $IPTSBIN -t filter -P FORWARD DROP}# # ============================================================# TCP Filter (data otside or inside)# ============================================================function filter_tcp_out { local proto="TCP" echo "[+] ----> filter $proto outside" while [ -n "$1" ]; do rule="$IPTSBIN -t filter -A OUTPUT --proto ${proto} --source ${SRCIP} --destination ${DSTIP} --destination-port ${1} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" echo "$rule" `$rule` # execute command shift done }function filter_tcp_in { local proto="tcp" echo "[+] ----> filter $proto inside" while [ -n "$1" ]; do rule="$IPTSBIN -t filter -A INPUT --proto ${proto} --source ${DSTIP} --destination ${SRCIP} --source-port ${1} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" echo $rule `$rule` shift done }## ===========================================================# UDP Filter (UDP data outside or inside)# ===========================================================function filter_udp_out { local proto="udp" echo "[+] ----> filter $proto outside " while [ -n "$1" ]; do rule="$IPTSBIN -t filter -A OUTPUT --proto ${proto} --source ${SRCIP} --destination ${DSTIP} --destination-port ${1} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT" echo $rule | bash -x shift done }function filter_udp_in { local proto="udp" echo "[+] ----> filter $proto inside " while [ -n "$1" ]; do rule="$IPTSBIN -t filter -A INPUT --proto ${proto} --source ${DSTIP} --destination ${SRCIP} --source-port ${1} -m state --state ESTABLISHED,RELATED -j ACCEPT" echo $rule | bash -x shift done }## ===========================================================# ICMP Filter # ===========================================================function filter_icmp_out { local proto="icmp" echo "[+] ----> filter $proto outside" # DROP ICMP REPLY FROM LOCALHOST rule="$IPTSBIN -t filter -A OUTPUT --proto ${proto} --source ${SRCIP} --destination ${DSTIP} --icmp-type echo-request -j ACCEPT" echo $rule | bash -x} function filter_icmp_in { local proto="icmp" echo "[+] ----> filter $proto inside" # ALLOW ICMP REQUEST rule="$IPTSBIN -t filter -A INPUT --proto ${proto} --source ${DSTIP} --destination ${SRCIP} --icmp-type echo-reply -j ACCEPT" echo $rule | bash -x }## ============================================================# Flush IPTABLES Rules# ============================================================function flush_rules { $IPTSBIN -t filter -P INPUT ACCEPT $IPTSBIN -t filter -P OUTPUT ACCEPT $IPTSBIN -t filter -P FORWARDD ACCEPT rule="$IPTSBIN -t filter -F" echo "$rule" | bash -x}## ============================================================# List IPTABLES Rules# ============================================================function list_rules { rule="$IPTSBIN -L -n -v" echo "$rule" | bash -x}## =============================# Main # +============================flush_rules # flush iptables rules, default rules action is ACCEPT.filter_default_policy # Translate [ACCEPT] to [DROP] # ------------------------filter_tcp_out 25 80 110 443 8080 # filter TCP DATA OUTSIDE, PORT 80/...filter_tcp_in 25 80 110 443 8080 # filter TCP DATA INSIDE, # ------------------------ # ------------------------filter_udp_out 53 # filter UDP outsidefilter_udp_in 53 # # ------------------------ # ------------------------filter_icmp_out # filter icmp outsidefilter_icmp_in # filter icmp inside # ------------------------list_rules # list current rules
0 0
- iptables --- auto script
- auto config ip script
- Auto run script
- 一支反砍站的 iptables script
- debug iptables script
- simple auto backup ftp script
- oracle auto backup shell script
- Auto script软件(UWSC,AutoIt,WinBatch)
- SQL server Management Studio Express auto generate change script
- One of detailed iptables script as a good reference
- "auto"
- auto
- auto
- auto
- auto
- auto,
- auto
- AUTO
- 由8086看汇编语言之--MOV编
- C语言(四)
- 【汇编指令】数据处理指令之算术指令集
- 记录点滴之优化应用性能:Activity里面不要使用静态常量
- 批量删除
- iptables --- auto script
- camera录像过程一
- 想要月入10万以上??那就把它背下来!
- 加载位图并按比例缩放显示
- Gprof在Windows下的使用
- Theano深度学习入门
- DFS
- 并行化资源池队列1——部分有界队列
- Jquery的pagination前端分页技术,带查询功能