-
Notifications
You must be signed in to change notification settings - Fork 0
/
custom_firewall.sh
executable file
·104 lines (93 loc) · 2.63 KB
/
custom_firewall.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
#!/bin/bash
LogFile="/var/log/customfw.log"
LogMessage(){
echo "$(date "+%F %T") - $1 - $2" >> $LogFile
}
custom_fw_start(){
while read line; do
$line
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Successfully added iptables rule: $line"
else
LogMessage "ERROR" "Adding rule: $line - RetCode: $RetCode"
exit 11
fi
done < /etc/iptables/iptables.rules
}
custom_fw_stop(){
forward_rule_num=$(iptables -L FORWARD --line-numbers | grep anywhere | awk '{print $1}')
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Found forward rule with priority: $forward_rule_number"
iptables -D FORWARD $forward_rule_num
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Succesfully deleted forward rule"
else
LogMessage "ERROR" "Deleting forward rule. RetCode: $RetCode"
fi
else
LogMessage "ERROR" "Getting the number of the forward rule. RetCode: $RetCode"
fi
postrouting_rule_num=$(iptables -t nat -L POSTROUTING --line-numbers | grep 39 | awk '{print $1}')
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Found postrouting rule with priority: $postrouting_rule_num"
iptables -t nat -D POSTROUTING $postrouting_rule_num
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Succesfully deleted postrouting rule"
else
LogMessage "ERROR" "Deleting postrouting rule. RetCode: $RetCode"
fi
else
LogMessage "ERROR" "Getting the number of the forward rule. RetCode: $RetCode"
fi
}
ipforward_start(){
sysctl net.ipv4.ip_forward=1
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Succesfully enabled net.ipv4.ip_forward"
else
LogMessage "ERROR" "Enabling net.ipv4.ip_forward. RetCode: $RetCode"
fi
}
ipforward_stop(){
sysctl net.ipv4.ip_forward=0
RetCode=$?
if [ $RetCode -eq 0 ]; then
LogMessage "INFO" "Succesfully disabled net.ipv4.ip_forward"
else
LogMessage "ERROR" "Disabling net.ipv4.ip_forward. RetCode: $RetCode"
fi
}
############################
case "$1" in
start)
LogMessage "INFO" "---- Enabling conf ----"
LogMessage "INFO" "starting custom fw"
custom_fw_start
LogMessage "INFO" "enabling ipforward"
ipforward_start
;;
stop)
LogMessage "INFO" "---- Disabling firewall ----"
LogMessage "INFO" "stopping custom fw"
custom_fw_stop
LogMessage "INFO" "disabling ipforward"
ipforward_stop
;;
restart)
LogMessage "INFO" "---- Restarting firewall ----"
LogMessage "INFO" "stopping custom fw"
custom_fw_stop
LogMessage "INFO" "disabling ipforward"
ipforward_stop
LogMessage "INFO" "starting custom fw"
custom_fw_start
LogMessage "INFO" "enabling ipforward"
ipforward_start
;;
esac