xispiritotables

1. #!/bin/bash
2.  
3. ###########################
4. ##Netfilter Config Script##
5. ##By xispirito -- 12/2011##
6. ###########################
7.  
8.  
9. ################
10. #Set Confs Here#
11. ################
12.  
13. #Politcs
14.  
15. #Input
16. INPUTP="DROP"
17. #Output
18. OUTPUTP="DROP"
19. #Forward
20. FORWARDP="DROP"
21.  
22. #Modules To Load
23. MODULES=""
24.  
25. #Outputs
26.  
27. #Tcp Output Ports
28. TCPOPORTS="22 53 80 8080"
29. #Udp Output Ports
30. UDPOPORTS="22 53"
31.  
32. #Iputs
33.  
34. #Tcp Input Ports
35. TCPIPORTS=""
36. #Udp Input Ports
37. UDPIPORTS=""
38. #Source Ip's Authorized To Connect On these Ports Above
39. SOURCE=""
40.  
41. #Tcp Input Ports -- Any Source
42. TCPIAPORTS=""
43. #Udp Input Ports -- Any Source
44. UDPIAPORTS=""
45.  
46.  
47. ###########
48. #Functions#
49. ###########
50.  
51. CMODULES()
52. {
53.    
54.     echo -e "[\e[32m*\e[0m] Loading Modules"
55.    
56.     modprobe $MODULES
57.  
58. }
59.  
60. DMODULES()
61. {
62.  
63.     echo -e "[\e[33m*\e[0m] Unloading Modules"
64.  
65.     modprobe -r $MODULES
66.  
67. }
68.  
69. BASE()
70. {
71.    
72.     echo -e "[\e[32m*\e[0m] Basic Rules"
73.  
74.     iptables -F
75.     iptables -X
76.  
77.     iptables -P INPUT $INPUTP
78.     iptables -P FORWARD $FORWARDP
79.     iptables -P OUTPUT $OUTPUTP
80.  
81.     iptables -A INPUT -i lo -j ACCEPT
82.     iptables -A OUTPUT -o lo -j ACCEPT
83.  
84. }
85.  
86. OUTB()
87. {
88.    
89.     echo -e "[\e[32m*\e[0m] Filtering input/output"
90.  
91.     iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
92.     iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
93.  
94.     #TCP
95.     PROTO="tcp"
96.  
97.     for i in $PROTO
98.     do
99.         for j in $TCPOPORTS
100.         do
101.             iptables -A OUTPUT -p $i --dport $j -j ACCEPT
102.         done
103.     done
104.  
105.     #UDP
106.     PROTO="udp"
107.  
108.     for i in $PROTO
109.     do
110.         for j in $UDPOPORTS
111.         do
112.             iptables -A OUTPUT -p $i --dport $j -j ACCEPT
113.         done
114.     done
115.  
116.  
117.     echo -e "[\e[34m*\e[0m] Done"
118.  
119. }
120.  
121. OUTF()
122. {
123.    
124.     echo -e "[\e[33m*\e[0m] Filtering Input Only"  
125.  
126.     iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
127.     iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
128.  
129.     echo -e "[\e[34m*\e[0m] Done"
130.  
131. }
132.  
133. INPUT()
134. {
135.  
136.     echo -e "[\e[32m*\e[0m] Set Iputs for Authorized Sources"  
137.  
138.     #TCP
139.     PROTO="tcp"
140.  
141.     for i in $PROTO
142.     do
143.         for j in $TCPIPORTS
144.         do
145.             iptables -A INPUT -p $i --dport $j -s $SOURCE -j ACCEPT
146.         done
147.     done
148.  
149.     #UDP
150.     PROTO="udp"
151.  
152.     for i in $PROTO
153.     do
154.         for j in $UDPIPORTS
155.         do
156.             iptables -A INPUT -p $i --dport $j -s $SOURCE -j ACCEPT
157.         done
158.     done
159.  
160. }
161.  
162. INPUT_ALL()
163. {
164.  
165.     echo -e "[\e[32m*\e[0m] Set Iputs for Any" 
166.  
167.     #TCP
168.     PROTO="tcp"
169.  
170.     for i in $PROTO
171.     do
172.         for j in $TCPAIPORTS
173.         do
174.             iptables -A INPUT -p $i --dport $j -j ACCEPT
175.         done
176.     done
177.  
178.     #UDP
179.     PROTO="udp"
180.  
181.     for i in $PROTO
182.     do
183.         for j in $UDPIAPORTS
184.         do
185.             iptables -A INPUT -p $i --dport $j -j ACCEPT
186.         done
187.     done
188.  
189. }
190.  
191.  
192. STOP()
193. {
194.    
195.     echo -e "[\e[31m*\e[0m] Cleaning Rules"
196.  
197.     iptables -F
198.     iptables -X
199.  
200.     iptables -A INPUT -i o -j ACCEPT
201.     iptables -A OUTPUT -o lo -j ACCEPT
202.  
203.     iptables -A INPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
204.     iptables -A OUTPUT -m state --state RELATED,ESTABLISHED,NEW -j ACCEPT
205.  
206.     echo -e "[\e[34m*\e[0m] Done"
207. }
208.  
209. HELP()
210. {
211.  
212.     echo ""
213.     echo "Usage:"
214.     echo -e "\t-s or start       Start, set Inputs from authorized and all Sources, filter Output"
215.     echo -e "\t-t or stop        Stop, unload Modules and set all to ACCEPT"
216.     echo -e "\t-r or restart\t   Restart( using start rules )"
217.     echo -e "\t-o or out         Same as start or -s, but free Output"
218.     echo -e "\t-a or noin        Same as start or -s, but no Input]"
219.     echo -e "\t-b or onoin       Same as out or -o, but no Input ]"
220.     echo -e "\t-c or authin      Same as start or -s, but only Iput in ports setted from Authorizez Sources"
221.     echo -e "\t-d or anyin       Same as start or -s, but only Input in ports setted from any( Authorized Sources Not Allowed )"
222.     echo -e "\t-e or outin       Same sa out or -o, but only Input in ports setted from Authorized Sources"
223.     echo -e "\t-f or outany      Same as out or -o, but only Input in ports setted from any( Authorized Sources Not Allowed )"
224.  
225.     echo ""
226. }
227.  
228.  
229. ##########
230. #Starting#
231. ##########
232.  
233. if [ ! $1 ];
234. then
235.     BASE
236.     CMODULES
237.     INPUT
238.     INPUT_ALL
239.     OUTB
240.     exit
241. elif [ $1 == start ];
242. then
243.     BASE
244.     CMODULES
245.     INPUT
246.     INPUT_ALL
247.     OUTB
248.     exit
249. elif [ $1 == stop ];
250. then
251.     DMODULES
252.     STOP
253.     exit
254. elif [ $1 == restart ];
255. then
256.     BASE
257.     DMODULES
258.     CMODULES
259.     INPUT
260.     INPUT_ALL
261.     OUTB
262.     exit
263. elif [ $1 == out ];
264. then
265.     BASE
266.     OUTF
267.     INPUT
268.     exit
269. elif [ $1 == noin ];
270. then
271.     BASE
272.     CMODULES
273.     OUTB
274.     exit
275. elif [ $1 == onoin ];
276. then
277.     BASE
278.     OUTF
279.     exit
280. elif [ $1 == authin ];
281. then
282.     BASE
283.     CMODULES
284.     INPUT
285.     OUTB
286.     exit
287. elif [ $1 == anyin ];
288. then
289.     BASE
290.     CMODULES
291.     INPUT_ALL
292.     OUTB
293.     exit
294. elif [ $1 == outin ];
295. then
296.     BASE
297.     INPUT
298.     OUTF
299.     exit
300. elif [ $1 == outany ];
301. then
302.     BASE
303.     INPUT_ALL
304.     OUTF
305.     exit
306. fi
307.  
308. while getopts sorthabcdef ARGM;
309. do
310.     case $ARGM in
311.     a)
312.         BASE
313.         CMODULES
314.         OUTB
315.         exit
316.         ;;
317.     b)
318.         BASE
319.         CMODULES
320.         OUTF
321.         exit
322.         ;;
323.     s)
324.         BASE
325.         CMODULES
326.         INPUT
327.         OUTB
328.         exit
329.         ;;
330.     o)
331.         BASE
332.         INPUT
333.         OUTF
334.         exit
335.         ;;
336.     r)
337.         BASE
338.         DMODULES
339.         CMODULES
340.         INPUT
341.         OUTB
342.         exit
343.         ;;
344.     t)
345.         DMODULES
346.         STOP
347.         exit
348.         ;;
349.     c)
350.         BASE
351.         CMODULES
352.         INPUT
353.         OUTB
354.         exit
355.         ;;
356.     d)
357.         BASE
358.         CMODULES
359.         INPUT_ALL
360.         OUTB
361.         exit
362.         ;;
363.     e)
364.         BASE
365.         INPUT
366.         OUTF
367.         exit
368.         ;;
369.     f)
370.         BASE
371.         INPUT_ALL
372.         OUTF
373.         exit
374.         ;;
375.     h)
376.         HELP
377.         exit
378.         ;;
379.     ?)
380.         echo -e "[\e[31m*\e[0m] Bad Argument"
381.         HELP
382.         echo -e "[\e[31m*\e[0m] Done"
383.         exit
384.         ;;
385.     esac
386. done
387.  
388.