import osimport refrom subprocess import check_output, calldef get_ips

1. import os
2. import re
3. from subprocess import check_output, call
4.  
5.  
6. def get_ips():
7.     lines = check_output(['ip', 'addr', 'show']).split("\n")
8.     ips = []
9.     for line in lines:
10.         aa=re.match(r"inet (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})",line.strip())
11.         if aa:
12.             ip = aa.group(1)
13.             if ip != "127.0.0.1":
14.                 ips.append(ip)
15.                 user = ip.replace(".","")
16.     return ips             
17.  
18. def get_users():
19.     lines = check_output(['cat','/etc/passwd']).split("\n")
20.     users = []
21.     for line in lines:
22.         aa=re.match(r"(ip\d+).+", line.strip())
23.         if aa:
24.             users.append(aa.group(1))
25.     return users
26.  
27. def create_users(count):
28.     for i in range(1,count+1):
29.         os.system("useradd -M -N ip{}".format(i))
30.         os.system("echo \"prx\nprx\n\" | passwd ip{}".format(i))
31.  
32.  
33. def print_ips(ips):
34.     lines = []
35.     for i in range(0,len(ips)):
36.         lines.append("IP{}=\"{}\"".format(i, ips[i]))
37.     return "\n".join(lines)
38.  
39. def print_marks(ips, users):
40.     lines = []
41.     for i in range(0, len(ips)):
42.         lines.append("$IPT -t mangle -A OUTPUT -m owner --uid-owner {} -j MARK --set-mark 0x{}".format(users[i], i+1))
43.     return "\n".join(lines)
44.  
45. def print_trans(ips):
46.     lines = []
47.     for i in range(0, len(ips)):
48.         lines.append("$IPT -t nat -A POSTROUTING -m mark --mark 0x{} -j SNAT --to-source $IP{}".format(i+1, i))
49.     return "\n".join(lines)
50.  
51. def main():
52.     ips = get_ips()
53.     users = get_users()
54.     if len(ips) > len(users):
55.         create_users(len(ips))
56.         users = get_users()
57.  
58.  
59.     pips = print_ips(ips)
60.     marks = print_marks(ips, users)
61.     trans = print_trans(ips)
62.     print_conf(pips, marks, trans)
63.  
64.  
65. def print_conf(pips, marks, trans):
66.     s = """
67. #!/bin/bash
68.  
69. IPT="/sbin/iptables"
70.  
71. {}
72.  
73. # Flush old rules
74. $IPT -F
75. $IPT -F -t nat
76. $IPT -F -t mangle
77. $IPT -X
78. $IPT -X -t nat
79. $IPT -X -t mangle
80.  
81. # Set default policies
82. $IPT -P INPUT ACCEPT
83. $IPT -P FORWARD ACCEPT
84. $IPT -P OUTPUT ACCEPT
85.  
86. # Mark packages
87. {}
88.  
89. # Accept all traffic through the loopback interface
90. $IPT -A INPUT -i lo -j ACCEPT
91.  
92. # Accept traffic of established connetctions
93. $IPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
94.  
95. # Accept safe ICMP requests
96. $IPT -A INPUT -p icmp --icmp-type 3 -j ACCEPT
97. $IPT -A INPUT -p icmp --icmp-type 8 -j ACCEPT
98. $IPT -A INPUT -p icmp --icmp-type 12 -j ACCEPT
99.  
100. # Accept SSH
101. $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22 -j ACCEPT
102. $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22101 -j ACCEPT
103. $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22102 -j ACCEPT
104. $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22103 -j ACCEPT
105. $IPT -A INPUT -p tcp -m conntrack --ctstate NEW --dport 22104 -j ACCEPT
106.  
107. # Public IP translation
108. {}
109.     """.format(pips,marks, trans)
110.  
111.     print(s)   
112.  
113. if __name__ == '__main__':
114.     main()