Iptables Firewall: mudanças entre as edições

De Wiki Clusterlab.com.br
Ir para navegação Ir para pesquisar
Sem resumo de edição
 
Sem resumo de edição
Linha 1: Linha 1:
<syntaxhighlight lang=bash line=1>
function IPTABLES_CHAIN_CREATE() {
    iptables -N $1
    iptables -I $1 -p all -j DROP
}
function IPTABLES_CHAIN_ADD() {
    iptables -I $1 -p all -d $2 -j BLOQUEIO
}
function IPTABLES_CHAIN_REMOVE() {
    iptables -D $1 -p all -d $2 -j BLOQUEIO
}
function IPTABLES_CLEAR_ALL() {
  iptables -F
  iptables -X
}
IPTABLES_CHAIN_CREATE BLOQUEIO
IPTABLES_CHAIN_ADD OUTPUT 192.168.0.10/32
IPTABLES_CHAIN_ADD INPUT 192.168.0.10/32
IPTABLES_CHAIN_REMOVE OUTPUT 192.168.0.10//32
IPTABLES_CHAIN_REMOVE INPUT 192.168.0.10//32
</syntaxhighlight>
<syntaxhighlight lang=bash line=1>
<syntaxhighlight lang=bash line=1>
#!/bin/bash  
#!/bin/bash  

Edição das 20h41min de 27 de julho de 2022

function IPTABLES_CHAIN_CREATE() {
    iptables -N $1
    iptables -I $1 -p all -j DROP
}
function IPTABLES_CHAIN_ADD() {
    iptables -I $1 -p all -d $2 -j BLOQUEIO
}
function IPTABLES_CHAIN_REMOVE() {
    iptables -D $1 -p all -d $2 -j BLOQUEIO
}
function IPTABLES_CLEAR_ALL() {
  iptables -F
  iptables -X
}
IPTABLES_CHAIN_CREATE BLOQUEIO
IPTABLES_CHAIN_ADD OUTPUT 192.168.0.10/32
IPTABLES_CHAIN_ADD INPUT 192.168.0.10/32
IPTABLES_CHAIN_REMOVE OUTPUT 192.168.0.10//32
IPTABLES_CHAIN_REMOVE INPUT 192.168.0.10//32
#!/bin/bash 
function CLEARRULES() {
  iptables -F
  iptables -X
}
function HELP() {
  echo -e "\e[41mErro\e[0m"
}
function CHAIN() {
  if [ $# -eq 0 ]
  then
    HELP
    $0 stop
    exit 1
  else
    OPTION=$(echo $1 | tr '[A-Z]' '[a-z]')
    case $OPTION in
      create)
        iptables -N $2
        iptables -I $2 -p all -j DROP
        iptables -I INPUT -p all -s 0.0.0.0/0 -j $2
        ;;
      allow)
        iptables -I $2  -p $3 --dport $4 -s $5 -j ACCEPT
        ;;
      *)
        HELP
        $0 stop
        exit 1
        ;;
    esac

  fi
}
ARRAY=(
  any:0.0.0.0/0:tcp:22
  server1:192.168.56.1/32:tcp:8383,8384,8385
  server2:192.168.56.2/32:tcp:8383,8384,8385
  server3:192.168.56.3/32:tcp:8383,8384,8385
  server4:192.168.56.4/32:tcp:8383,8384,8385
  server5:192.168.56.5/32:tcp:8383,8384,8385
)
if [ $# -eq 0 ]
then
  HELP
  exit 1
else
  OPTION=$(echo $1 | tr '[A-Z]' '[a-z]')
  case $OPTION in
    stop)
      CLEARRULES
      ;;
    start)
      CHAIN create BLOQUEIO
      for i in ${ARRAY[@]}
      do
        echo $i | tr ':' ' '| \
        while read SOURCENAME SOURCE PROTOCOL PORTS
        do
          echo $PORTS | tr ',' '\n' | \
          while read PORT
          do
            CHAIN allow BLOQUEIO $PROTOCOL $PORT $SOURCE
          done
        done

      done
      ;;
    status)
      iptables -L -n
      ;;
    restart)
      echo $0 stop
      echo $0 start
      echo $0 status
      ;;
    *)
      HELP
      exit 1
  esac
fi