|
28
|
1 |
#!/bin/bash |
|
|
2 |
# firewall.sh - Made for Puppi |
|
|
3 |
|
|
|
4 |
# Sources common header for Puppi scripts |
|
|
5 |
. $(dirname $0)/header || exit 10 |
|
|
6 |
|
|
|
7 |
# Show help |
|
|
8 |
showhelp () { |
|
|
9 |
echo "This script places a temporary firewall (iptables) rule to block access from the IP defined" |
|
|
10 |
echo "It has the following options:" |
|
|
11 |
echo "\$1 (Required) - Remote Ip address to block (Generally a load balancer" |
|
|
12 |
echo "\$2 (Required) - Local port to block (0 for all ports" |
|
|
13 |
echo "\$3 (Required) - Set on or off to insert or remove the blocking rule" |
|
|
14 |
echo "\$4 (Required) - Number of seconds to sleep after having set the rule" |
|
|
15 |
echo |
|
|
16 |
echo "Examples:" |
|
|
17 |
echo "firewall.sh 10.42.0.1 0 on" |
|
|
18 |
echo "firewall.sh 10.42.0.1 0 off" |
|
|
19 |
} |
|
|
20 |
|
|
|
21 |
# Check arguments |
|
|
22 |
if [ $2 ] ; then |
|
|
23 |
ip=$1 |
|
|
24 |
port=$2 |
|
|
25 |
else |
|
|
26 |
showhelp |
|
|
27 |
exit 2 |
|
|
28 |
fi |
|
|
29 |
|
|
|
30 |
if [ $3 ] ; then |
|
|
31 |
if [ "$3" = "on" ] ; then |
|
|
32 |
action="-I" |
|
|
33 |
elif [ "$3" = "off" ] ; then |
|
|
34 |
action="-D" |
|
|
35 |
else |
|
|
36 |
showhelp |
|
|
37 |
exit 2 |
|
|
38 |
fi |
|
|
39 |
else |
|
|
40 |
showhelp |
|
|
41 |
exit 2 |
|
|
42 |
fi |
|
|
43 |
|
|
|
44 |
if [ $4 ] ; then |
|
|
45 |
delay=$4 |
|
|
46 |
else |
|
|
47 |
delay="1" |
|
|
48 |
fi |
|
|
49 |
|
|
|
50 |
# Block |
|
|
51 |
run_iptables () { |
|
|
52 |
if [ "$port" = "0" ] ; then |
|
|
53 |
iptables $action INPUT -s $ip -j DROP |
|
|
54 |
else |
|
|
55 |
iptables $action INPUT -s $ip -p tcp --dport $port -j DROP |
|
|
56 |
fi |
|
|
57 |
} |
|
|
58 |
|
|
|
59 |
run_iptables |
|
|
60 |
echo "Sleeping for $delay seconds" |
|
|
61 |
sleep $delay |
|
|
62 |
|
|
|
63 |
# Sooner or later this script will have multiOS support |