1 #!/bin/bash

     2 # firewall.sh - Made for Puppi

     3 

     4 # Sources common header for Puppi scripts

     5 . $(dirname $0)/header || exit 10

     6 

     7 # Show help

     8 showhelp () {

     9     echo "This script places a temporary firewall (iptables) rule to block access from the IP defined"

    10     echo "It has the following options:"

    11     echo "\$1 (Required) - Remote Ip address to block (Generally a load balancer"

    12     echo "\$2 (Required) - Local port to block (0 for all ports"

    13     echo "\$3 (Required) - Set on or off to insert or remove the blocking rule"

    14     echo "\$4 (Required) - Number of seconds to sleep after having set the rule"

    15     echo 

    16     echo "Examples:"

    17     echo "firewall.sh 10.42.0.1 0 on"

    18     echo "firewall.sh 10.42.0.1 0 off"

    19 }

    20 

    21 # Check arguments

    22 if [ $2 ] ; then

    23     ip=$1

    24     port=$2

    25 else

    26     showhelp

    27     exit 2 

    28 fi

    29 

    30 if [ $3 ] ; then

    31     if [ "$3" = "on" ] ; then

    32         action="-I"

    33     elif [ "$3" = "off" ] ; then

    34         action="-D"

    35     else 

    36         showhelp

    37         exit 2

    38     fi

    39 else

    40     showhelp

    41     exit 2

    42 fi

    43 

    44 if [ $4 ] ; then

    45     delay=$4

    46 else

    47     delay="1"

    48 fi

    49 

    50 # Block

    51 run_iptables () {

    52     if [ "$port" = "0" ] ; then

    53         iptables $action INPUT -s $ip -j DROP

    54     else

    55         iptables $action INPUT -s $ip -p tcp --dport $port -j DROP

    56     fi

    57 }

    58 

    59 run_iptables

    60 echo "Sleeping for $delay seconds"

    61 sleep $delay

    62 

    63 # Sooner or later this script will have multiOS support