Mercurial Mercurial > corpus_parole / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
dev/provisioning/modules/puppi/files/scripts/firewall.sh
author ymh <ymh.work@gmail.com>
Thu, 25 Feb 2016 12:24:30 +0100
changeset 132 d97eda8bc8ec
parent 28 b0b56e0f8c7f
permissions -rwxr-xr-x
move viaf-resolver to common module

#!/bin/bash
# firewall.sh - Made for Puppi

# Sources common header for Puppi scripts
. $(dirname $0)/header || exit 10

# Show help
showhelp () {
    echo "This script places a temporary firewall (iptables) rule to block access from the IP defined"
    echo "It has the following options:"
    echo "\$1 (Required) - Remote Ip address to block (Generally a load balancer"
    echo "\$2 (Required) - Local port to block (0 for all ports"
    echo "\$3 (Required) - Set on or off to insert or remove the blocking rule"
    echo "\$4 (Required) - Number of seconds to sleep after having set the rule"
    echo 
    echo "Examples:"
    echo "firewall.sh 10.42.0.1 0 on"
    echo "firewall.sh 10.42.0.1 0 off"
}

# Check arguments
if [ $2 ] ; then
    ip=$1
    port=$2
else
    showhelp
    exit 2 
fi

if [ $3 ] ; then
    if [ "$3" = "on" ] ; then
        action="-I"
    elif [ "$3" = "off" ] ; then
        action="-D"
    else 
        showhelp
        exit 2
    fi
else
    showhelp
    exit 2
fi

if [ $4 ] ; then
    delay=$4
else
    delay="1"
fi

# Block
run_iptables () {
    if [ "$port" = "0" ] ; then
        iptables $action INPUT -s $ip -j DROP
    else
        iptables $action INPUT -s $ip -p tcp --dport $port -j DROP
    fi
}

run_iptables
echo "Sleeping for $delay seconds"
sleep $delay

# Sooner or later this script will have multiOS support
corpus_parole