Created
October 14, 2012 05:48
-
-
Save Ttech/3887527 to your computer and use it in GitHub Desktop.
IPTABLE script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #################################### | |
| #### #### | |
| #### 2012 Ttech #### | |
| #### Bash Router Enabler #### | |
| #### #### | |
| #################################### | |
| # this should be the only part you need to modify | |
| # the rest is fuly automated | |
| # internal and external ip addresses | |
| internal="127.0.0.1" | |
| external="127.0.0.1" | |
| # ports to open | |
| tcp=(80 44 322 21 25 6667); | |
| udp=(2532 56454) | |
| # Do we want to clear iptables? Perhaps? | |
| echo -n "Do you want to clear iptables? [y/n]" | |
| read -n 1 clear_tables | |
| if [ "$clear_tables" == "n" ]; then | |
| echo -e "\n[ WARN ] no deletion may cause issues\n[NOTICE] iptables not being cleared" | |
| else | |
| echo -e "\n[NOTICE] iptables attempting to be cleared" | |
| iptables -L | |
| iptables -X | |
| fi | |
| # Do we want o learn about kernel modules? YEA! | |
| kernel_modules=("ip_tables" "iptables_nat" "nf_conntrack" "nf_contrack_ftp" "nf_nat_ftp" "nf_contrack_irc"); | |
| for module in "${kernel_modules[@]}" | |
| do | |
| #modprobe ${module} | |
| if [ $? -eq 0 ]; then | |
| echo -e "[NOTICE] Loading Kernel Module \"${module}\"" | |
| else | |
| echo -e "[FATAL] Could not load ${module} entering failed state" | |
| exit 1 | |
| fi | |
| done | |
| # Setting IP Fowarding and routing | |
| echo -e "[STATUS] Setting routing enabled" | |
| # enable ip forwarding ( so we can act as a router ) | |
| echo "1" > /proc/sys/net/ipv4/ip_forward | |
| # set some awesome dynaddress stuff | |
| echo "1" > /proc/sys/net/ipv4/ip_dynaddr | |
| echo -e "[STATUS] Done Loading Kernel Modules" | |
| # We need to load the stuff to make iptables work more like a router | |
| echo -E "[NOTICE] Setting default firewall rules" | |
| iptables -P INPUT DROP | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD DROP | |
| true | |
| if [ $? -eq 0 ]; then | |
| echo "[STATUS] Finished setting default rules" | |
| else | |
| echo "[FATAL] Could not set default rules" | |
| exit 1 | |
| fi | |
| iptables -A FORWARD -i "$external" -o "$internal" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A FORWARD -i "$internal" -o "$external" -j ACCEPT | |
| iptables -A FORWARD -j LOG | |
| true | |
| if [ $? -eq 0 ]; then | |
| echo "[STATUS] Finished setting routing rules" | |
| else | |
| echo "[FATAL] Could not set routing rules" | |
| exit 1 | |
| fi | |
| # load tcp ports into iptables | |
| for port in "${tcp[@]}" | |
| do | |
| iptables -A INPUT -p tcp --dport ${port} -j ACCEPT | |
| case $? in | |
| 0) echo "[NOTICE] Sucessfully adding tcp port ${port}" | |
| ;; | |
| 1) echo "[FATAL] Could add tcp port ${port} to iptables" | |
| ;; | |
| 126) echo "[FATAL] Permission problem or command is not an executable" | |
| exit 1 | |
| ;; | |
| 127) echo "[FATAL] No such command" | |
| exit 1 | |
| ;; | |
| 128) echo "[WHAT] Invalid Argument" | |
| esac | |
| done | |
| # load udp ports into iptables | |
| for port in "${udp[@]}" | |
| do | |
| iptables -A INPUT -p tcp --dport ${port} -j ACCEPT | |
| case $? in | |
| 0) echo "[NOTICE] Sucessfully adding udp port ${port}" | |
| ;; | |
| 1) echo "[FATAL] Could add udp port ${port} to iptables" | |
| ;; | |
| 126) echo "[FATAL] Permission problem or command is not an executable" | |
| exit 1 | |
| ;; | |
| 127) echo "[FATAL] No such command" | |
| exit 1 | |
| ;; | |
| 128) echo "[WHAT] Invalid Argument" | |
| esac | |
| done | |
| echo -e "[STATUS] Done Loading ipTables" | |
| echo -e "\n\n**********************************************************\n\n\n\t\tFINISHED. ROUTER ENABLED....\n\n" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment