Created
June 3, 2016 06:06
-
-
Save dan82840/61388e8a82148b5126a0bdd2fdc540ac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| # ./log-http-packet-flow.sh [Source IP Address] [[Delete]] | |
| # | |
| SRCIP=$1 | |
| ACT=$2 | |
| IPT=`which iptables` | |
| EBT=`which ebtables` | |
| if [ -z $SRCIP ]; then | |
| echo "Need Source IP Address for the first parameter !!!" | |
| exit 1 | |
| fi | |
| if [ ! -z $ACT ]; then | |
| ACT="-D" | |
| else | |
| ACT="-I" | |
| fi | |
| # iptables nat table | |
| $IPT -t nat $ACT PREROUTING -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_NAT_PRER_HTTP: " | |
| $IPT -t nat $ACT INPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_NAT_INPUT_HTTP: " | |
| $IPT -t nat $ACT OUTPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_NAT_OUTPUT_HTTP: " | |
| $IPT -t nat $ACT POSTROUTING -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_NAT_POSTR_HTTP: " | |
| # iptables raw Table | |
| $IPT -t raw $ACT PREROUTING -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_RAW_PRER_HTTP: " | |
| $IPT -t raw $ACT OUTPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_RAW_OUTPUT_HTTP: " | |
| # iptables mangle tables | |
| $IPT -t mangle $ACT PREROUTING -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_MANGLE_PRER_HTTP: " | |
| $IPT -t mangle $ACT INPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_MANGLE_INPUT_HTTP: " | |
| $IPT -t mangle $ACT FORWARD -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_MANGLE_FORWARD_HTTP: " | |
| $IPT -t mangle $ACT OUTPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_MANGLE_OUTPUT_HTTP: " | |
| $IPT -t mangle $ACT POSTROUTING -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_MANGLE_POSTR_HTTP: " | |
| # iptables filter tables | |
| $IPT -t filter $ACT INPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_FILTER_INPUT_HTTP: " | |
| $IPT -t filter $ACT FORWARD -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_FILTER_FORWARD_HTTP: " | |
| $IPT -t filter $ACT OUTPUT -s $SRCIP -m tcp -p tcp --dport 80 -j LOG --log-prefix="IPT_FILTER_OUTPUT_HTTP: " | |
| # ebtables broute table | |
| $EBT -t broute $ACT BROUTING -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_BROUTE_BROUTING_HTTP: " | |
| # ebtables nat table | |
| $EBT -t nat $ACT PREROUTING -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_NAT_PRERO_HTTP: " | |
| $EBT -t nat $ACT POSTROUTING -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_NAT_POSTR_HTTP: " | |
| $EBT -t nat $ACT OUTPUT -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_NAT_OUTPUT_HTTP: " | |
| # ebtables filter table | |
| $EBT -t filter $ACT INPUT -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_FILTER_INPUT_HTTP: " | |
| $EBT -t filter $ACT FORWARD -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_FILTER_FORWARD_HTTP: " | |
| $EBT -t filter $ACT OUTPUT -p ipv4 --ip-proto tcp --ip-destination-port 80 --ip-src $SRCIP --log-level info --log-ip --log-prefix "EBT_FILTER_OUTPUT_HTTP: " | |
| $IPT -t nat -L | |
| $IPT -t raw -L | |
| $IPT -t mangle -L | |
| $IPT -t filter -L | |
| $EBT -t broute -L | |
| $EBT -t filter -L | |
| $EBT -t nat -L |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment