Created
March 10, 2017 11:43
-
-
Save panagiotisTB/463994198f7390913eface01cfa92849 to your computer and use it in GitHub Desktop.
#school Script for firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # ========================================= | |
| # === Part 1: Variablen === | |
| # ========================================= | |
| echo " - Variablen werden gesetzt" | |
| # Argument Variables | |
| arg=$1 | |
| # Arbeitsgruppe | |
| AG=6 | |
| # Hier wird mit "IPTABLES" eine Variable deklariert, die auf den Pfad zu dem ausfuehrbaren Programm zeigt. | |
| IPTABLES=/sbin/iptables | |
| # Macht Linux-Maschine zu einem Router | |
| echo "1" > /proc/sys/net/ipv4/ip_forward | |
| # Variablen werden deklariert. IP Adressen muessen angepasst werden | |
| # Interfaces (Bezeichnungen koennen abweichen) | |
| iINT=eth1 | |
| iEXT=eth0 | |
| # Definition DNS. Hier zwei DNS-Server in einem Array | |
| DNS="192.168.95.40/32 192.168.95.41/32" | |
| # ----------------------------------- | |
| #Timeserver: hier Standardgateway | |
| TimeSrv=192.168.50.1/32 | |
| # Der Rechner, auf dem die Firewall (Inside) laufen soll, hier die VMWare | |
| LinuxInside_in=10.0.$AG.1/32 | |
| LinuxInside_dmz=172.16.$AG.2/32 | |
| # Der Rechner, auf dem die Firewall (Outside) laufen soll, hier die VMWare | |
| LinuxOutside_out=192.168.50.$((100+$AG))/32 | |
| LinuxOutside_dmz=172.16.$AG.1/32 | |
| # Rechner fuer Fernwartung z.B. mit ssh, hier der Windowswirt (XP, Win7 o.ae.) | |
| AdminPC=10.0.$AG.2/32 | |
| # Das DMZ-Netz | |
| DMZ=172.16.$AG.0/24 # Das DMZ Netz | |
| # Das LAN-Netz | |
| LAN=10.0.$AG.0/24 # Das LAN Netz | |
| # ========================================= | |
| # === Part 2: Tasks === | |
| # ========================================= | |
| echo "Setting Default Policies" | |
| if [[ "$arg" = "stop" ]]; then | |
| $IPTABLES -P INPUT ACCEPT | |
| $IPTABLES -P OUTPUT ACCEPT | |
| $IPTABLES -F | |
| $IPTABLES -X | |
| echo "Firewall stopped." | |
| elif [[ "$arg" = "start" ]]; then | |
| echo "Starting the Firewall..." | |
| $IPTABLES -F | |
| $IPTABLES -P INPUT DROP | |
| $IPTABLES -P OUTPUT DROP | |
| RETURN_DROP=$? | |
| # Allow Ping from Outside to Inside | |
| $IPTABLES -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| $IPTABLES -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| RETURN_ICMP_IN=$? | |
| # Allow Ping from Inside to Outside | |
| $IPTABLES -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| $IPTABLES -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| RETURN_ICMP_OUT=$? | |
| if [[ $RETURN_DROP = 0 && $RETURN_ICMP_OUT = 0 && $RETURN_ICMP_IN = 0]]; then | |
| echo "I started dat shit." | |
| else | |
| echo "I couldn't start it." | |
| fi | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment