Jun 02
- Change language to:
#!/bin/sh###################################################################### This is a firewall design by Firewalladministrator.org#####################################################################
echo "Trying to start script...."
###################################################################### Functions, {Save us a hell lot of writing time}#####################################################################function firewall_start_nat(){ IPCHAINS=/sbin/ipchains IPCMD="$IPCHAINS" ADD="$IPCMD -A" FORWARD="$IPCMD -A forward"
$FORWARD -s 192.168.0.0/24 -j MASQ}
function firewall_start_rules(){
IPCHAINS=/sbin/ipchains IPCMD="$IPCHAINS" ADD="$IPCMD -A" ADDIN="$IPCMD -A input" ADDOUT="$IPCMD -A output"
SSHINTIPS="192.168.0.1 192.168.0.2"
LOCNET="192.168.0.0/24" ME="192.168.0.1" IP1="192.168.0.5" IP3="172.16.0.1"
$ADDIN -p tcp -y -s $LOCNET -d ! $ME -i eth1 -j ACCEPT
for IP in $SSHINTIPS; do $ADDIN -p tcp -y -s $IP -d $ME 22 -i eth1 -j ACCEPT done
$ADDIN -p tcp -y -i eth1 -j REJECT
$ADDIN -p udp -s $LOCNET -i eth1 -j ACCEPT $ADDIN -p udp -i eth1 -j REJECT
$ADDIN -p icmp --icmp-type echo-request -s $LOCNET -i eth1 -j ACCEPT $ADDIN -p icmp --icmp-type time-exceeded -s $LOCNET -i eth1 -j ACCEPT $ADDIN -p icmp --icmp-type parameter-problem -s $LOCNET -i eth1 -j ACCEPT $ADDIN -p icmp --icmp-type destination-unreachable -s $LOCNET -i eth1 -j ACCEPT $ADDIN -p icmp --icmp-type echo-reply -s $LOCNET -d $ME -i eth1 -j ACCEPT $ADDIN -p icmp -i eth1 -j REJECT
$ADDIN -s ! $LOCNET -i eth1 -j REJECT
$ADDOUT -d $LOCNET -i eth1 -j ACCEPT
##### IP1 on int interface $ADDIN -p udp -d $IP1 -j ACCEPT
$ADDIN -p icmp --icmp-type echo-reply -d $IP1 -j ACCEPT $ADDIN -p icmp --icmp-type time-exceeded -d $IP1 -j ACCEPT $ADDIN -p icmp --icmp-type parameter-problem -d $IP1 -j ACCEPT $ADDIN -p icmp --icmp-type destination-unreachable -d $IP1 -j ACCEPT $ADDIN -p icmp -d $IP1 -j DENY
$ADDOUT -p tcp -s $IP1 -j ACCEPT $ADDOUT -p udp -s $IP1 -j ACCEPT $ADDOUT -p icmp --icmp-type echo-reply -s $IP1 -j ACCEPT $ADDOUT -p icmp --icmp-type time-exceeded -s $IP1 -j ACCEPT $ADDOUT -p icmp -s $IP1 -j DENY
#IP on ext interface $ADDIN -p tcp -y -d $IP3 25 -j ACCEPT $ADDIN -p tcp -y -d $IP3 8000 -j ACCEPT #ftp $ADDIN -p tcp -y -s 0.0.0.0/0 -d $IP3 20:21 -j ACCEPT #ssh ext $ADDIN -p tcp -y -s 0.0.0.0/0 -d $IP3 22 -j ACCEPT $ADDIN -p tcp -y -d $IP3 -j DENY
$ADDIN -p udp -d $IP3 -j ACCEPT
$ADDIN -p icmp --icmp-type echo-reply -d $IP3 -j ACCEPT $ADDIN -p icmp --icmp-type time-exceeded -d $IP3 -j ACCEPT $ADDIN -p icmp --icmp-type parameter-problem -d $IP3 -j ACCEPT $ADDIN -p icmp --icmp-type destination-unreachable -d $IP3 -j ACCEPT $ADDIN -p icmp -d $IP3 -j DENY
$ADDOUT -p tcp -s $IP3 -j ACCEPT $ADDOUT -p udp -s $IP3 -j ACCEPT $ADDOUT -p icmp --icmp-type echo-request -s $IP3 -j ACCEPT $ADDOUT -p icmp --icmp-type time-exceeded -s $IP3 -j ACCEPT $ADDOUT -p icmp --icmp-type parameter-problem -s $IP3 -j ACCEPT $ADDOUT -p icmp --icmp-type destination-unreachable -s $IP3 -j ACCEPT $ADDOUT -p icmp -s $IP3 -j DENY
}function firewall_start_complete(){ firewall_start_nat firewall_start_rules}
###################################################################### Stopping the firewall#####################################################################function firewall_stop_nat(){ ipchains -F forward}
function firewall_stop_rules(){ ipchains -F input ipchains -F output}
function firewall_stop_complete(){ firewall_stop_nat firewall_stop_rules}###################################################################### Listing the firewall rules#####################################################################function firewall_list_nat(){ ipchains -L forward}
function firewall_list_rules(){ ipchains -L input ipchains -L output}
function firewall_list_complete(){ ipchains -L}
###################################################################### The script control options# Without this you would needed some more actions 
#####################################################################case "$1" in start) case "$2" in rules) firewall_start_rules echo "Starting firewall script rules" logger "Loaded firewall rules" ;; nat) firewall_start_nat echo "Starting firewall script nat rules" logger "Loaded firewall nat rules" ;; *) firewall_start_complete echo "Starting firewall script" logger "Starting firewall/nat script" ;; esac ;; stop) case "$2" in firewall) firewall_stop_complete echo "The firewall stopped completely" logger "Stopped the firewall/nat script totally" ;; nat) firewall_stop_nat echo "Flushed the nat rules" logger "The firewall nat rules were flushed!" ;; rules) firewall_stop_rules echo "Flushed the rules" logger "Firewall rules are flushed!"
;; help) echo "The following options can be given during startup" echo "rules -> stops the rule firewall" echo "nat -> stops the nat firewall" echo "nothing -> stops the entire firewall" echo "firewall -> stops the entire firewall" ;; *) firewall_stop_complete echo "The firewall stopped completely" logger "Stopped the firewall/nat script totally" ;; esac ;; list) case "$2" in nat) echo "Listing nat" firewall_list_nat ;; rules) echo "Listing rules" firewall_list_rules ;; *) firewall_list_complete ;; ;; *) echo "Usage (start|stop|list)" exit 1; ;;esacexit 0###################################################################### End of script#####################################################################