Loading...
HOME
 |
Iptables-adm - A very basic script for iptables' admins | ||
Discussion by k22 with 1 Replies.
Last Update: March 4, 2005, 1:21 pm | |||
 |
|||
 |
 |
|
 |
 |
| Reply / Comment | New Discussion / Topic | Share / Bookmark | E-Mail a Friend |
 |
|
|
Hi, When I installed Iptables on my linux Box the first time I noticed that the Iptables-save and Iptables-restore commands were totaly useless, infact you need to redirect the output and input every time you use it..So i decided to create a very simple script that provides this functionality....
before starting you need to know how to add a rules in iptables and in general using iptables, if you just install iptables these 2 rules close all connections incoming on the mySQL & SSH ports, so only from localhost you can use this features(SSH in localhost is useless..but for an home workstation..)
# iptables -A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 22 -j DROP
# iptables -L
# iptables-save > ~/iptables/bakup
we make a backup of the current settings so if something goes wrong we don't lose time to fix
iptables-adm
echo "Iptables Admin v0.3.0";
sc=$1
prefix=/usr/sbin #iptables binaries directory
. /etc/iptables/iptables.conf #iptables-adm settings file path
rules=( "${configfilerules[@]}" )
if [ -n "$2" ]
then
if [ `basename $2` = $2 ]
then
path=$PWD/$2
else
path=$2;
fi
else
path=$configfilepath
fi
case $sc in
"--help" | "-h" | "")
echo "Coder: k22 ---- Released under GNU/GPL license";
echo "Usage: ./iptables-adm COMMAND";
echo "Commands:";
echo "-s --save [FILE] Save current settings of iptables to FILE or default file";
echo "-r --restore [FILE] Restore saved settings of iptables";
echo "-d --default Restore default settings of the config file";
echo "-l --last Restore last settings of iptables(Saved on shutdown)";
echo "-h --help Print this help menu";
echo "Boot/Shutdown Option:";
echo "start Restore saved settings of iptables";
echo "stop Save last settings of iptables";
;;
"--restore" | "-r" | "start" | "-l" | "--last")
echo "Restoring Iptables...";
[ "$sc" == "-l" ] || [ "$sc" == "--last" ] && path=$configlast
if $prefix/iptables-restore $path
then
echo "Iptables restored from _ $path _";
else
echo "Iptables restoring fail";
fi
;;
"--save" | "-s" | "stop")
echo "Saving curent settings...";
[ "$sc" == "stop" ] && path=$configlast
if [ ! -e "$path" ]
then
echo "I'll make a new config file in _ $path _";
else
echo "I have found and old settings file in _ $path _";
fi
if $prefix/iptables-save > $path
then
echo "Iptables settings saved in _ $path _";
else
echo "Iptables settings have not been saved in _ $path _";
fi
;;
"--default" | "-d")
echo "Restoring default setting...";
if [ -n "${rules[0]}" ]
then
num=0
while [ "$num" -lt "${#rules[@]}" ]
do
if $prefix/iptables ${rules[$num]}
then
num=$(($num+1))
echo "Iptables default setting $num setted";
else
exit
fi
done
else
echo "Iptables default settings have not been found";
fi
;;
esac
you have to place this file in /usr/local/sbin/ and in the /etc/rc.d/ so you can use it during the boot and when you're logged (DO NOT USE ln -s ,I've seen on some computers problems during the boot when a file in rc.d is a link to another one, i don't know why..so it's better to have 2 files)
now we need the config file
Config File
#Iptables-adm config file by k22 ########
#####################################
#If you insert file or any rules these will append to the default config#
configfilepath="/etc/sysconfig/iptables-saved.conf"
configlast="/etc/sysconfig/iptables-last.conf"
configfilerules=("-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 22 -j DROP" "-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3306 -j DROP")
you've to place the file in /etc/iptables/iptables.conf or if you change directory change also the path in the script
This file provides many information, first the name of the future file of the iptables settings
/etc/sysconfig/iptables-saved.conf
and then a bakup file
/etc/sysconfig/iptables-last.conf
in fact every time you shutdown the computer this script will save the last configuration in this file so if you forget to save you don't lose the work...
now you have to select during which runlevel you need iptables
with a sysv boot system you've to do these passages
# ln -s ../iptables-adm SXXiptables-adm //(where XX is number of the posistion you want to start it, it MUST be started after network and after iptables so 16-20 is enough for the most part of the computer)
# ln -s ../iptables-adm KYYiptables-adm //(as the last one but we decide when activate this script during the shutdown, 04-05 is ok)
now this script will restore the iptables settings each boot, now we've to save the setting in the default config file
now just reboot your machine and your settings will be restored
I hope this script is useful to someone other commands that cna be used are:
-l to restore the last config, saved during shutdown
-s filename to save on a specific file
-r filename to restore from a specfic file
I hope someone finds this file useful in my next tutorial I'll explain how to fix some bugs and how to install an old project that permits to see Iptables log, directly from web, and some addons that I've created for this project
before starting you need to know how to add a rules in iptables and in general using iptables, if you just install iptables these 2 rules close all connections incoming on the mySQL & SSH ports, so only from localhost you can use this features(SSH in localhost is useless..but for an home workstation..)
CODE
# iptables -A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3306 -j DROP# iptables -A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 22 -j DROP
# iptables -L
# iptables-save > ~/iptables/bakup
we make a backup of the current settings so if something goes wrong we don't lose time to fix
iptables-adm
CODE
#!/bin/shecho "Iptables Admin v0.3.0";
sc=$1
prefix=/usr/sbin #iptables binaries directory
. /etc/iptables/iptables.conf #iptables-adm settings file path
rules=( "${configfilerules[@]}" )
if [ -n "$2" ]
then
if [ `basename $2` = $2 ]
then
path=$PWD/$2
else
path=$2;
fi
else
path=$configfilepath
fi
case $sc in
"--help" | "-h" | "")
echo "Coder: k22 ---- Released under GNU/GPL license";
echo "Usage: ./iptables-adm COMMAND";
echo "Commands:";
echo "-s --save [FILE] Save current settings of iptables to FILE or default file";
echo "-r --restore [FILE] Restore saved settings of iptables";
echo "-d --default Restore default settings of the config file";
echo "-l --last Restore last settings of iptables(Saved on shutdown)";
echo "-h --help Print this help menu";
echo "Boot/Shutdown Option:";
echo "start Restore saved settings of iptables";
echo "stop Save last settings of iptables";
;;
"--restore" | "-r" | "start" | "-l" | "--last")
echo "Restoring Iptables...";
[ "$sc" == "-l" ] || [ "$sc" == "--last" ] && path=$configlast
if $prefix/iptables-restore $path
then
echo "Iptables restored from _ $path _";
else
echo "Iptables restoring fail";
fi
;;
"--save" | "-s" | "stop")
echo "Saving curent settings...";
[ "$sc" == "stop" ] && path=$configlast
if [ ! -e "$path" ]
then
echo "I'll make a new config file in _ $path _";
else
echo "I have found and old settings file in _ $path _";
fi
if $prefix/iptables-save > $path
then
echo "Iptables settings saved in _ $path _";
else
echo "Iptables settings have not been saved in _ $path _";
fi
;;
"--default" | "-d")
echo "Restoring default setting...";
if [ -n "${rules[0]}" ]
then
num=0
while [ "$num" -lt "${#rules[@]}" ]
do
if $prefix/iptables ${rules[$num]}
then
num=$(($num+1))
echo "Iptables default setting $num setted";
else
exit
fi
done
else
echo "Iptables default settings have not been found";
fi
;;
esac
you have to place this file in /usr/local/sbin/ and in the /etc/rc.d/ so you can use it during the boot and when you're logged (DO NOT USE ln -s ,I've seen on some computers problems during the boot when a file in rc.d is a link to another one, i don't know why..so it's better to have 2 files)
now we need the config file
Config File
CODE
#######################################Iptables-adm config file by k22 ########
#####################################
#If you insert file or any rules these will append to the default config#
configfilepath="/etc/sysconfig/iptables-saved.conf"
configlast="/etc/sysconfig/iptables-last.conf"
configfilerules=("-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 22 -j DROP" "-A INPUT -s ! 127.0.0.1 -p tcp -m tcp --dport 3306 -j DROP")
you've to place the file in /etc/iptables/iptables.conf or if you change directory change also the path in the script
This file provides many information, first the name of the future file of the iptables settings
/etc/sysconfig/iptables-saved.conf
and then a bakup file
/etc/sysconfig/iptables-last.conf
in fact every time you shutdown the computer this script will save the last configuration in this file so if you forget to save you don't lose the work...
now you have to select during which runlevel you need iptables
with a sysv boot system you've to do these passages
CODE
# cd /etc/rc.d/rc.x //(where x is the runlevel selected)# ln -s ../iptables-adm SXXiptables-adm //(where XX is number of the posistion you want to start it, it MUST be started after network and after iptables so 16-20 is enough for the most part of the computer)
# ln -s ../iptables-adm KYYiptables-adm //(as the last one but we decide when activate this script during the shutdown, 04-05 is ok)
now this script will restore the iptables settings each boot, now we've to save the setting in the default config file
CODE
# iptables-adm -snow just reboot your machine and your settings will be restored
I hope this script is useful to someone other commands that cna be used are:
-l to restore the last config, saved during shutdown
-s filename to save on a specific file
-r filename to restore from a specfic file
I hope someone finds this file useful in my next tutorial I'll explain how to fix some bugs and how to install an old project that permits to see Iptables log, directly from web, and some addons that I've created for this project
its an interesting script, but would it not be more simple to use the existing boot scripts
for example:
/etc/init.d/iptables restore
or directly useing
iptables-restore < /etc/iptables.conf
for example:
CODE
/etc/init.d/iptables save/etc/init.d/iptables restore
or directly useing
CODE
iptables-save > /etc/iptables.confiptables-restore < /etc/iptables.conf
|
|
|
|
|
|
| Reply / Comment | New Discussion / Topic | Share / Bookmark | E-Mail a Friend |
Similar Topics:
Help Needed To Create Login Script ...
Have a format in mind and have a good idea how it works. So here what I need:
step 1:::
person must register: create handle // enter password // enter password // enter email : it then takes the person to acsepted page or reject per reason page.
step 2::: login page: enter handle / ...more
Visual Basic Names
Finishing The Look Of Your Newly In...
Most third party webscript come complete with a standard template, color scheme, graphics set, logo, favicon, and of course a copyright notice.
Since most of these scripts are open source these days, we have a lot of room to modify the original script as long as we don't redistribut ...more
 A General Guide To Re-compiling Your Kernel (4)
|
(3) Configuring Apache On Fedora Core 3 For Userdir Please SELinux, without turning it off! 
|
Setup a server with Webmin Samba IPTABLES LINUX Part 1
Setup a server with Webmin Samba IPTABLES LINUX Part 2
Linux - Setting up a DHCP Server (Video 1 of 4 for setting up Linux Router/Gateway)
