forum.opennet.ru - "Personal firewall in Linux" (5)

форумы

помощь

поиск

регистрация

майллист

вход/выход

слежка

"Personal firewall in Linux"

Форум Информационная безопасность (Linux iptables, ipchains / Linux)
Вариант для распечатки		Пред. тема \| След. тема
Изначальное сообщение		[ Отслеживать ]

"Personal firewall in Linux"	+/–
Сообщение от anonymous (??) on 16-Мрт-11, 22:30
cat > firewall.txt # Generated by iptables-save v1.4.7 on Wed Mar 16 21:11:30 2011 nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Wed Mar 16 21:11:30 2011 # Generated by iptables-save v1.4.7 on Wed Mar 16 21:11:30 2011 filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state --state INVALID -j DROP -A INPUT -p udp -m udp --sport 53 -j ACCEPT -A INPUT -m state --state NEW -j LOG --log-prefix "firewall-INPUT " -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -m state --state INVALID -j DROP -A FORWARD -p udp -m udp --dport 53 -j ACCEPT -A FORWARD -m state --state NEW -j LOG --log-prefix "firewall-FORWARD " -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state INVALID -j DROP -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT -A OUTPUT -m state --state NEW -j LOG --log-prefix "firewall-OUTPUT " COMMIT # Completed on Wed Mar 16 21:11:30 2011 cat firewall.txt \| sudo /usr/sbin/iptables-restore cat > firewall.sh IPTABLES='/usr/sbin/iptables' while read line do unset SRC unset SPT unset DST unset DPT unset HSRC unset HSPT unset HDST unset HDPT unset IPDST unset FQDNDST unset ACTION echo $line \| grep "firewall-" > /dev/null 2>&1 [ $? != 0 ] && continue for item in $line do case $item in firewall-) CHAIN=${item#firewall-};; PROTO=) PROTO=${item#PROTO=}; PROTO=${PROTO,,};; SRC=) SRC=${item#SRC=};; SPT=) SPT=${item#SPT=};; DST=) DST=${item#DST=};; DPT=) DPT=${item#DPT=};; esac done sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$5,$7}' \ \| grep "$PROTO\W$DST\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue HSRC=`host $SRC \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HDST=`host $DST \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HSPT=`grep "\W$SPT/$PROTO\W" /etc/services \| awk '{print $1}'` HDPT=`grep "\W$DPT/$PROTO\W" /etc/services \| awk '{print $1}'` HSRC=${HSRC:-$SRC} HDST=${HDST:-$DST} HSPT=${HSPT:-$SPT} HDPT=${HDPT:-$DPT} IPDST="-d $HDST -p $PROTO" FQDNDST="-d $DST -p $PROTO" [ -z $DPT ] \|\| IPDST="$IPDST --dport $DPT" [ -z $DPT ] \|\| FQDNDST="$FQDNDST --dport $DPT" ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,\ DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \ -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"` ACTION=${ACTION:-"SKIP"} case $ACTION in SKIP) continue;; ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNDST>";; ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$IPDST>";; DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNDST>";; DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$IPDST>";; ) continue;; esac sleep 3 done __edit sudoers__ chmod a+x firewall.sh chgrp users /var/log/syslog chmod g+r /var/log/syslog tail -n 1 -F /var/log/syslog \| ./firewall.sh
Ответить \| Правка \| Cообщить модератору

Оглавление

Personal firewall in Linux, shadow_alone, 02:08 , 17-Мрт-11, (1)
Personal firewall in Linux, anonymous, 02:40 , 17-Мрт-11, (2)
Personal firewall in Linux, anonymous, 03:04 , 17-Мрт-11, (3)

Personal firewall in Linux, anonymous, 03:28 , 17-Мрт-11, (4)

Personal firewall in Linux, anonymous, 13:53 , 17-Мрт-11, (5)

Сообщения по теме [Сортировка по времени | RSS]

1. "Personal firewall in Linux" +/–

Сообщение от shadow_alone (ok) on 17-Мрт-11, 02:08

Что это было ....

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

2. "Personal firewall in Linux" +/–

Сообщение от anonymous (??) on 17-Мрт-11, 02:40

PS
/sbin/modprobe nf_conntrack
/sbin/modprobe nf_conntrack_amanda
/sbin/modprobe nf_conntrack_ftp
/sbin/modprobe nf_conntrack_h323
/sbin/modprobe nf_conntrack_irc
/sbin/modprobe nf_conntrack_netbios_ns
/sbin/modprobe nf_conntrack_netlink
/sbin/modprobe nf_conntrack_pptp
/sbin/modprobe nf_conntrack_proto_dccp
/sbin/modprobe nf_conntrack_proto_gre
/sbin/modprobe nf_conntrack_proto_sctp
/sbin/modprobe nf_conntrack_proto_udplite
/sbin/modprobe nf_conntrack_sane
/sbin/modprobe nf_conntrack_sip
/sbin/modprobe nf_conntrack_tftp

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

3. "Personal firewall in Linux" +/–

Сообщение от anonymous (??) on 17-Мрт-11, 03:04

fixed:

cat > firewall.sh
IPTABLES='/usr/sbin/iptables'
while read line
do
    unset SRC
    unset SPT
    unset DST
    unset DPT
    unset HSRC
    unset HSPT
    unset HDST
    unset HDPT
    unset IPDST
    unset FQDNDST
    unset ACTION
    echo $line | grep "firewall-" > /dev/null 2>&1
    [ $? != 0 ] && continue
    for item in $line
    do
      case $item in
        firewall-*) CHAIN=${item#firewall-};;
        PROTO=*) PROTO=${item#PROTO=}; PROTO=${PROTO,,};;
        SRC=*) SRC=${item#SRC=};;
        SPT=*) SPT=${item#SPT=};;
        DST=*) DST=${item#DST=};;
        DPT=*) DPT=${item#DPT=};;
      esac
    done
    sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$5,$7}' \
       | grep "$PROTO\W$DST\/*\w*${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue
    HSRC=`host $SRC | grep "domain name pointer" | head -n 1 | awk '{print $5}'`
    HDST=`host $DST | grep "domain name pointer" | head -n 1 | awk '{print $5}'`
    HSPT=`grep "\W$SPT/$PROTO\W" /etc/services | awk '{print $1}'`
    HDPT=`grep "\W$DPT/$PROTO\W" /etc/services | awk '{print $1}'`
    HSRC=${HSRC:-$SRC}
    HDST=${HDST:-$DST}
    HSPT=${HSPT:-$SPT}
    HDPT=${HDPT:-$DPT}
    IPDST="-d $HDST -p $PROTO"
    FQDNDST="-d $DST -p $PROTO"
    [ $CHAIN == "INPUT" ] && IPDST="-p $PROTO"
    [ $CHAIN == "INPUT" ] && FQDNDST="-p $PROTO"
    [ -z $DPT ] || IPDST="$IPDST --dport $DPT"
    [ -z $DPT ] || FQDNDST="$FQDNDST --dport $DPT"
    ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,\
            DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \
            -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"`
    ACTION=${ACTION:-"SKIP"}
    case $ACTION in
      SKIP) continue;;
      ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j ACCEPT \
              || LANG=C xmessage "Error performing line: $line <$FQDNDST>";;
      ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j ACCEPT \
              || LANG=C xmessage "Error performing line: $line <$IPDST>";;
      DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j DROP \
              || LANG=C xmessage "Error performing line: $line <$FQDNDST>";;
      DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j DROP \
              || LANG=C xmessage "Error performing line: $line <$IPDST>";;
      *) continue;;
    esac
    sleep 3
done

Ответить | Правка | ^ к родителю #0 | Наверх | Cообщить модератору

4. "Personal firewall in Linux" +/–

Сообщение от anonymous (??) on 17-Мрт-11, 03:28

fixed2:

cat > firewall.sh
IPTABLES='/usr/sbin/iptables'
while read line
do
    unset SRC
    unset SPT
    unset DST
    unset DPT
    unset HSRC
    unset HSPT
    unset HDST
    unset HDPT
    unset IPDST
    unset FQDNDST
    unset ACTION
    echo $line | grep "firewall-" > /dev/null 2>&1
    [ $? != 0 ] && continue
    for item in $line
    do
      case $item in
        firewall-*) CHAIN=${item#firewall-};;
        PROTO=*) PROTO=${item#PROTO=}; PROTO=${PROTO,,};;
        SRC=*) SRC=${item#SRC=};;
        SPT=*) SPT=${item#SPT=};;
        DST=*) DST=${item#DST=};;
        DPT=*) DPT=${item#DPT=};;
      esac
    done
    [ $CHAIN == "INPUT" ] &&  sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$7}' \
       | grep "$PROTO${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue
    sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$5,$7}' \
       | grep "$PROTO\W$DST\/*\w*${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue
    HSRC=`host $SRC | grep "domain name pointer" | head -n 1 | awk '{print $5}'`
    HDST=`host $DST | grep "domain name pointer" | head -n 1 | awk '{print $5}'`
    HSPT=`grep "\W$SPT/$PROTO\W" /etc/services | awk '{print $1}'`
    HDPT=`grep "\W$DPT/$PROTO\W" /etc/services | awk '{print $1}'`
    HSRC=${HSRC:-$SRC}
    HDST=${HDST:-$DST}
    HSPT=${HSPT:-$SPT}
    HDPT=${HDPT:-$DPT}
    IPDST="-d $DST -p $PROTO"
    FQDNDST="-d $HDST -p $PROTO"
    [ $CHAIN == "INPUT" ] && IPDST="-p $PROTO"
    [ $CHAIN == "INPUT" ] && FQDNDST="-p $PROTO"
    [ -z $DPT ] || IPDST="$IPDST --dport $DPT"
    [ -z $DPT ] || FQDNDST="$FQDNDST --dport $DPT"
    ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,\
            DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \
            -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"`
    ACTION=${ACTION:-"SKIP"}
    case $ACTION in
      SKIP) continue;;
      ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j ACCEPT \
              || LANG=C xmessage "Error performing line: $line <$FQDNDST>";;
      ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j ACCEPT \
              || LANG=C xmessage "Error performing line: $line <$IPDST>";;
      DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j DROP \
              || LANG=C xmessage "Error performing line: $line <$FQDNDST>";;
      DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j DROP \
              || LANG=C xmessage "Error performing line: $line <$IPDST>";;
      *) continue;;
    esac
    sleep 3
done

Sorry!!!

Ответить | Правка | ^ к родителю #3 | Наверх | Cообщить модератору

5. "Personal firewall in Linux" +/–

Сообщение от anonymous (??) on 17-Мрт-11, 13:53

fixed 3

IPTABLES='/usr/sbin/iptables'
while read line
do
    unset SRC
    unset SPT
    unset DST
    unset DPT
    unset HSRC
    unset HSPT
    unset HDST
    unset HDPT
    unset IPRULE
    unset FQDNRULE
    unset ACTION
    echo $line | grep "firewall-" > /dev/null 2>&1
    [ $? != 0 ] && continue
    for item in $line
    do
      case $item in
        firewall-*) CHAIN=${item#firewall-};;
        PROTO=*) PROTO=${item#PROTO=}; PROTO=${PROTO,,};;
        SRC=*) SRC=${item#SRC=};;
        SPT=*) SPT=${item#SPT=};;
        DST=*) DST=${item#DST=};;
        DPT=*) DPT=${item#DPT=};;
      esac
    done
    case $CHAIN in
      INPUT) sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$4,$7}' \
       | grep "$PROTO\W$SRC\/*\w*${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue;;
      OUTPUT) sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$5,$7}' \
       | grep "$PROTO\W$DST\/*\w*${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue;;
      FORWARD) sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$4,$5,$7}' \
       | grep "$PROTO\W$SRC\W$DST\/*\w*${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue;;
    esac
    [ $CHAIN == "INPUT" ] &&  sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$7}' \
       | grep "$PROTO${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue
    sudo $IPTABLES -n -L $CHAIN | awk '{print $2,$5,$7}' \
       | grep "$PROTO\W$DST\/*\w*${DPT:+"\\Wdpt:$DPT"}\W*$" > /dev/null && continue
    HSRC=`host $SRC | grep "domain name pointer" | head -n 1 | awk '{print $5}'`
    HDST=`host $DST | grep "domain name pointer" | head -n 1 | awk '{print $5}'`
    HSPT=`grep "\W$SPT/$PROTO\W" /etc/services | awk '{print $1}'`
    HDPT=`grep "\W$DPT/$PROTO\W" /etc/services | awk '{print $1}'`
    HSRC=${HSRC:-$SRC}
    HDST=${HDST:-$DST}
    HSPT=${HSPT:-$SPT}
    HDPT=${HDPT:-$DPT}
    case $CHAIN in
      INPUT) IPRULE="-s $SRC -p $PROTO"; FQDNRULE="-s $HSRC -p $PROTO";;
      OUTPUT) IPRULE="-d $DST -p $PROTO"; FQDNRULE="-d $HDST -p $PROTO";;
      FORWARD) IPRULE="-s $SRC -d $DST -p $PROTO"; FQDNRULE="-s $HSRC -d $HDST -p $PROTO";;
    esac
    [ -z $DPT ] || IPRULE="$IPRULE --dport $DPT"
    [ -z $DPT ] || FQDNRULE="$FQDNRULE --dport $DPT"
    ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \
            -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"`
    ACTION=${ACTION:-"SKIP"}
    case $ACTION in
      SKIP) continue;;
      ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNRULE -j ACCEPT \
              || LANG=C xmessage "Error performing line: $line <$FQDNRULE>";;
      ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPRULE -j ACCEPT \
              || LANG=C xmessage "Error performing line: $line <$IPRULE>";;
      DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNRULE -j DROP \
              || LANG=C xmessage "Error performing line: $line <$FQDNRULE>";;
      DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPRULE -j DROP \
              || LANG=C xmessage "Error performing line: $line <$IPRULE>";;
      *) continue;;
    esac
done

Ответить | Правка | ^ к родителю #4 | Наверх | Cообщить модератору

Архив | Удалить

Рекомендовать для помещения в FAQ | Индекс форумов | Темы | Пред. тема | След. тема

Партнёры:

Хостинг:

Закладки на сайте
Проследить за страницей

Created 1996-2025 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру

1. "Personal firewall in Linux"	+/–
Сообщение от shadow_alone (ok) on 17-Мрт-11, 02:08
Что это было ....
Ответить \| Правка \| ^ к родителю #0 \| Наверх \| Cообщить модератору

2. "Personal firewall in Linux"	+/–
Сообщение от anonymous (??) on 17-Мрт-11, 02:40
PS /sbin/modprobe nf_conntrack /sbin/modprobe nf_conntrack_amanda /sbin/modprobe nf_conntrack_ftp /sbin/modprobe nf_conntrack_h323 /sbin/modprobe nf_conntrack_irc /sbin/modprobe nf_conntrack_netbios_ns /sbin/modprobe nf_conntrack_netlink /sbin/modprobe nf_conntrack_pptp /sbin/modprobe nf_conntrack_proto_dccp /sbin/modprobe nf_conntrack_proto_gre /sbin/modprobe nf_conntrack_proto_sctp /sbin/modprobe nf_conntrack_proto_udplite /sbin/modprobe nf_conntrack_sane /sbin/modprobe nf_conntrack_sip /sbin/modprobe nf_conntrack_tftp
Ответить \| Правка \| ^ к родителю #0 \| Наверх \| Cообщить модератору

3. "Personal firewall in Linux"	+/–
Сообщение от anonymous (??) on 17-Мрт-11, 03:04
fixed: cat > firewall.sh IPTABLES='/usr/sbin/iptables' while read line do unset SRC unset SPT unset DST unset DPT unset HSRC unset HSPT unset HDST unset HDPT unset IPDST unset FQDNDST unset ACTION echo $line \| grep "firewall-" > /dev/null 2>&1 [ $? != 0 ] && continue for item in $line do case $item in firewall-) CHAIN=${item#firewall-};; PROTO=) PROTO=${item#PROTO=}; PROTO=${PROTO,,};; SRC=) SRC=${item#SRC=};; SPT=) SPT=${item#SPT=};; DST=) DST=${item#DST=};; DPT=) DPT=${item#DPT=};; esac done sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$5,$7}' \ \| grep "$PROTO\W$DST\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue HSRC=`host $SRC \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HDST=`host $DST \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HSPT=`grep "\W$SPT/$PROTO\W" /etc/services \| awk '{print $1}'` HDPT=`grep "\W$DPT/$PROTO\W" /etc/services \| awk '{print $1}'` HSRC=${HSRC:-$SRC} HDST=${HDST:-$DST} HSPT=${HSPT:-$SPT} HDPT=${HDPT:-$DPT} IPDST="-d $HDST -p $PROTO" FQDNDST="-d $DST -p $PROTO" [ $CHAIN == "INPUT" ] && IPDST="-p $PROTO" [ $CHAIN == "INPUT" ] && FQDNDST="-p $PROTO" [ -z $DPT ] \|\| IPDST="$IPDST --dport $DPT" [ -z $DPT ] \|\| FQDNDST="$FQDNDST --dport $DPT" ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,\ DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \ -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"` ACTION=${ACTION:-"SKIP"} case $ACTION in SKIP) continue;; ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNDST>";; ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$IPDST>";; DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNDST>";; DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$IPDST>";; ) continue;; esac sleep 3 done
Ответить \| Правка \| ^ к родителю #0 \| Наверх \| Cообщить модератору


	4. "Personal firewall in Linux"	+/–
	Сообщение от anonymous (??) on 17-Мрт-11, 03:28
	fixed2: cat > firewall.sh IPTABLES='/usr/sbin/iptables' while read line do unset SRC unset SPT unset DST unset DPT unset HSRC unset HSPT unset HDST unset HDPT unset IPDST unset FQDNDST unset ACTION echo $line \| grep "firewall-" > /dev/null 2>&1 [ $? != 0 ] && continue for item in $line do case $item in firewall-) CHAIN=${item#firewall-};; PROTO=) PROTO=${item#PROTO=}; PROTO=${PROTO,,};; SRC=) SRC=${item#SRC=};; SPT=) SPT=${item#SPT=};; DST=) DST=${item#DST=};; DPT=) DPT=${item#DPT=};; esac done [ $CHAIN == "INPUT" ] && sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$7}' \ \| grep "$PROTO${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$5,$7}' \ \| grep "$PROTO\W$DST\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue HSRC=`host $SRC \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HDST=`host $DST \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HSPT=`grep "\W$SPT/$PROTO\W" /etc/services \| awk '{print $1}'` HDPT=`grep "\W$DPT/$PROTO\W" /etc/services \| awk '{print $1}'` HSRC=${HSRC:-$SRC} HDST=${HDST:-$DST} HSPT=${HSPT:-$SPT} HDPT=${HDPT:-$DPT} IPDST="-d $DST -p $PROTO" FQDNDST="-d $HDST -p $PROTO" [ $CHAIN == "INPUT" ] && IPDST="-p $PROTO" [ $CHAIN == "INPUT" ] && FQDNDST="-p $PROTO" [ -z $DPT ] \|\| IPDST="$IPDST --dport $DPT" [ -z $DPT ] \|\| FQDNDST="$FQDNDST --dport $DPT" ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,\ DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \ -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"` ACTION=${ACTION:-"SKIP"} case $ACTION in SKIP) continue;; ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNDST>";; ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$IPDST>";; DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNDST -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNDST>";; DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPDST -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$IPDST>";; *) continue;; esac sleep 3 done Sorry!!!
	Ответить \| Правка \| ^ к родителю #3 \| Наверх \| Cообщить модератору


	5. "Personal firewall in Linux"	+/–
	Сообщение от anonymous (??) on 17-Мрт-11, 13:53
	fixed 3 IPTABLES='/usr/sbin/iptables' while read line do unset SRC unset SPT unset DST unset DPT unset HSRC unset HSPT unset HDST unset HDPT unset IPRULE unset FQDNRULE unset ACTION echo $line \| grep "firewall-" > /dev/null 2>&1 [ $? != 0 ] && continue for item in $line do case $item in firewall-) CHAIN=${item#firewall-};; PROTO=) PROTO=${item#PROTO=}; PROTO=${PROTO,,};; SRC=) SRC=${item#SRC=};; SPT=) SPT=${item#SPT=};; DST=) DST=${item#DST=};; DPT=) DPT=${item#DPT=};; esac done case $CHAIN in INPUT) sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$4,$7}' \ \| grep "$PROTO\W$SRC\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue;; OUTPUT) sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$5,$7}' \ \| grep "$PROTO\W$DST\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue;; FORWARD) sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$4,$5,$7}' \ \| grep "$PROTO\W$SRC\W$DST\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue;; esac [ $CHAIN == "INPUT" ] && sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$7}' \ \| grep "$PROTO${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue sudo $IPTABLES -n -L $CHAIN \| awk '{print $2,$5,$7}' \ \| grep "$PROTO\W$DST\/\w${DPT:+"\\Wdpt:$DPT"}\W$" > /dev/null && continue HSRC=`host $SRC \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HDST=`host $DST \| grep "domain name pointer" \| head -n 1 \| awk '{print $5}'` HSPT=`grep "\W$SPT/$PROTO\W" /etc/services \| awk '{print $1}'` HDPT=`grep "\W$DPT/$PROTO\W" /etc/services \| awk '{print $1}'` HSRC=${HSRC:-$SRC} HDST=${HDST:-$DST} HSPT=${HSPT:-$SPT} HDPT=${HDPT:-$DPT} case $CHAIN in INPUT) IPRULE="-s $SRC -p $PROTO"; FQDNRULE="-s $HSRC -p $PROTO";; OUTPUT) IPRULE="-d $DST -p $PROTO"; FQDNRULE="-d $HDST -p $PROTO";; FORWARD) IPRULE="-s $SRC -d $DST -p $PROTO"; FQDNRULE="-s $HSRC -d $HDST -p $PROTO";; esac [ -z $DPT ] \|\| IPRULE="$IPRULE --dport $DPT" [ -z $DPT ] \|\| FQDNRULE="$FQDNRULE --dport $DPT" ACTION=`LANG=C xmessage -buttons "ACCEPT-FQDN,ACCEPT-IP,DROP-FQDN,DROP-IP,SKIP" -default SKIP -timeout 15 \ -print "$HSRC => $HDST:$HDPT($DST:$DPT/$PROTO)"` ACTION=${ACTION:-"SKIP"} case $ACTION in SKIP) continue;; ACCEPT-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNRULE -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNRULE>";; ACCEPT-IP) sudo $IPTABLES -I $CHAIN 4 $IPRULE -j ACCEPT \ \|\| LANG=C xmessage "Error performing line: $line <$IPRULE>";; DROP-FQDN) sudo $IPTABLES -I $CHAIN 4 $FQDNRULE -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$FQDNRULE>";; DROP-IP) sudo $IPTABLES -I $CHAIN 4 $IPRULE -j DROP \ \|\| LANG=C xmessage "Error performing line: $line <$IPRULE>";; ) continue;; esac done
	Ответить \| Правка \| ^ к родителю #4 \| Наверх \| Cообщить модератору