version 2.19, 2005/03/01 23:17:11 |
version 2.22, 2005/03/16 13:53:36 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.18 2005/03/01 21:47:20 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.21 2005/03/06 19:18:04 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
print_iface_status() |
print_iface_status() |
{ # {{{ |
{ # {{{ |
# Print interfaces: |
# Print interfaces: |
echo "# iface | IP addr | broadcast | netmask | HW addr" |
echo "# iface | IP addr | Gateway | broadcast | netmask | HW addr" |
for iface in $interfaces; do |
for iface in $interfaces; do |
IP="IP_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
IP="IP_$iface"; Gateway="Gateway_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
echo "$iface | ${!IP} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
echo "$iface | ${!IP} | ${!Gateway} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
done |
done |
} # }}} |
} # }}} |
|
|
|
|
|
|
} # }}} |
} # }}} |
|
|
|
bann_ip_adresses() |
|
{ # {{{ |
|
# |
|
# This feature has been developed for following reason: |
|
# UbiCrawler spam our website with many requests (they are duplicit requests of the same page!) |
|
# And this web robot doesn't accept HTTP META tags (http://www.robotstxt.org/wc/faq.html#extension) |
|
# |
|
# Bann them too! |
|
# |
|
#IP address is: 146.48.97.11 146.48.97.13 |
|
# User Agent: "UbiCrawler/v0.4beta (http://ubi.iit.cnr.it/projects/ubicrawler/)" |
|
# |
|
if [ ! -z "$BANNED_IP" ]; then |
|
echo -en "Dropping ALL packets from IP:" |
|
for banned_ip in $BANNED_IP; do |
|
echo -en " $banned_ip" |
|
$IPTABLES -A INPUT -s $banned_ip -j DROP |
|
$IPTABLES -A FORWARD -s $banned_ip -j DROP |
|
done |
|
echo " done." |
|
fi |
|
} # }}} |
|
|
allow_accept_all() |
allow_accept_all() |
{ # {{{ |
{ # {{{ |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
if [ ! -z "$IFACE_ACCEPT_ALL" ]; then |
Line 577 accept_loopback() |
|
Line 600 accept_loopback() |
|
|
|
# Loopback není radno omezovat |
# Loopback není radno omezovat |
echo -en "Accepting loopback:" |
echo -en "Accepting loopback:" |
$IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT |
$IPTABLES -A INPUT -i $LO_IFACE -j ACCEPT |
|
$IPTABLES -A OUTPUT -o $LO_IFACE -j ACCEPT |
echo " done." |
echo " done." |
|
|
} # }}} |
} # }}} |
Line 618 parse_ifconfig() |
|
Line 642 parse_ifconfig() |
|
END { printf "\ninterfaces=\"%s\"; export interfaces;\n", interfaces; } |
END { printf "\ninterfaces=\"%s\"; export interfaces;\n", interfaces; } |
'` |
'` |
|
|
|
eval `perl -e ' |
|
$\ = "\n"; |
|
open(FILE, "/proc/net/route") or die "Can not open /proc/net/route: $!"; |
|
my @columns = split(/\s+/, <FILE>); |
|
while (my $line = <FILE>) { |
|
my $iface; |
|
my @vals = split(/\s+/, $line); |
|
foreach my $key (@columns) { |
|
$iface->{$key} = shift @vals; |
|
} |
|
|
|
foreach my $key (qw( Gateway Destination )) { |
|
print "${key}_$iface->{Iface}=", |
|
qw("), hex2ip($iface->{$key}), qw("), |
|
"; export ${key}_$iface->{Iface};"; |
|
} |
|
foreach my $key (qw( Flags MTU Metric Window IRTT )) { |
|
print "${key}_$iface->{Iface}=", |
|
qw("), $iface->{$key}, qw("), |
|
"; export ${key}_$iface->{Iface};"; |
|
} |
|
} |
|
close(FILE); |
|
|
|
|
|
sub hex2ip |
|
{ # {{{ |
|
my ($str) = @_; |
|
my @block; |
|
|
|
my $hex = uc($str); |
|
|
|
while (length($hex)) { |
|
my $x = ord(substr($hex, 0, 1)); |
|
my $y = ord(substr($hex, 1, 1)); |
|
|
|
$x = $x > 64 ? $x - 55 : $x - 48; |
|
$y = $y > 64 ? $y - 55 : $y - 48; |
|
|
|
push @block, 16 * $x + $y; |
|
$hex = substr($hex, 2); |
|
} |
|
|
|
return join(".", reverse @block); |
|
|
|
} # }}} |
|
'` |
# Now we have defined variables like this: |
# Now we have defined variables like this: |
# IFACE_eth0 HWaddr_eth0 IP_eth0 Bcast_eth0 Mask_eth0 |
# IFACE_eth0 HWaddr_eth0 IP_eth0 Bcast_eth0 Mask_eth0 |
# IFACE_lo HWaddr_lo IP_lo Bcast_lo Mask_lo |
# IFACE_lo HWaddr_lo IP_lo Bcast_lo Mask_lo |
|
|
# |
# |
# (un)commnet next lines as needed |
# (un)commnet next lines as needed |
# |
# |
|
bann_ip_adresses |
allow_accept_all |
allow_accept_all |
nmap_scan_filter |
nmap_scan_filter |
invalid_packet_filter |
invalid_packet_filter |