Startsida Utforska Hjälp
Logga in
yosoyhendrix
/
vesta
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 357eb42647
Grenar Taggar
vesta
/
bin
/
v-add-firewall-chain

v-add-firewall-chain 2.3 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. #!/bin/bash
    2. 

  2. # info: add firewall chain
    3. 

  3. # options: CHAIN [PORT] [PROTOCOL] [PROTOCOL]
    4. 

  4. #
    5. 

  5. # The function adds new rule to system firewall
    6. 

  6. 

  7. 

  8. #----------------------------------------------------------#
    9. 

  9. #                    Variable&Function                     #
    10. 

  10. #----------------------------------------------------------#
    11. 

  11. 

  12. # Importing system variables
    13. 

  13. source /etc/profile
    14. 

  14. 

  15. # Argument defenition
    16. 

  16. chain=$(echo $1 | tr '[:lower:]' '[:upper:]')
    17. 

  17. port=$2
    18. 

  18. protocol=${4-TCP}
    19. 

  19. protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
    20. 

  20. 

  21. # Defining absolute path to iptables
    22. 

  22. iptables="/sbin/iptables"
    23. 

  23. 

  24. # Includes
    25. 

  25. source $VESTA/func/main.sh
    26. 

  26. source $VESTA/conf/vesta.conf
    27. 

  27. 

  28. 

  29. #----------------------------------------------------------#
    30. 

  30. #                    Verifications                         #
    31. 

  31. #----------------------------------------------------------#
    32. 

  32. 

  33. check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]'
    34. 

  34. validate_format 'chain'
    35. 

  35. is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
    36. 

  36. 

  37. 

  38. #----------------------------------------------------------#
    39. 

  39. #                       Action                             #
    40. 

  40. #----------------------------------------------------------#
    41. 

  41. 

  42. # Checking known chains
    43. 

  43. case $chain in
    44. 

  44.     SSH)        port=22; protocol=TCP ;;
    45. 

  45.     FTP)        port=21; protocol=TCP  ;;
    46. 

  46.     MAIL)       port=25; protocol=TCP  ;;
    47. 

  47.     DNS)        port=53; protocol=UDP  ;;
    48. 

  48.     HTTP)       port=80; protocol=TCP  ;;
    49. 

  49.     HTTPS)      port=443; protocol=TCP  ;;
    50. 

  50.     POP3)       port=110; protocol=TCP  ;;
    51. 

  51.     IMAP)       port=143; protocol=TCP  ;;
    52. 

  52.     MYSQL)      port=3306; protocol=TCP  ;;
    53. 

  53.     POSTGRES)   port=5432; protocol=TCP  ;;
    54. 

  54.     VESTA)      port=8083; protocol=TCP  ;;
    55. 

  55.     *)          check_args '2' "$#" 'CHAIN PORT' ;;
    56. 

  56. esac
    57. 

  57. 

  58. # Adding chain
    59. 

  59. $iptables -N fail2ban-$chain 2>/dev/null
    60. 

  60. if [ $? -eq 0 ]; then
    61. 

  61.     $iptables -A fail2ban-$chain -j RETURN
    62. 

  62.     $iptables -I INPUT -p $protocol --dport $port -j fail2ban-$chain
    63. 

  63. fi
    64. 

  64. 

  65. # Preserving chain
    66. 

  66. chains=$VESTA/data/firewall/chains.conf
    67. 

  67. check_chain=$(grep "CHAIN='$chain'" $chains 2>/dev/null)
    68. 

  68. if [ -z "$check_chain" ]; then
    69. 

  69.     echo "CHAIN='$chain' PORT='$port' PROTOCOL='$protocol'" >> $chains
    70. 

  70. fi
    71. 

  71. 

  72. # Changing permissions
    73. 

  73. chmod 660 $chains
    74. 

  74. 

  75. 

  76. #----------------------------------------------------------#
    77. 

  77. #                       Vesta                              #
    78. 

  78. #----------------------------------------------------------#
    79. 

  79. 

  80. # Logging
    81. 

  81. log_event "$OK" "$EVENT"
    82. 

  82. 

  83. exit
    84.