Home Explore Help
Sign In
yosoyhendrix
/
vesta
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: ebe14052d2
Branches Tags
vesta
/
bin
/
v-add-firewall-chain

v-add-firewall-chain 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586 
  1. #!/bin/bash
    2. 

  2. # info: add firewall chain
    3. 

  3. # options: CHAIN [PORT] [PROTOCOL] [PROTOCOL]
    4. 

  4. #
    5. 

  5. # The function adds new rule to system firewall
    6. 

  6. 

  7. 

  8. #----------------------------------------------------------#
    9. 

  9. #                    Variable&Function                     #
    10. 

  10. #----------------------------------------------------------#
    11. 

  11. 

  12. # Importing system variables
    13. 

  13. source /etc/profile
    14. 

  14. 

  15. # Argument definition
    16. 

  16. chain=$(echo $1 | tr '[:lower:]' '[:upper:]')
    17. 

  17. port=$2
    18. 

  18. protocol=${4-TCP}
    19. 

  19. protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
    20. 

  20. 

  21. # Defining absolute path to iptables
    22. 

  22. iptables="/sbin/iptables"
    23. 

  23. 

  24. # Includes
    25. 

  25. source $VESTA/func/main.sh
    26. 

  26. source $VESTA/conf/vesta.conf
    27. 

  27. 

  28. 

  29. #----------------------------------------------------------#
    30. 

  30. #                    Verifications                         #
    31. 

  31. #----------------------------------------------------------#
    32. 

  32. 

  33. check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]'
    34. 

  34. is_format_valid 'chain'
    35. 

  35. is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
    36. 

  36. 

  37. 

  38. #----------------------------------------------------------#
    39. 

  39. #                       Action                             #
    40. 

  40. #----------------------------------------------------------#
    41. 

  41. 

  42. # Checking known chains
    43. 

  43. case $chain in
    44. 

  44.     SSH)        port=22; protocol=TCP ;;
    45. 

  45.     FTP)        port=21; protocol=TCP  ;;
    46. 

  46.     MAIL)       port='25,465,587,2525,110,995,143,993'; protocol=TCP  ;;
    47. 

  47.     DNS)        port=53; protocol=UDP  ;;
    48. 

  48.     WEB)        port='80,443'; protocol=TCP  ;;
    49. 

  49.     DB)         port='3306,5432'; protocol=TCP  ;;
    50. 

  50.     VESTA)      port=8083; protocol=TCP  ;;
    51. 

  51.     *)          check_args '2' "$#" 'CHAIN PORT' ;;
    52. 

  52. esac
    53. 

  53. 

  54. # Adding chain
    55. 

  55. $iptables -N fail2ban-$chain 2>/dev/null
    56. 

  56. if [ $? -eq 0 ]; then
    57. 

  57.     $iptables -A fail2ban-$chain -j RETURN
    58. 

  58. 

  59.     # Adding multiport module
    60. 

  60.     if [[ "$port" =~ ,|-|: ]] ; then
    61. 

  61.         port_str="-m multiport --dports $port"
    62. 

  62.     else
    63. 

  63.         port_str="--dport $port"
    64. 

  64.     fi
    65. 

  65.     $iptables -I INPUT -p $protocol $port_str -j fail2ban-$chain
    66. 

  66. fi
    67. 

  67. 

  68. # Preserving chain
    69. 

  69. chains=$VESTA/data/firewall/chains.conf
    70. 

  70. check_chain=$(grep "CHAIN='$chain'" $chains 2>/dev/null)
    71. 

  71. if [ -z "$check_chain" ]; then
    72. 

  72.     echo "CHAIN='$chain' PORT='$port' PROTOCOL='$protocol'" >> $chains
    73. 

  73. fi
    74. 

  74. 

  75. # Changing permissions
    76. 

  76. chmod 660 $chains
    77. 

  77. 

  78. 

  79. #----------------------------------------------------------#
    80. 

  80. #                       Vesta                              #
    81. 

  81. #----------------------------------------------------------#
    82. 

  82. 

  83. # Logging
    84. 

  84. log_event "$OK" "$ARGUMENTS"
    85. 

  85. 

  86. exit
    87.