INIT Script for Firewall


#!/bin/bash

WHITELIST=/usr/local/etc/whitelist.txt
BLACKLIST=/usr/local/etc/blacklist.txt

Specify Ports
ALLOWED=”22 80″

Specify where IP Tables is located
IPTABLES=/sbin/iptables

Do Not Edit Below Line
RETVAL=0

To start the firewall
start() {
echo “Setting up firewall rules…”
echo ‘Allowing Localhost’
Allow localhost.
$IPTABLES -A INPUT -t filter -s 127.0.0.1 -j ACCEPT

  Whitelist
for x in grep -v ^# $WHITELIST | awk '{print $1}'; do
echo “Permitting $x…”
$IPTABLES -A INPUT -t filter -s $x -j ACCEPT
done

  Blacklist
for x in grep -v ^# $BLACKLIST | awk '{print $1}'; do
echo “Denying $x…”
$IPTABLES -A INPUT -t filter -s $x -j DROP
done

Permitted Ports
for port in $ALLOWED; do
echo “Accepting port TCP $port…”
$IPTABLES -A INPUT -t filter -p tcp –dport $port -j ACCEPT
done

for port in $ALLOWED; do
echo “Accepting port UDP $port…”
$IPTABLES -A INPUT -t filter -p udp –dport $port -j ACCEPT
done

$IPTABLES -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p udp -j DROP
$IPTABLES -A INPUT -p tcp –syn -j DROP
RETVAL=0
}

Stopping Firewall
stop() {
echo “Removing all iptables rules…”
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
RETVAL=0
}
case $1 in
start)
stop
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
/sbin/iptables -L
/sbin/iptables -t nat -L
RETVAL=0
;;
*)
echo “Usage: firewall {start|stop|restart|status}”
RETVAL=1
esac
exit $RETVAL

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s