64 lines
1.3 KiB
Bash
64 lines
1.3 KiB
Bash
#!/bin/bash
|
|
# firewall.sh - Made for Puppi
|
|
|
|
# Sources common header for Puppi scripts
|
|
. $(dirname $0)/header || exit 10
|
|
|
|
# Show help
|
|
showhelp () {
|
|
echo "This script places a temporary firewall (iptables) rule to block access from the IP defined"
|
|
echo "It has the following options:"
|
|
echo "\$1 (Required) - Remote Ip address to block (Generally a load balancer"
|
|
echo "\$2 (Required) - Local port to block (0 for all ports"
|
|
echo "\$3 (Required) - Set on or off to insert or remove the blocking rule"
|
|
echo "\$4 (Required) - Number of seconds to sleep after having set the rule"
|
|
echo
|
|
echo "Examples:"
|
|
echo "firewall.sh 10.42.0.1 0 on"
|
|
echo "firewall.sh 10.42.0.1 0 off"
|
|
}
|
|
|
|
# Check arguments
|
|
if [ $2 ] ; then
|
|
ip=$1
|
|
port=$2
|
|
else
|
|
showhelp
|
|
exit 2
|
|
fi
|
|
|
|
if [ $3 ] ; then
|
|
if [ "$3" = "on" ] ; then
|
|
action="-I"
|
|
elif [ "$3" = "off" ] ; then
|
|
action="-D"
|
|
else
|
|
showhelp
|
|
exit 2
|
|
fi
|
|
else
|
|
showhelp
|
|
exit 2
|
|
fi
|
|
|
|
if [ $4 ] ; then
|
|
delay=$4
|
|
else
|
|
delay="1"
|
|
fi
|
|
|
|
# Block
|
|
run_iptables () {
|
|
if [ "$port" = "0" ] ; then
|
|
iptables $action INPUT -s $ip -j DROP
|
|
else
|
|
iptables $action INPUT -s $ip -p tcp --dport $port -j DROP
|
|
fi
|
|
}
|
|
|
|
run_iptables
|
|
echo "Sleeping for $delay seconds"
|
|
sleep $delay
|
|
|
|
# Sooner or later this script will have multiOS support
|