A little screening router shell-script

Don´t be shy, Linux is fun! =)
Post Reply
User avatar
bad_brain
Site Owner
Site Owner
Posts: 11549
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

A little screening router shell-script

Post by bad_brain »

Here´s a little script with which you can run a Linux box in a network as a screening router:

Code: Select all

#!/bin/bash

# D:\\inetpub\wwwroot
ACTION=$1

echo $ACTION

case "$ACTION" in 
	start)
	        echo FW start
                 iptables -P INPUT DROP
                 iptables -P OUTPUT DROP
                 iptables -P FORWARD DROP
                 iptables -F
                 iptables -X
                 iptables -t nat -F

                 iptables -A INPUT -p icmp -j ACCEPT
                 iptables -A OUTPUT -p icmp -j ACCEPT
                 iptables -A FORWARD -p icmp -j ACCEPT

                 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
                 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT

                 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
  
               
                 iptables -A FORWARD -p tcp -s 192.168.40.10/32 -d 192.168.45.10/32 --dport 80 -j ACCEPT
             

#	         ifconfig eth0   192.168.40.1 up
#                ifconfig eth0:0 192.168.45.1 up
#                 echo 1> /proc/sys/net/ipv4/ip_forward

        ;;
	stop)
	        echo FW stop
#                ifconfig eth0:0 down
#                ifconfig eth0 down
                
#                echo 0 > /proc/sys/net/ipv4/ip-forward

                iptables -F
                iptables -X
                iptables -t nat -F
                iptables -P INPUT ACCEPT
                iptables -P OUTPUT ACCEPT
                iptables -P FORWARD ACCEPT               




	;;
	*)
                echo wrong entry!
       	;;
       

esac
you can run the script simply by start <scriptname> or stop <scriptname>,
of course the IP adresses need to be changed to the actual ones. with the script you can pipe the traffic of 2 boxes (windows or linux) through the screening router and so decide which traffic is ok and which not. this example is designed for accessing a web server, all other traffic will be blocked, and through the statful inspection rules a connection which is established will automaticly get access to other services (if needed).
when you enter stop <scriptname> all firewall rules will be deleted again, so it´s very nice for experiments and get a little deeper into iptables.
enjoy... :wink:

User avatar
maboroshi
Dr. Mab
Dr. Mab
Posts: 1607
Joined: 28 Aug 2005, 16:00
15

Bash

Post by maboroshi »

You wrote that in Bash thats pretty clever. I can tell you've been around the Unix scene a while

Anyway Cheers

Thanks for the script

User avatar
egghead4life
Newbie
Newbie
Posts: 8
Joined: 21 Jul 2006, 16:00
14

Post by egghead4life »

very nice

we may be ableto use you at our forums. We are a group, the forums are very new, i wrote a few tuts, not much.. Dont have time while in C++ class.

What do you program in besides bash?
We need software cracker, who knows assembly.
PHP for forum--> help create applets
C++ coder for all your other needs
Avid *nix user.
Must know either about remote and physical hacking. Basic knowlege for now is fine.


adress removed by b_b
PM ME
or AIM- removed by ...guess who...^^

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11549
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

thanks, I feel honored...but I simply have not enough time left to work for other sites. my main focus is on server administration, forensics and networking in general.....the fact that your site is running on webspace and not on a own server also makes the job uninteresting to me because there's nothing to do.... :wink:

Post Reply