hello
#!/bin/bash
echo "Hello World"
exit 0
whatip
#!/bin/bash
/sbin/ifconfig
exit 0
#!/bin/bash
/sbin/ifconfig > data.out
exit 0
readparms
#!/bin/bash
echo 'The name of this scripts is ' $0
echo 'Number of Parameters received: '$#
echo 'Parameters received: '$*
echo 'Parameters received: '$@
echo 'The first parameter is '$1
exit 0
setvars
#!/bin/bash
optiona="READ"
optionb="WRITE"
echo "Option A is "$optiona", Option B is "$optionb
exit 0
calc
#!/bin/bash
echo "Please enter two integers (separated by the Enter Keystroke)"
read num1
read num2
let difference=($num1 - $num2)
let sum=($num1 + $num2)
let product=($num1 * $num2)
let quotient=($num1 / $num2)
let power=($num1 ** $num2)
echo "the difference is "$difference
echo "the sum is "$sum
echo "the product is "$product
echo "the quotient is "$quotient
echo $num1 "raised to the power of "$num2" is "$power
#
# Below is another way of performing calculation.
#
difference=$(($num1 - $num2))
sum=$(($num1 + $num2))
product=$(($num1 * $num2))
quotient=$(($num1 / $num2))
power=$(($num1 ** $num2))
echo "the difference is "$difference
echo "the sum is "$sum
echo "the product is "$product
echo "the quotient is "$quotient
echo $num1 "raised to the power of "$num2" is "$power
exit 0
prompt
#!/bin/bash
echo "Please enter the first integer"
read num1
echo "Please enter the second integer"
read num2
let difference=($num1 - $num2)
let sum=($num1 + $num2)
let product=($num1 * $num2)
let quotient=($num1 / $num2)
let power=($num1 ** $num2)
echo "the difference is "$difference
echo "the sum is "$sum
echo "the product is "$product
echo "the quotient is "$quotient
echo $num1 "raised to the power of "$num2" is "$power
exit 0
Select
or Case
#!/bin/bash
#
echo "...Begin of Test..."
if [ $# == 0 ]; then
echo "No parameters received."
option='NOOPT'
else
echo "Number of Parameters received: "$#
echo "Parameters received: "$*
option=$1
fi
case "$option" in
a | A )
echo "Option requested is "$option
;;
b | B )
echo "Option requested is "$option
;;
c | C )
echo "Option requested is "$option
;;
*)
echo "An invalid request "$option" was entered..., exiting."
exit 255
;;
esac
echo "...End of Test..."
exit 0
ForLoop
#!/bin/bash
echo "...Begin of Test..."
for (( ix = 1 ; ix <= 10; ix=ix+1 ))
do
echo "This is FOR loop iteration "$ix
done
n=0
for (( ix = 1 ; ix <= 10; ix=ix+1 ))
do
for (( iy = 1 ; iy <= 10; iy=iy+1 ))
do
let n=(n + 1)
echo "This is FOR loop iteration number "$n". (X="$ix",Y="$iy")"
done
done
echo "...End of Test..."
exit 0
WhileLoop
#!/bin/bash
echo "...Begin of Test..."
ix=1
while [ $ix -le 10 ]
do
echo "This is WHILE loop iteration " $ix
let ix=ix+1
done
echo "...End of Test..."
exit 0
Called
Functions
#!/bin/bash
myfunction()
{
echo "HELLO WORLD"
return
}
myEcho()
{
echo $#
echo $*
echo $1 $2 $3
return
}
promptContinue()
{
echo "Do you wish to continue?"
read contresponse
if [ $contresponse == "y" ]; then
echo "Continuing..."
return 1
else
echo "Request to Exit..."
return 0
fi
}
fileExist()
{
if [ -f $1 ]
then
echo "file $1 exists"
return 1
else
echo "Sorry, file $1 does not exist"
return 0
fi
}
now()
{
echo "Todays date and time is `date`"
return 0
}
Function
Calling Script
#!/bin/bash
if [ -f ~/scripts/functions ] ; then
. ~/scripts/functions
else
echo "Functions not found...exiting"
exit 0
fi
now
echo "You are about to test a function call."
promptContinue
echo "The return code from the function call is "$?
if [ $? == 0 ]; then
exit 0
fi
exit 0
Debugging
Script
#!/bin/bash
set -x
echo "...Begin of Debug Test..."
for (( ix = 1 ; ix <= 10; ix=ix+1 ))
do
echo "This is FOR loop iteration "$ix
done
echo "...End of Debug Test..."
set +x
exit 0
DISKCOPY
#!/bin/bash
#Function: Use to make copies of a floppy disk under BASH.
#set -x
echo `date`" Program $0 with $# parameters $*"
if [ -f ~/scripts/functions ] ; then
. ~/scripts/functions
else
echo "Functions not found...exiting"
exit 0
fi
if [ $# == 0 ]; then
echo "No parameters received."
option="vfat"
else
echo "Number of Parameters received: "$#
echo "Parameters received: "$*
option=$1
fi
case "$option" in
ext3 | linux | LINUX )
echo "Option requested is ext3"
fstype="ext3"
;;
vfat | WINDOWS | windows | WIN | win )
echo "Option requested is vfat"
fstype="vfat"
;;
dos | msdos )
echo "Option requested is msdos"
fstype="msdos"
;;
*)
echo "An invalid type of $option was entered...exiting"
exit 255
;;
esac
forever='true'
diskcount=0
while ($forever -eq 'true')
do
umount /mnt/floppy
echo "Insert readable SOURCE disk."
read enterkey
if [ ! -z $enterkey ]; then
break
fi
mount /mnt/floppy
echo "Copying files from SOURCE Area"
ls /mnt/floppy/ -l
rm mytemparea -f -r
mkdir mytemparea
cp -p -r /mnt/floppy/* -p mytemparea/
umount /mnt/floppy
echo "Remove your SOURCE disk and then Insert a writeable TARGET disk."
read enterkey
echo "Formatting diskette for type "$fstype" filesystem"
/sbin/mke2fs -T $fstype /dev/fd0
echo "format RC=$?"
if [ $? != 0 ]; then
exit $?
fi
mount -t $fstype /dev/fd0 /mnt/floppy
echo "Copying files to TARGET disk"
cp -p -r mytemparea/* /mnt/floppy/
echo "Displaying files on TARGET disk"
ls /mnt/floppy/ -lstr
umount /mnt/floppy
# let diskcount=(diskcount + 1)
# diskcount=$(expr $diskcount + 1)
diskcount=$(($diskcount + 1))
echo "...$0 copy completed...$diskcount"
done
echo "...$0 Terminated with $diskcount disk copies made."
exit 0
FILEPERMISSION
#!/bin/bash
#Function: Use to set/reset a files permissions using verbose.
#set -x
echo `date`" Program $0 (PROCESS ID $$)"
if [ -f /home/gjcullen/scripts/functions ] ; then
. /home/gjcullen/scripts/functions
else
echo "Functions not found...exiting"
exit 0
fi
if [ $# != 4 ]; then
echo "Invalid number of parameters received."
echo "Usage: $0 filename ENABLEMENT SCOPE DISPOSITION"
echo "ENABLEMENT can be: enable, disable, set, reset"
echo "SCOPE can be: user, group, other, all"
echo "DISPOSITION can be: read, write, execute"
echo " "
echo "Example: $0 myfile enable user write"
exit -127
else
echo "Number of Parameters received: "$#
echo "Parameters received: "$*
fi
case "$3" in
u | U | USER | user )
scope="u"
verbose_scope='OWNER'
;;
g | G | GROUP | group )
scope="g"
verbose_scope='GROUP'
;;
o | O | OTHER | other )
scope="o"
verbose_scope='OTHER'
;;
a | A | ALL | all )
scope="a"
verbose_scope='ALL'
;;
*)
echo "An invalid SCOPE request "$3" was entered..., exiting."
exit 255 ;;
esac
case "$4" in
r | read | READ )
disp="r"
verbose_disp='READ'
;;
w | write | WRITE )
disp="w"
verbose_disp='WRITE'
;;
x | execute | EXECUTE )
disp="x"
verbose_disp='EXECUTE'
;;
*)
echo "An invalid disposition request "$4" was entered..., exiting."
exit 255 ;;
esac
echo "Setting "$2 $3" permission for file $1"
case "$2" in
enable | ENABLE | set | SET )
direction="+"
echo "Setting "$verbose_scope $verbose_disp" permission for file $1"
;;
disable | DISABLE | reset | RESET )
direction="-"
echo "Resetting "$verbose_scope $verbose_disp" permission for file $1"
;;
*)
echo "An invalid ENABLEMENT request "$2" was entered..., exiting."
exit 255 ;;
esac
chmod $scope$direction$disp $1
ls $1 -lst
echo "$0 Completed..."
exit 0
FINDSTRING
#!/bin/bash
#Function: Search files for a given string argument.
#set -x
echo `date`" Program $0 (PROCESS ID $$)"
if [ $1 == ? ] || [ $1 == 'help' ]; then
echo "--HELP documentation --"
echo "parameter 1: search argument"
echo "parameter 2: search area"
echo "--End of HELP documentation --"
exit 0
fi
if [ $# == 0 ]; then
echo "No parameters received."
echo "Usage: $0 "
echo "Example: $0 cullen /home/gjcullen/"
exit -127
else
echo "Number of Parameters received: "$#
echo "Parameters received: "$*
fi
searcharg=$1
if [ $# -gt 1 ]
then
searcharea=$2*
else
searcharea=~/*
fi
echo " "
echo "...Search for string of : "$searcharg
echo " over an area of: "$searcharea
#set -x
grep -r -n -I -i -F -H -D skip --max-count=1 $searcharg $searcharea > data.out
echo "RC = "$?
echo " "
echo "$0...Search Completed..."
echo " results placed in file : data.out"
exit 0
CDBACKUP
#!/bin/bash
#Function: Backup files to a CDROM.
#set -x
echo `date`" Program $0 (PROCESS ID $$)"
if [ $1 == ? ] || [ $1 == 'help' ]; then
echo "--HELP documentation --"
echo "parameter 1: source user argument"
echo "parameter 2: fast | all | old"
echo "--End of HELP documentation --"
exit 0
fi
if [ $# == 0 ]; then
echo "No parameters received."
echo "Usage: $0 "
echo "Example: $0 gjcullen fast"
exit -127
else
echo "Number of Parameters received: "$#
echo "Parameters received: "$*
fi
userid=$1
if [ $# == 2 ]; then
option=$2
else
option='fast'
fi
source="/home/$userid"
echo "Source: $source"
target="/home/$userid/tmp/$userid.cdbackup"
echo "Target: $target"
mkdir /home/$userid/tmp
case "$option" in
NOOPT )
echo "Option requested is NOOPT"
blanktype="fast"
rm -f $target
mkisofs -U -v -m tmp -m OpenOff* -m temp -m photos -m '.*' -m '.*.*' -o $target $source
;;
fast | FAST )
echo "Option requested is FAST init."
blanktype="fast"
mkisofs -U -v -m tmp -m OpenOff* -m temp -m photos -m '.*' -m '.*.*' -o $target $source
;;
all | ALL )
echo "Option requested is ALL init."
blanktype="all"
mkisofs -U -v -m tmp -m OpenOff* -m temp -m photos -m '.*' -m '.*.*' -o $target $source
;;
old | OLD )
echo "Option requested is use OLD backup."
blanktype="fast"
;;
*)
echo "An invalid option $option was entered...exiting"
exit 0
;;
esac
echo "$0 Recording to CDROM with blank="$blanktype" ..."
cdrecord -v speed=2 dev=0,0,0 blank=$blanktype -data $target
echo "$0...Backup Up to CDROM Completed..."
exit 0
Linux
Kernel
Sysgen
#!/bin/bash
# Source function library
echo -e "Date/Time: `date`"
if [ -f /home/$USER/scripts/functions ] ; then
. /home/$USER/scripts/functions
elif [ -f /home/$USER/scripts/functions ] ; then
. /home/$USER/scripts/functions
else
echo "Functions not found...exiting"
exit 0
fi
if [ $# == 0 ]; then
echo "No parameters received."
option="NOOPT"
else
echo "Number of Parameters received: "$#
echo "Parameters received: "$*
option=$1
fi
echo "Start the SYSGEN Build Process..."
promptContinue
if [ $? == 0 ]; then
exit 0
fi
#cd /usr/src/linux...
# make mrproper
# vi Makefile
# make make xconfig
echo 'Begin make dep'
make dep > dep.log 2>&1
echo 'make dep completed, RC='$?
echo 'Begin make clean'
make clean > clean.log 2>&1
echo 'make clean completed, RC='$?
echo 'Begin make bzImage'
make bzImage > bzimage.log 2>&1
echo 'make bzImage completed, RC='$?
echo 'Begin make modules'
make modules > modules.log 2>&1
echo 'make modules completed, RC='$?
echo 'Begin make modules_install'
make modules_install > modules_install.log 2>&1
echo 'make modules_install completed, RC='$?
echo 'Begin make install'
make install > install.log 2>&1
echo 'make install completed, RC='$?
echo "Check logging"
ls *.log -l
ls /boot/initrd* -l
ls /boot/grub/grub.conf -l
echo "SYStem GENeration is completed"
exit 0
Flush
all IPTABLES
#!/bin/sh
#
# Resets iptables to default values.
#
#
echo "...Flush IPTABLES..."
IPTABLES="/sbin/iptables"
#
# reset the default policies in the filter table.
#
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
#
# reset the default policies in the nat table.
#
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
#
# reset the default policies in the mangle table.
#
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
#
# flush all the rules in the filter and nat tables.
#
$IPTABLES -F
$IPTABLES -t nat -F PREROUTING
$IPTABLES -t nat -F POSTROUTING
$IPTABLES -t mangle -F PREROUTING
$IPTABLES -t mangle -F POSTROUTING
#
# erase all chains that's not default in filter and nat table.
#
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X
echo "...Flush of IPTABLES is Completed..."
No
Protection IPTABLES policy
#!/bin/bash
#
echo " "
echo "IPTABLES ALLOW all hackers Firewall Policy" $0
echo "Flushing Rules"
# Flush all rules
/sbin/iptables -F
# Enable IP Forwarding
echo "Enable IP Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
echo " "
echo "...IPTABLES Gateway NoFirewall Policy Load Completed..."
exit 0
Maximum
Protection IPTABLES policy
#!/bin/bash
#
echo " "
echo "IPTABLES Maximum Firewall Policy" $0
# Flush all rules
/sbin/iptables -F
# Drop or Reject everything by DEFAULT if no overriding rule.
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
echo " "
echo "...IPTABLES Maximum Firewall Parameter Load Completed..."
exit 0
Example
of a General
Protection IPTABLES policy
#!/bin/bash
#
# Note eth0 is the link to the Internet.
# Note eth1 is the link to the internal LAN.
echo " " echo "IPTABLES Gateway Firewall Policy" $0
echo "Number of parameters entered is" $#
echo "Parameters entered are" $*
echo "Flushing Rules"
# Flush all rules
/sbin/iptables -F
# Enable IP Forwarding
echo "Enable IP Forwarding"
echo "1" > /proc/sys/net/ipv4/ip_forward
# Drop or Reject everything by DEFAULT if no overriding rule.
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP
/sbin/iptables -P FORWARD DROP
echo "Setting tcp rules..."
# tcp User-defined chain.
/sbin/iptables -N uchain1
/sbin/iptables -A uchain1 -p tcp --syn -j ACCEPT
/sbin/iptables -A uchain1 -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A uchain1 -p tcp -j LOG --log-prefix "REJECTING this tcp "
/sbin/iptables -A uchain1 -p tcp -j REJECT
# tcp INPUT rules for requests targeted for this machine.
/sbin/iptables -A INPUT -p tcp -i lo -s 0/0 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth1 -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 20:23 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 25 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 80 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 110 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 113 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 123 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 1080 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 137:139 -j DROP
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 445 -j DROP
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 14323 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 14324 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -i eth0 -s 0/0 --destination-port 14325 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -s 0/0 -j uchain1
# tcp OUTPUT rules, close elite cracker ports.
/sbin/iptables -A OUTPUT -p tcp --sport 31337:31340 -j DROP
/sbin/iptables -A OUTPUT -p tcp --dport 31337:31340 -j DROP
/sbin/iptables -A OUTPUT -p tcp --dport 6346:6350 -j REJECT
/sbin/iptables -A OUTPUT -p tcp --dport 6346:6350 -j REJECT
/sbin/iptables -A OUTPUT -p tcp -j ACCEPT
# tcp FORWARD rules, for packets we want to squash from LAN with notification
/sbin/iptables -A FORWARD -p tcp --dport 6346:6350 -j REJECT
/sbin/iptables -A FORWARD -p tcp --dport 6346:6350 -j REJECT
/sbin/iptables -A FORWARD -p tcp -i eth0 --dport 631 -j REJECT
/sbin/iptables -A FORWARD -p tcp -i eth0 --dport 901 -j REJECT
# tcp FORWARD rules, for packets we want to forward. /sbin/iptables -A FORWARD -p tcp -s 127.0.0.1 -j ACCEPT
# FORWARD rules, for spoofing packets from outside
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/16 -i eth0 -j DROP
# FORWARD rules for outside VNC port forwarding
/sbin/iptables -A FORWARD -p tcp -d 192.168.0.3 --dport 4320 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -d 192.168.0.4 --dport 4320 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -d 192.168.0.5 --dport 4320 -j ACCEPT
# FORWARD rules for elite cracker ports from outside
/sbin/iptables -A FORWARD -p tcp --dport 31337:31340 -j DROP
/sbin/iptables -A FORWARD -p tcp --sport 31337:31340 -j DROP
# FORWARD rules, disallow SAMBA shares from outside of LAN
/sbin/iptables -A FORWARD -p tcp --dport 137:139 -i eth0 -j DROP
/sbin/iptables -A FORWARD -p tcp --dport 445 -i eth0 -j DROP
# FORWARD rules, allow any verified from internal LAN
/sbin/iptables -A FORWARD -p tcp -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A FORWARD -p tcp -j uchain1
# PREROUTING rules for port 80 and 1080 for selected clients.
#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.3 -p tcp --dport 80 -j DNAT --to 192.168.0.15:2080
#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.3 -p tcp --dport 1080 -j DNAT --to 192.168.0.15:3080
#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.4 -p tcp --dport 80 -j DNAT --to 192.168.0.15:2080
#/sbin/iptables -t nat -A PREROUTING -s 192.168.0.4 -p tcp --dport 1080 -j DNAT --to 192.168.0.15:3080
# PREROUTING rules for port VNC port 4320
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 14323 -j DNAT --to 192.168.0.3:4320
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 14324 -j DNAT --to 192.168.0.4:4320
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 14325 -j DNAT --to 192.168.0.5:4320
# POSTROUTING chain rules for dynamic IP
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# POSTROUTING rule, SNAT all packets that will be DNAT'd for VNC.
/sbin/iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.3 --dport 4320 -j SNAT --to-source 192.168.0.15
/sbin/iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.4 --dport 4320 -j SNAT --to-source 192.168.0.15
/sbin/iptables -t nat -A POSTROUTING -p tcp -d 192.168.0.5 --dport 4320 -j SNAT --to-source 192.168.0.15
echo "Setting udp rules..."
# udp User-defined chain /sbin/iptables -N uchain2
/sbin/iptables -A uchain2 -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
#/sbin/iptables -A uchain2 -p udp -j LOG --log-prefix "REJECTING this udp "
/sbin/iptables -A uchain2 -p udp -j REJECT
# udp INPUT rules for traffic targeted to this machine.
/sbin/iptables -A INPUT -p udp -i lo -s 0/0 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth1 -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth1 -d 192.168.0.255 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth1 -d 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -d 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 80 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 123 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 137:139 -j DROP
/sbin/iptables -A INPUT -p udp -i eth0 -s 0/0 --destination-port 445 -j DROP
/sbin/iptables -A INPUT -p udp -j uchain2
# udp OUTPUT rules to allow all outbound packets originating from this machine.
/sbin/iptables -A OUTPUT -p udp -j ACCEPT
# FORWARD rules, for spoofing packets from outside
/sbin/iptables -A FORWARD -p udp -s 192.168.0.0/16 -i eth0 -j DROP
# FORWARD rules, squash SAMBA shares outboard of LAN
/sbin/iptables -A FORWARD -p udp --dport 137:139 -i eth0 -j DROP
/sbin/iptables -A FORWARD -p udp --dport 445 -i eth0 -j DROP
# FORWARD rules, disallow SAMBA shares from outside of LAN
/sbin/iptables -A FORWARD -p udp --dport 137:139 -i eth0 -j DROP
/sbin/iptables -A FORWARD -p udp --dport 445 -i eth0 -j DROP
# FORWARD rules, allow any verified from internal LAN
/sbin/iptables -A FORWARD -p udp -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A FORWARD -p udp -j uchain2
echo "Setting icmp rules..."
# icmp User-defined chain.
/sbin/iptables -N uchain3
/sbin/iptables -A uchain3 -p icmp --icmp-type 0 -j ACCEPT
/sbin/iptables -A uchain3 -p icmp --icmp-type 8 -j ACCEPT
/sbin/iptables -A uchain3 -p icmp --icmp-type 11 -j ACCEPT
/sbin/iptables -A uchain3 -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
#/sbin/iptables -A uchain3 -p icmp -j LOG --log-prefix "REJECTING this icmp "
/sbin/iptables -A uchain3 -p icmp -j REJECT
# icmp INPUT rules for traffic targetted to this machine.
/sbin/iptables -A INPUT -p icmp -i lo -s 0/0 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -i eth1 -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -i eth1 -d 192.168.0.255 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -i eth1 -d 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -i eth0 -d 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j uchain3
# icmp OUTPUT rules to allow all outbound packets originating from this machine.
/sbin/iptables -A OUTPUT -p icmp -j ACCEPT
# icmp FORWARD rules # FORWARD rules, for spoofing packets from outside
/sbin/iptables -A FORWARD -p icmp -s 192.168.0.0/16 -i eth0 -j DROP
/sbin/iptables -A FORWARD -p icmp -s 192.168.0.0/16 -j ACCEPT
/sbin/iptables -A FORWARD -p icmp -j uchain3
echo " "
echo "$0 ...IPTABLES and Gateway Firewall Parameter Load Completed..."
exit 0
|