Brainwrecked-Scripts/iptmod at master · BrainwreckedTech/Brainwrecked-Scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# A program to temporarily modify an IPTables firewall.

for ARGUMENT; do
  if  [ "${ARGUMENT}" == '-h' ] || [ "${ARGUMENT}" == '--help' ]; then
    echo "${0} <action> <clients> <services>"
    echo
    echo "   action    add or remove (several shortcuts accepted)"
    echo "   clients   comma-separated list of addresses or resolvable names"
    echo "   service   comma-separated list of services to open up (or all to affect all)"
    echo
    echo " The following service names are recognized:"
    echo
    echo "   dlna,nfs,pop3,samba,sshd"
    echo
    echo " The following service groups are recognized:"
    echo
    echo "   getfiles   nfs4 + samba"
    echo "   getmail    imap + pop3"
    echo "   getmails   imamps + pop3s"
    echo "   sendmail   smtp + getmail"
    echo "   sendmails  smtps + getmails"
    echo "   www        http + https"
    exit 0
  fi
  [ -z "${REQ_ACTN}" ] && REQ_ACTN="${ARGUMENT}" && continue
  [ -z "${NCLIENTS}" ] && NCLIENTS="${ARGUMENT}" && continue
  [ -z "${SERVICES}" ] && SERVICES="${ARGUMENT}" || SERVICES="${SERVICES} ${ARGUMENT}"
done

case "${REQ_ACTN}" in
                         A|a|add) RULEACTN=A;;
  D|d|del|delete|r|rm|rem|remove) RULEACTN=D;;
                               *) echo "Unknown rule action '${REQ_ACTN}'" && exit 1;;
esac

IFS=","

function openports() {
  for IP_PORT in ${1}; do
    sudo iptables -${RULEACTN} UDP -s ${LNCLIENT} -p udp -m udp --dport ${IP_PORT} -j ACCEPT
    sudo iptables -${RULEACTN} TCP -s ${LNCLIENT} -p tcp -m tcp --dport ${IP_PORT} -j ACCEPT
  done
}

SSHDPORT=$(grep '^Port' /etc/ssh/sshd_config | sed 's/\s+/ /g' | cut -d\  -f2)"

for LNCLIENT in ${NCLIENTS};  do
  case ${SERVICES} in
                                *,dlna,*|*,all,*) openports "8200";;
                        *,http,*|*,www,*|*,all,*) openports "80";;
                       *,https,*|*,www,*|*,all,*) openports "443";;
                    *,imap,*|*,getmail*,|*,all,*) openports "143" ;;
                  *,imaps,*|*,getmails*,|*,all,*) openports "993" ;;
                                *,nfs3,*|*,all,*) openports "111,2049,20048,32765,32803";;
                   *,nfs4,*|*,getfiles,*|*,all,*) openports "2049";;
                    *,pop3,*|*,getmail*,|*,all,*) openports "110" ;;
                  *,pop3s,*|*,getmails*,|*,all,*) openports "995" ;;
                  *,samba,*|*,getfiles*,|*,all,*) openports "137:139,445" ;;
       *,smtp,*|*,getmail,*|*,sendmail,*|*,all,*) openports "25,26" ;;
    *,smtps,*|*,getmails,*|*,sendmails,*|*,all,*) openports "465" ;;
                                *,sshd,*|*,all,*) openports "${SSHDPORT}";;
  esac
done