prox-fire 2.43 KB
#!/bin/bash 
 
#    <prox-fire Proxmox-Port öffnen und schließen>
# version: 0.2
#    Copyright (C) <2013>  <Heiko Kokemoor>
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 


EXT_IFACE='eth0'
LO_EXT_IFACE='lo'
IPTABLES='/sbin/iptables'
LOGLEVELDROP='4' # 1=alert,2=critical,3=error,4=warning,5=notice,6=info,7=debug
LOGLEVELACCEPT='4'
PROXPORT='8006'

 
check_rule_start()
{
        $IPTABLES -L|grep "tcp dpt:$PROXPORT"
}
 
accept_proxmox()
{
	CLIENT_IP=$(echo $SSH_CLIENT | awk '{ print $1}')
	CLIENT_PORT=$(echo $SSH_CLIENT | awk '{ print $2}')
	printf "$CLIENT_IP\t$CLIENT_PORT" >> $OPEN_PORTS_FILE

        $IPTABLES -A INPUT -i $EXT_IFACE -p tcp --dport $PROXPORT -s $CLIENT_IP -j ACCEPT
        $IPTABLES -A OUTPUT  -o $EXT_IFACE -p tcp --dport $PROXPORT -s $CLIENT_IP -j ACCEPT
}
 
drop_proxmox()
{
        EI=0
        EO=0
        while [ $EI = 0 ] && [ $EO = 0 ]
        do
                $IPTABLES -D INPUT -i $EXT_IFACE -p tcp --dport $PROXPORT -j ACCEPT
                EI=$?
                $IPTABLES -D OUTPUT  -o $EXT_IFACE -p tcp --dport $PROXPORT -j ACCEPT
                EO=$?
        done
}

stop_all()
{
	 C=0
	unset L
	unset Z
	unset A	
	
	 A=$(iptables -L -n |grep $PROXPORT |awk '{print $4}'|uniq)

	while [ $C = 0 ]
		do  
			L=$(wcalc -q $L+1)
			Z[$L]=$(echo $A|cut -d' ' -f$L)
			$IPTABLES -D INPUT -i $EXT_IFACE -p tcp --dport $PROXPORT -s ${Z[$L]} -j ACCEPT
			$IPTABLES -D OUTPUT -o $EXT_IFACE -p tcp --dport $PROXPORT -s ${Z[$L]} -j ACCEPT
			if [ -z ${Z[$L]} ]
				then C=1
			fi
		done
}


i=$1
 
case $i in
        start)
	        check_rule_start
	        if [  $? = 1 ]
        		then
                		accept_proxmox
	        fi
 
        ;;
        stop)
        	drop_proxmox
        ;;
	stop-all)
		stop_all
	;;
        *)
	        echo $(basename $0) '[start|stop] - opens a port for the Porxmox Webinterface'
        ;;
esac