Skip to content
Toggle navigation
Projects
Groups
Snippets
Help
ncBash
/
mcBash
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Settings
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit e591985d
authored
Feb 17, 2014
by
Heiko Kokemoor
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
prox-fire öffnet jetzt nur noch den Zugang zum Frontend für die IP, die das Script ausführt.
1 parent
1123e00c
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
55 additions
and
49 deletions
prox-fire.d/prox-fire
prox-fire.d/prox-fire
View file @
e591985
#!/bin/bash
#!/bin/bash
# <prox-fire Proxmox-Port öffnen und schließen>
# version: 0.
2
# version: 0.
3
# Copyright (C) <2013> <Heiko Kokemoor>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
...
...
@@ -15,7 +15,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
EXT_IFACE
=
'eth0'
...
...
@@ -25,76 +25,82 @@ LOGLEVELDROP='4' # 1=alert,2=critical,3=error,4=warning,5=notice,6=info,7=debug
LOGLEVELACCEPT
=
'4'
PROXPORT
=
'8006'
check_rule_start
()
{
CLIENT_IP
=
$(
echo
$SSH_CLIENT
| awk
'{ print $1}'
)
$IPTABLES
-L|grep
"tcp dpt:
$PROXPORT
"
}
accept_proxmox
()
{
CLIENT_IP
=
$(
echo
$SSH_CLIENT
| awk
'{ print $1}'
)
CLIENT_PORT
=
$(
echo
$SSH_CLIENT
| awk
'{ print $2}'
)
printf
"
$CLIENT_IP
\t
$CLIENT_PORT
"
>>
$OPEN_PORTS_FILE
CLIENT_IP
=
$(
echo
$SSH_CLIENT
| awk
'{ print $1}'
)
$IPTABLES
-A INPUT -i
$EXT_IFACE
-p tcp --dport
$PROXPORT
-s
$CLIENT_IP
-j ACCEPT
$IPTABLES
-A OUTPUT -o
$EXT_IFACE
-p tcp --dport
$PROXPORT
-s
$CLIENT_IP
-j ACCEPT
$IPTABLES
-A OUTPUT -o
$EXT_IFACE
-p tcp --dport
$PROXPORT
-d
$CLIENT_IP
-j ACCEPT
echo
"Port
$PROXPORT
for IP
$CLIENT_IP
is unblocked"
}
drop_proxmox
()
{
{
CLIENT_IP
=
$(
echo
$SSH_CLIENT
| awk
'{ print $1}'
)
EI
=
0
EO
=
0
while
[
$EI
=
0
]
&&
[
$EO
=
0
]
do
$IPTABLES
-D INPUT -i
$EXT_IFACE
-p tcp --dport
$PROXPORT
-
j ACCEPT
do
$IPTABLES
-D INPUT -i
$EXT_IFACE
-p tcp --dport
$PROXPORT
-
s
$CLIENT_IP
-j ACCEPT 2&>/dev/null
EI
=
$?
$IPTABLES
-D OUTPUT -o
$EXT_IFACE
-p tcp --dport
$PROXPORT
-
j ACCEPT
$IPTABLES
-D OUTPUT -o
$EXT_IFACE
-p tcp --dport
$PROXPORT
-
d
$CLIENT_IP
-j ACCEPT 2&>/dev/null
EO
=
$?
done
done
echo
"Port
$PROXPORT
for IP
$CLIENT_IP
is blocked"
}
stop_all
()
{
C
=
0
unset
L
unset
Z
unset
A
A
=
$(
iptables -L -n |grep
$PROXPORT
|awk
'{print $4}'
|uniq
)
while
[
$C
=
0
]
do
L
=
$(
wcalc -q
$L
+1
)
Z[
$L
]=
$(
echo
$A
|cut -d
' '
-f
$L
)
$IPTABLES
-D INPUT -i
$EXT_IFACE
-p tcp --dport
$PROXPORT
-s
${
Z
[
$L
]
}
-j ACCEPT
$IPTABLES
-D OUTPUT -o
$EXT_IFACE
-p tcp --dport
$PROXPORT
-s
${
Z
[
$L
]
}
-j ACCEPT
if
[
-z
${
Z
[
$L
]
}
]
then
C
=
1
fi
done
stop_all
()
{
C
=
0
L
=
0
unset
Z
declare
-a Z
A
=
$(
iptables -L -n |grep
$PROXPORT
|awk
'{print $4}'
|grep -v 0.0.0.0||iptables -L -n |grep
$PROXPORT
|awk
'{print $5}'
|grep -v 0.0.0.0
)
while
[
$C
=
0
]
do
L
=
$((
$L
+
1
))
Z[
$L
]=
$(
echo
$A
|awk
'{ print $'''
$L
'''}'
)
$IPTABLES
-D INPUT -i
$EXT_IFACE
-p tcp --dport
$PROXPORT
-s
${
Z
[
$L
]
}
-j ACCEPT 2&>/dev/null
$IPTABLES
-D OUTPUT -o
$EXT_IFACE
-p tcp --dport
$PROXPORT
-d
${
Z
[
$L
]
}
-j ACCEPT 2&>/dev/null
if
[
-z
${
Z
[
$L
]
}
]
then
C
=
1
fi
done
echo
"Port
$PROXPORT
for all IPs blocked"
}
i
=
$1
case
$i
in
start
)
check_rule_start
if
[
$?
=
1
]
then
accept_proxmox
fi
;;
#
check_rule_start
#
if [ $? = 1 ]
# then
accept_proxmox
# fi
;;
stop
)
drop_proxmox
;;
stop-all
)
stop_all
;;
drop_proxmox
;;
stop-all
)
stop_all
;;
*
)
echo
$(
basename
$0
)
'[start|stop] - opens a port for the Por
xmox Webinterface'
echo
$(
basename
$0
)
'[start|stop|stop-all] - opens a port for the Pro
xmox Webinterface'
;;
esac
Write
Preview
Markdown
is supported
Attach a file
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to post a comment