Professional Documents
Culture Documents
Firewall Temp
Firewall Temp
Firewall Temp
firewall
# Abhishek Singh Okheda
# 22nd Feb, 2012
# Worldlink Communication Pvt. Ltd.
IPFW="/sbin/iptables"
SERVER_NET="202.79.32.0/24"
LOG="202.79.32.85"
CORPORATE_LAN="202.79.36.0/24"
OVPN="202.79.38.0/24"
BRANCH_NET="202.166.196.0/24"
CTRL="202.79.36.80"
CTRL01="202.79.36.40"
ESUPPORTDB="202.79.36.4"
CYBEROAM="202.79.40.24"
MONINFO="202.79.32.195"
NAGIOS_SRV_01="202.79.32.94"
CACTI_SRV_01="202.79.32.63"
SSH_PORT="22"
SSH_ALLOWS="$LOG $SERVER_NET"
SNMP_PORT="161"
SNMP_ALLOWS="$CTRL $CTRL01 $CACTI_SRV_01 $NAGIOS_SRV_01"
HTTP_PORT="80"
HTTP_ALLOWS="$SERVER_NET $OVPN $CORPORATE_LAN $BRANCH_NET $CYBEROAM"
MYSQL_PORT="3306"
MYSQL_ALLOWS="$ESUPPORTDB $MONINFO"
TCP_ALL_ALLOWS=""
UDP_ALL_ALLOWS=""
echo ""
# Flush Iptables
echo "[+] Flushing Rules"
${IPFW} -F
## Delete Chains
echo "[+] Deleting All Iptables CHAINS"
for chain in $(iptables -nL | grep ^Chain | awk '{print $2}' | grep -v "^INPUT$" |
grep -v "^OUTPUT$" | grep -v "^FORWARD$")
{
${IPFW} -X $chain
}
## Create Chains
#echo "[+] Creating Iptables CHAINS"
# echo -e "\t - CHAIN1"
# ${IPFW} -N CHAIN1
#Allow TCP
for ALLOW in $TCP_ALLOWS
{
ALLOWVAR=$ALLOW"_ALLOWS"
PORTVAR=$ALLOW"_PORT"
PORT=${!PORTVAR}
echo "[+] Setting up INPUT chain for $ALLOW (T$PORT)"
for PORT_ALLOW in ${!ALLOWVAR}
{
${IPFW} -A INPUT --src ${PORT_ALLOW} -p tcp --dport $PORT -j ACCEPT
#${IPFW} -A OUTPUT --dst ${PORT_ALLOW} -p tcp --sport $PORT -j ACCEPT
}
}
#Allow UDP
for ALLOW in $UDP_ALLOWS
{
ALLOWVAR=$ALLOW"_ALLOWS"
PORTVAR=$ALLOW"_PORT"
PORT=${!PORTVAR}
echo "[+] Setting up INPUT chain for $ALLOW (U$PORT)"
for PORT_ALLOW in ${!ALLOWVAR}
{
${IPFW} -A INPUT --src ${PORT_ALLOW} -p udp --dport $PORT -j ACCEPT
#${IPFW} -A OUTPUT --dst ${PORT_ALLOW} -p udp --sport $PORT -j ACCEPT
}
}
# Reject All
echo "[+] Rejecting All Others"
${IPFW} -A INPUT -j REJECT --reject-with icmp-host-prohibited
#${IPFW} -A OUTPUT -j REJECT --reject-with icmp-host-prohibited
#${IPFW} -A INPUT -j DROP
echo ""