-
Notifications
You must be signed in to change notification settings - Fork 1
/
iptwrap.bash.in
90 lines (82 loc) · 1.7 KB
/
iptwrap.bash.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/bin/bash
TARGETSCRIPT="./iptables.sh"
SOLIB="./iptablesdryrun.so"
if [[ "$EUID" -ne 0 ]]; then
echo "Root privileges required !"
exit 1
fi
if ! [[ -e ${TARGETSCRIPT} ]]; then
echo "The script you want to dry-run does not exist !"
echo " --> ${TARGETSCRIPT}"
exit 1
fi
if ! [[ -e ${SOLIB} ]]; then
cat <<EOF | xxd -p -r | gzip -d > ${SOLIB}
HEX
EOF
chmod 755 ${SOLIB}
fi
export LD_PRELOAD="${SOLIB}"
if [[ $# = 0 ]]; then
TMPFILE=$(mktemp)
echo "Dry-running ..."
IMACHILD=1 $0 --dry-run > "${TMPFILE}" 2>&1
RET=$?
if [[ $RET != 0 ]]; then
echo "Dry-run failed !"
tail -n 5 "${TMPFILE}"
rm -f "${TMPFILE}"
exit 1
fi
rm -f "${TMPFILE}"
echo "Dry-run successful"
IMACHILD=1 $0 --apply
RET=$?
[[ $RET != 0 ]] && echo "Ruleset application failed !" && exit 1
echo "Ruleset application successful"
exit 0
elif [[ "$1" = "--apply" ]]; then
read -n 1 -r -p "Are you sure you want to apply the ruleset ? (y/N) "
if ! [[ ${REPLY} =~ ^[Yy] ]]
then
if ! [[ ${REPLY} =~ ^$ ]]
then
echo -ne "\nCancelled !\n"
else
echo -ne "Cancelled !\n"
fi
exit 1
fi
echo -ne "\nApplying ruleset ...\n"
unset LD_PRELOAD
/bin/bash -e +x +v ${TARGETSCRIPT}
RET=$?
if [[ $IMACHILD = 1 ]]; then
exit $RET
fi
if [[ $RET != 0 ]]; then
echo "Ruleset application failed !"
exit $RET
else
echo "Ruleset application successful"
exit 0
fi
elif [[ "$1" = "--dry-run" ]]; then
echo "Dry-running ..."
/bin/bash -e -v -x -u ${TARGETSCRIPT}
RET=$?
if [[ $IMACHILD = 1 ]]; then
exit $RET
fi
if [[ $RET != 0 ]]; then
echo "Dry-run failed !"
exit $RET
else
echo "Dry-run successful !"
exit 0
fi
exit $?
else
echo "Wrong argument, please specify --dry-run, --apply, or no argument"
exit 1
fi