forked from hestiacp/hestiacp
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathv-add-firewall-chain
More file actions
executable file
·83 lines (64 loc) · 2.34 KB
/
v-add-firewall-chain
File metadata and controls
executable file
·83 lines (64 loc) · 2.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/bash
# info: add firewall chain
# options: CHAIN [PORT] [PROTOCOL] [PROTOCOL]
#
# The function adds new rule to system firewall
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
# Importing system variables
source /etc/profile
# Argument defenition
chain=$(echo $1 | tr '[:lower:]' '[:upper:]')
port=$2
protocol=${4-TCP}
protocol=$(echo $protocol|tr '[:lower:]' '[:upper:]')
# Defining absolute path to iptables
iptables="/sbin/iptables"
# Includes
source $VESTA/func/main.sh
source $VESTA/conf/vesta.conf
#----------------------------------------------------------#
# Verifications #
#----------------------------------------------------------#
check_args '1' "$#" 'CHAIN [PORT] [PROTOCOL]'
validate_format 'chain'
is_system_enabled "$FIREWALL_SYSTEM" 'FIREWALL_SYSTEM'
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
# Checking known chains
case $chain in
SSH) port=22; protocol=TCP ;;
FTP) port=21; protocol=TCP ;;
MAIL) port=25; protocol=TCP ;;
DNS) port=53; protocol=UDP ;;
HTTP) port=80; protocol=TCP ;;
HTTPS) port=443; protocol=TCP ;;
POP3) port=110; protocol=TCP ;;
IMAP) port=143; protocol=TCP ;;
MYSQL) port=3306; protocol=TCP ;;
POSTGRES) port=5432; protocol=TCP ;;
VESTA) port=8083; protocol=TCP ;;
*) check_args '2' "$#" 'CHAIN PORT' ;;
esac
# Adding chain
$iptables -N fail2ban-$chain 2>/dev/null
if [ $? -eq 0 ]; then
$iptables -A fail2ban-$chain -j RETURN
$iptables -I INPUT -p $protocol --dport $port -j fail2ban-$chain
fi
# Preserving chain
chains=$VESTA/data/firewall/chains.conf
check_chain=$(grep "CHAIN='$chain'" $chains 2>/dev/null)
if [ -z "$check_chain" ]; then
echo "CHAIN='$chain' PORT='$port' PROTOCOL='$protocol'" >> $chains
fi
# Changing permissions
chmod 660 $chains
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
# Logging
log_event "$OK" "$EVENT"
exit