Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Funcao 1
- # Firewall
- firewall()
- {
- if [[ -f /usr/local/bin/firewall.sh ]]
- then
- echo "Arquivo ja existente"
- else
- echo "#!/bin/bash" > /usr/local/bin/firewall.sh
- echo "# Limpar todas as regras pré existentes" >> /usr/local/bin/firewall.sh
- echo "iptables -F" >> /usr/local/bin/firewall.sh
- echo "iptables -t nat -F" >> /usr/local/bin/firewall.sh
- echo "iptables -t mangle -F" >> /usr/local/bin/firewall.sh
- echo "# A linha abaixo ativa o módulo do netfilter que evita ataques DoS" >> /usr/local/bin/firewall.sh
- echo "echo 1 > /proc/sys/net/ipv4/tcp_syncookies" >> /usr/local/bin/firewall.sh
- echo "# Liberar portas dos serviços necessários" >> /usr/local/bin/firewall.sh
- echo "iptables -A INPUT -p tcp --dport 22 -j ACCEPT" >> /usr/local/bin/firewall.sh
- echo "iptables -A INPUT -p tcp --dport 80 -j ACCEPT" >> /usr/local/bin/firewall.sh
- echo "iptables -A INPUT -p tcp --dport 443 -j ACCEPT" >> /usr/local/bin/firewall.sh
- echo "iptables -A INPUT -p tcp --dport 3306 -j ACCEPT" >> /usr/local/bin/firewall.sh
- echo "# Bloqueio de PING" >> /usr/local/bin/firewall.sh
- echo "iptables -I INPUT -p ICMP -j DROP" >> /usr/local/bin/firewall.sh
- echo "# A linha abaixo faz o bloqueio de conexões nas demais portas" >> /usr/local/bin/firewall.sh
- echo "iptables -A INPUT -p tcp --syn -j DROP" >> /usr/local/bin/firewall.sh
- chmod +x /usr/local/bin/firewall.sh
- echo "Script 'firewall.sh' criado"
- fi
- }
- # Servico do Firewall
- firewall_service()
- {
- if [[ -f /etc/systemd/system/firewall.service ]]
- then
- echo "Arquivo ja existente"
- else
- echo "[Unit]" >> /etc/systemd/system/firewall.service
- echo "Description=Firewall" >> /etc/systemd/system/firewall.service
- echo "[Service]" >> /etc/systemd/system/firewall.service
- echo "ExecStart=/usr/local/bin/firewall.sh start" >> /etc/systemd/system/firewall.service
- echo "ExecStop=/usr/local/bin/firewall.sh stop" >> /etc/systemd/system/firewall.service
- echo "ExecReload=/usr/local/bin/firewall.sh restart" >> /etc/systemd/system/firewall.service
- echo "[Install]" >> /etc/systemd/system/firewall.service
- echo "WantebBy=multi-user.target" >> /etc/systemd/system/firewall.service
- echo "Servico 'firewall.service' criado"
- fi
- }
- # Exclusao de Arquivos
- deletar_arquivo()
- {
- if [[ -f /etc/systemd/system/firewall.service || -f /usr/local/bin/firewall.sh ]]
- then
- rm -rf /usr/local/bin/firewall.sh
- rm -rf /etc/systemd/system/firewall.service
- echo "Arquivos excluidos"
- else
- echo "Arquivos nao existem"
- fi
- }
- # Execucao de Comandos
- executar()
- {
- /usr/local/bin/firewall.sh
- systemctl daemon-reload
- systemctl enable firewall
- systemctl start firewall
- systemctl status firewall
- }
- ############
- # Programa #
- ############
- i=1
- while(( $i == 1 ))
- do
- clear
- echo "Programa Firewall"
- echo ""
- echo "Tarefas Agendadas"
- echo "[1] Criar arquivos de regras de Firewall"
- echo "[2] Executar junto ao sistema"
- echo "[3] Deletar Arquivo de Regras de Firewall [ICMP]"
- echo "[4] Sair"
- echo ""
- echo -n "Resp: "
- read resp
- if (( $resp == 1 ))
- then
- firewall
- firewall_service
- echo ""
- echo "--- Pressione qualquer tecla ---"
- read
- elif (( $resp == 2))
- then
- executar
- echo ""
- echo "Pressione qualquer tecla"
- read
- elif (( $resp == 3 ))
- then
- deletar_arquivo
- echo ""
- echo "--- Pressione qualquer tecla ---"
- read
- else
- i=2
- clear
- fi
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement