3
0
mirror of https://github.com/pragma-/pbot.git synced 2024-12-02 00:49:26 +01:00
pbot/applets/pbot-vm/guest/bin/network

65 lines
1.7 KiB
Plaintext
Raw Normal View History

#!/bin/bash
Usage="$0 <on|off> [iptables|ipt|nftables|nft]"
DefaultMode="iptables"
EnableNetwork() {
case $1 in
iptables)
iptables -F ;;
nftables)
nft delete table ip filter ;;
esac
}
DisableNetwork() {
case $1 in
iptables)
iptables -F
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P OUTPUT DROP
;;
nftables)
nft add table ip filter
nft add chain ip filter INPUT '{ type filter hook input priority 0; policy drop; }'
nft add chain ip filter OUTPUT '{ type filter hook output priority 0; policy drop; }'
nft add rule ip filter INPUT ct state related,established counter accept
nft add rule ip filter INPUT tcp dport 22 counter accept
nft add rule ip filter OUTPUT ct state related,established counter accept
;;
esac
}
Main() {
case $2 in
iptables|ipt)
Mode="iptables" ;;
nftables|nft)
Mode="nftables" ;;
"")
Mode=$DefaultMode ;;
*)
echo "Invalid mode \`$2\`; usage: $Usage"
exit 1 ;;
esac
case $1 in
on)
echo "Enabling networking with $Mode"
EnableNetwork "$Mode" ;;
off)
echo "Disabling networking with $Mode"
DisableNetwork "$Mode" ;;
*)
echo "Invalid command \`$1\`; usage: $Usage"
exit 1 ;;
esac
}
Main "$@"