mirror of
https://github.com/pragma-/pbot.git
synced 2024-11-25 05:19:29 +01:00
pbot-vm: consolidate network enable/disable into one script
This commit is contained in:
parent
cc1445be90
commit
111f3bd2e7
@ -1,9 +0,0 @@
|
||||
#!/bin/sh
|
||||
# disables all incoming, outgoing and forwarded traffic except incoming/established SSH
|
||||
iptables -F
|
||||
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
iptables -P INPUT DROP
|
||||
iptables -P FORWARD DROP
|
||||
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -P OUTPUT DROP
|
@ -1,8 +0,0 @@
|
||||
#!/bin/sh
|
||||
# disables all incoming, outgoing and forwarded traffic except incoming/established SSH
|
||||
nft add table ip filter
|
||||
nft add chain ip filter INPUT '{ type filter hook input priority 0; policy drop; }'
|
||||
nft add chain ip filter OUTPUT '{ type filter hook output priority 0; policy drop; }'
|
||||
nft 'add rule ip filter INPUT ct state related,established counter accept'
|
||||
nft 'add rule ip filter INPUT tcp dport 22 counter accept'
|
||||
nft 'add rule ip filter OUTPUT ct state related,established counter accept'
|
@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
# removes all iptables rules to re-enable networking
|
||||
iptables -F
|
@ -1,3 +0,0 @@
|
||||
#!/bin/sh
|
||||
# deletes filter table to re-enable networking
|
||||
nft delete table ip filter
|
70
applets/pbot-vm/guest/bin/network
Executable file
70
applets/pbot-vm/guest/bin/network
Executable file
@ -0,0 +1,70 @@
|
||||
#!/bin/bash
|
||||
|
||||
Usage="$0 <on|off> [iptables|ipt|nftables|nft]"
|
||||
|
||||
DefaultMode="iptables"
|
||||
|
||||
EnableNetwork() {
|
||||
case $1 in
|
||||
iptables)
|
||||
iptables -F ;;
|
||||
nftables)
|
||||
nft delete table ip filter ;;
|
||||
esac
|
||||
}
|
||||
|
||||
DisableNetwork() {
|
||||
case $1 in
|
||||
iptables)
|
||||
iptables -F
|
||||
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
iptables -P INPUT DROP
|
||||
iptables -P FORWARD DROP
|
||||
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
iptables -P OUTPUT DROP
|
||||
;;
|
||||
nftables)
|
||||
nft add table ip filter
|
||||
nft add chain ip filter INPUT '{ type filter hook input priority 0; policy drop; }'
|
||||
nft add chain ip filter OUTPUT '{ type filter hook output priority 0; policy drop; }'
|
||||
nft add rule ip filter INPUT ct state related,established counter accept
|
||||
nft add rule ip filter INPUT tcp dport 22 counter accept
|
||||
nft add rule ip filter OUTPUT ct state related,established counter accept
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
Main() {
|
||||
case $1 in
|
||||
on|off) ;;
|
||||
*)
|
||||
echo "Invalid command \`$1\`; usage: $Usage"
|
||||
exit 1 ;;
|
||||
esac
|
||||
|
||||
Toggle="$1"
|
||||
|
||||
case $2 in
|
||||
iptables|ipt)
|
||||
Mode="iptables" ;;
|
||||
nftables|nft)
|
||||
Mode="nftables" ;;
|
||||
"")
|
||||
Mode=$DefaultMode ;;
|
||||
*)
|
||||
echo "Invalid mode \`$2\`; usage: $Usage"
|
||||
exit 1 ;;
|
||||
esac
|
||||
|
||||
case $Toggle in
|
||||
"on")
|
||||
echo "Enabling networking with $Mode"
|
||||
EnableNetwork "$Mode" ;;
|
||||
"off")
|
||||
echo "Disabling networking with $Mode"
|
||||
DisableNetwork "$Mode" ;;
|
||||
esac
|
||||
}
|
||||
|
||||
Main "$@"
|
@ -25,8 +25,8 @@ apt install -y --no-install-recommends default-jre default-jdk
|
||||
apt install -y --no-install-recommends libipc-run-perl libjson-xs-perl
|
||||
|
||||
# disable networking
|
||||
./guest/bin/disable-network-iptables
|
||||
./guest/bin/network off iptables
|
||||
|
||||
echo 'Networking disabled.'
|
||||
echo 'To re-enable, run ./guest/bin/enable-networking-iptables'
|
||||
echo 'To disable again, run ./guest/bin/disable-network-iptables'
|
||||
echo 'To re-enable, run ./guest/bin/network on iptables'
|
||||
echo 'To disable again, run ./guest/bin/network off iptables'
|
||||
|
@ -22,8 +22,8 @@ zypper -n in --no-recommends clisp gcc-go java java-devel
|
||||
zypper -n in perl-IPC-Run perl-JSON-XS
|
||||
|
||||
# disable networking
|
||||
./guest/bin/disable-network-nftables
|
||||
./guest/bin/network off nftables
|
||||
|
||||
echo 'Networking disabled.'
|
||||
echo 'To re-enable, run ./guest/bin/enable-networking-nftables'
|
||||
echo 'To disable again, run ./guest/bin/disable-network-nftables'
|
||||
echo 'To re-enable, run ./guest/bin/network on nftables'
|
||||
echo 'To disable again, run ./guest/bin/network off nftables'
|
||||
|
@ -299,8 +299,7 @@ sub main() {
|
||||
exit 2;
|
||||
}
|
||||
|
||||
print $health "\n";
|
||||
|
||||
print $health "\n"; # request health
|
||||
|
||||
eval {
|
||||
alarm 2;
|
||||
|
@ -25,8 +25,8 @@ use PBot::Imports;
|
||||
# These are set by the /misc/update_version script
|
||||
use constant {
|
||||
BUILD_NAME => "PBot",
|
||||
BUILD_REVISION => 4747,
|
||||
BUILD_DATE => "2024-04-10",
|
||||
BUILD_REVISION => 4748,
|
||||
BUILD_DATE => "2024-04-12",
|
||||
};
|
||||
|
||||
sub initialize {}
|
||||
|
Loading…
Reference in New Issue
Block a user