mirror of
https://github.com/pragma-/pbot.git
synced 2024-11-28 23:09:39 +01:00
65 lines
1.7 KiB
Bash
Executable File
65 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
Usage="$0 <on|off> [iptables|ipt|nftables|nft]"
|
|
|
|
DefaultMode="iptables"
|
|
|
|
EnableNetwork() {
|
|
case $1 in
|
|
iptables)
|
|
iptables -F ;;
|
|
nftables)
|
|
nft delete table ip filter ;;
|
|
esac
|
|
}
|
|
|
|
DisableNetwork() {
|
|
case $1 in
|
|
iptables)
|
|
iptables -F
|
|
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
|
iptables -P INPUT DROP
|
|
iptables -P FORWARD DROP
|
|
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -P OUTPUT DROP
|
|
;;
|
|
nftables)
|
|
nft add table ip filter
|
|
nft add chain ip filter INPUT '{ type filter hook input priority 0; policy drop; }'
|
|
nft add chain ip filter OUTPUT '{ type filter hook output priority 0; policy drop; }'
|
|
nft add rule ip filter INPUT ct state related,established counter accept
|
|
nft add rule ip filter INPUT tcp dport 22 counter accept
|
|
nft add rule ip filter OUTPUT ct state related,established counter accept
|
|
;;
|
|
esac
|
|
}
|
|
|
|
Main() {
|
|
case $2 in
|
|
iptables|ipt)
|
|
Mode="iptables" ;;
|
|
nftables|nft)
|
|
Mode="nftables" ;;
|
|
"")
|
|
Mode=$DefaultMode ;;
|
|
*)
|
|
echo "Invalid mode \`$2\`; usage: $Usage"
|
|
exit 1 ;;
|
|
esac
|
|
|
|
case $1 in
|
|
on)
|
|
echo "Enabling networking with $Mode"
|
|
EnableNetwork "$Mode" ;;
|
|
off)
|
|
echo "Disabling networking with $Mode"
|
|
DisableNetwork "$Mode" ;;
|
|
*)
|
|
echo "Invalid command \`$1\`; usage: $Usage"
|
|
exit 1 ;;
|
|
esac
|
|
}
|
|
|
|
Main "$@"
|