#!/bin/sh # Adds an IP to the iptables drop list (if linux) and mirrors the traffic back to the host # Requirements: Linux with iptables, active ip-forwarding # Expect: srcip # Author: Andre Pawlowski # Modifyed script firewall-drop.sh (iptables) from Daniel B. Cid # Last modified: Mar 25, 2010 UNAME=`uname` IPTABLES="/sbin/iptables" ARG1="" ARG2="" ACTION=$1 USER=$2 IP=$3 LOCAL=`dirname $0`; cd $LOCAL cd ../ PWD=`pwd` echo "`date` $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log # Checking for an IP if [ "x${IP}" = "x" ]; then echo "$0: " exit 1; fi # Checking action if [ "x${ACTION}" != "xadd" -a "x${ACTION}" != "xdelete" ]; then echo "$0: invalid action: ${ACTION}" exit 1; fi # Testing if we run under Linux if [ "X${UNAME}" = "XLinux" ]; then if [ "x${ACTION}" = "xadd" ]; then ARG1="-I POSTROUTING -t nat -j MASQUERADE -s ${IP}" ARG2="-I PREROUTING -t nat -s ${IP} -j DNAT --to-destination ${IP}" ARG3="-I INPUT -s ${IP} -j DROP" ARG4="-I FORWARD -s ${IP} -j ACCEPT" ARG5="-I FORWARD -d ${IP} -j ACCEPT" else ARG1="-D POSTROUTING -t nat -j MASQUERADE -s ${IP}" ARG2="-D PREROUTING -t nat -s ${IP} -j DNAT --to-destination ${IP}" ARG3="-D INPUT -s ${IP} -j DROP" ARG4="-D FORWARD -s ${IP} -j ACCEPT" ARG5="-D FORWARD -d ${IP} -j ACCEPT" fi # Checking if iptables is present ls ${IPTABLES} >> /dev/null 2>&1 if [ $? != 0 ]; then IPTABLES="/usr"${IPTABLES} ls ${IPTABLES} >> /dev/null 2>&1 if [ $? != 0 ]; then exit 0; fi fi # Executing and exiting COUNT=0; for (( I=1; $I <= 5; I++ )); do while [ 1 ]; do echo ".." case "$I" in 1) ${IPTABLES} ${ARG1} ;; 2) ${IPTABLES} ${ARG2} ;; 3) ${IPTABLES} ${ARG3} ;; 4) ${IPTABLES} ${ARG4} ;; 5) ${IPTABLES} ${ARG5} ;; esac RES=$? if [ $RES = 0 ]; then break; else COUNT=`expr $COUNT + 1`; echo "`date` Unable to run (iptables returning != $RES): $COUNT - $0 $1 $2 $3 $4 $5" >> ${PWD}/../logs/active-responses.log sleep $COUNT; if [ $COUNT -gt 4 ]; then break; fi fi done done exit 0; else exit 0; fi