404

[ Avaa Bypassed ]

Upload:

Command:

botdev@3.21.43.104: ~ $ 
#!/bin/bash
# iptables-apply -- a safer way to update iptables remotely
#
# Usage:
#   iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}
#
# Versions:
#   * 1.0 Copyright 2006 Martin F. Krafft <madduck@madduck.net>
#         Original version
#   * 1.1 Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>
#         Added parameter -c (run command)
#         Added parameter -w (save successfully applied rules to file)
#         Major code cleanup
#
# Released under the terms of the Artistic Licence 2.0
#
set -eu

PROGNAME="${0##*/}"
VERSION=1.1


### Default settings

DEF_TIMEOUT=10

MODE=0  # apply rulesfile mode
# MODE=1  # run command mode

case "$PROGNAME" in
	(*6*)
		SAVE=ip6tables-save
		RESTORE=ip6tables-restore
		DEF_RULESFILE="/etc/network/ip6tables.up.rules"
		DEF_SAVEFILE="$DEF_RULESFILE"
		DEF_RUNCMD="/etc/network/ip6tables.up.run"
		;;
	(*)
		SAVE=iptables-save
		RESTORE=iptables-restore
		DEF_RULESFILE="/etc/network/iptables.up.rules"
		DEF_SAVEFILE="$DEF_RULESFILE"
		DEF_RUNCMD="/etc/network/iptables.up.run"
		;;
esac


### Functions

function blurb() {
	cat <<-__EOF__
	$PROGNAME $VERSION -- a safer way to update iptables remotely
	__EOF__
}

function copyright() {
	cat <<-__EOF__
	$PROGNAME has been published under the terms of the Artistic Licence 2.0.

	Original version - Copyright 2006 Martin F. Krafft <madduck@madduck.net>.
	Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>.
	__EOF__
}

function about() {
	blurb
	echo
	copyright
}

function usage() {
	blurb
	echo
	cat <<-__EOF__
	Usage:
	  $PROGNAME [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}

	The script will try to apply a new rulesfile (as output by iptables-save,
	read by iptables-restore) or run a command to configure iptables and then
	prompt the user whether the changes are okay. If the new iptables rules cut
	the existing connection, the user will not be able to answer affirmatively.
	In this case, the script rolls back to the previous working iptables rules
	after the timeout expires.

	Successfully applied rules can also be written to savefile and later used
	to roll back to this state. This can be used to implement a store last good
	configuration mechanism when experimenting with an iptables setup script:
	  $PROGNAME -w $DEF_SAVEFILE -c $DEF_RUNCMD

	When called as ip6tables-apply, the script will use ip6tables-save/-restore
	and IPv6 default values instead. Default value for rulesfile is
	'$DEF_RULESFILE'.

	Options:

	-t seconds, --timeout seconds
	  Specify the timeout in seconds (default: $DEF_TIMEOUT).
	-w savefile, --write savefile
	  Specify the savefile where successfully applied rules will be written to
	  (default if empty string is given: $DEF_SAVEFILE).
	-c runcmd, --command runcmd
	  Run command runcmd to configure iptables instead of applying a rulesfile
	  (default: $DEF_RUNCMD).
	-h, --help
	  Display this help text.
	-V, --version
	  Display version information.

	__EOF__
}

function checkcommands() {
	for cmd in "${COMMANDS[@]}"; do
		if ! command -v "$cmd" >/dev/null; then
			echo "Error: needed command not found: $cmd" >&2
			exit 127
		fi
	done
}

function revertrules() {
	echo -n "Reverting to old iptables rules... "
	"$RESTORE" <"$TMPFILE"
	echo "done."
}


### Parsing and checking parameters

TIMEOUT="$DEF_TIMEOUT"
SAVEFILE=""

SHORTOPTS="t:w:chV";
LONGOPTS="timeout:,write:,command,help,version";

OPTS=$(getopt -s bash -o "$SHORTOPTS" -l "$LONGOPTS" -n "$PROGNAME" -- "$@") || exit $?
for opt in $OPTS; do
	case "$opt" in
		(-*)
			unset OPT_STATE
			;;
		(*)
			case "${OPT_STATE:-}" in
				(SET_TIMEOUT) eval TIMEOUT=$opt;;
				(SET_SAVEFILE)
					eval SAVEFILE=$opt
					[ -z "$SAVEFILE" ] && SAVEFILE="$DEF_SAVEFILE"
					;;
			esac
			;;
	esac

	case "$opt" in
		(-t|--timeout) OPT_STATE="SET_TIMEOUT";;
		(-w|--write) OPT_STATE="SET_SAVEFILE";;
		(-c|--command) MODE=1;;
		(-h|--help) usage >&2; exit 0;;
		(-V|--version) about >&2; exit 0;;
		(--) break;;
	esac
	shift
done

# Validate parameters
if [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then
	TIMEOUT=$(($TIMEOUT))
else
	echo "Error: timeout must be a positive number" >&2
	exit 1
fi

if [ -n "$SAVEFILE" -a -e "$SAVEFILE" -a ! -w "$SAVEFILE" ]; then
	echo "Error: savefile not writable: $SAVEFILE" >&2
	exit 8
fi

case "$MODE" in
	(1)
		# Treat parameter as runcmd (run command mode)
		RUNCMD="${1:-$DEF_RUNCMD}"
		if [ ! -x "$RUNCMD" ]; then
			echo "Error: runcmd not executable: $RUNCMD" >&2
			exit 6
		fi

		# Needed commands
		COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD")
		checkcommands
		;;
	(*)
		# Treat parameter as rulesfile (apply rulesfile mode)
		RULESFILE="${1:-$DEF_RULESFILE}";
		if [ ! -r "$RULESFILE" ]; then
			echo "Error: rulesfile not readable: $RULESFILE" >&2
			exit 2
		fi

		# Needed commands
		COMMANDS=(mktemp "$SAVE" "$RESTORE")
		checkcommands
		;;
esac


### Begin work

# Store old iptables rules to temporary file
TMPFILE=`mktemp /tmp/$PROGNAME-XXXXXXXX`
trap "rm -f $TMPFILE" EXIT 1 2 3 4 5 6 7 8 10 11 12 13 14 15

if ! "$SAVE" >"$TMPFILE"; then
	# An error occured
	if ! grep -q ipt /proc/modules 2>/dev/null; then
		echo "Error: iptables support lacking from the kernel" >&2
		exit 3
	else
		echo "Error: unknown error saving old iptables rules: $TMPFILE" >&2
		exit 4
	fi
fi

# Legacy to stop the fail2ban daemon if present
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban stop

# Configure iptables
case "$MODE" in
	(1)
		# Run command in background and kill it if it times out
		echo -n "Running command '$RUNCMD'... "
		"$RUNCMD" &
		CMD_PID=$!
		( sleep "$TIMEOUT"; kill "$CMD_PID" 2>/dev/null; exit 0 ) &
		CMDTIMEOUT_PID=$!
		if ! wait "$CMD_PID"; then
			echo "failed."
			echo "Error: unknown error running command: $RUNCMD" >&2
			revertrules
			exit 7
		else
			echo "done."
		fi
		;;
	(*)
		# Apply iptables rulesfile
		echo -n "Applying new iptables rules from '$RULESFILE'... "
		if ! "$RESTORE" <"$RULESFILE"; then
			echo "failed."
			echo "Error: unknown error applying new iptables rules: $RULESFILE" >&2
			revertrules
			exit 5
		else
			echo "done."
		fi
		;;
esac

# Prompt user for confirmation
echo -n "Can you establish NEW connections to the machine? (y/N) "

read -n1 -t "$TIMEOUT" ret 2>&1 || :
case "${ret:-}" in
	(y*|Y*)
		# Success
		echo

		if [ ! -z "$SAVEFILE" ]; then
			# Write successfully applied rules to the savefile
			echo "Writing successfully applied rules to '$SAVEFILE'..."
			if ! "$SAVE" >"$SAVEFILE"; then
				echo "Error: unknown error writing successfully applied rules: $SAVEFILE" >&2
				exit 9
			fi
		fi

		echo "... then my job is done. See you next time."
		;;
	(*)
		# Failed
		echo
		if [ -z "${ret:-}" ]; then
			echo "Timeout! Something happened (or did not). Better play it safe..."
		else
			echo "No affirmative response! Better play it safe..."
		fi
		revertrules
		exit 255
		;;
esac

# Legacy to start the fail2ban daemon again
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban start

exit 0

# vim:noet:sw=8

Filemanager

DIR : / usr/ sbin/
Name Type Size Permission Actions
ModemManager File 1.37 MB 0755
NetworkManager File 2.54 MB 0755
a2disconf File 15.89 KB 0755
a2dismod File 15.89 KB 0755
a2dissite File 15.89 KB 0755
a2enconf File 15.89 KB 0755
a2enmod File 15.89 KB 0755
a2ensite File 15.89 KB 0755
a2query File 9.64 KB 0755
aa-remove-unknown File 2.85 KB 0755
aa-status File 8.41 KB 0755
accessdb File 10.23 KB 0755
acpid File 50.84 KB 0755
add-shell File 860 B 0755
addgnupghome File 3.01 KB 0755
addgroup File 36.45 KB 0755
adduser File 36.45 KB 0755
apache2 File 659.69 KB 0755
apache2ctl File 7.06 KB 0755
apachectl File 7.06 KB 0755
apparmor_status File 8.41 KB 0755
applygnupgdefaults File 2.17 KB 0755
arp File 61.3 KB 0755
arpd File 54.03 KB 0755
aspell-autobuildhash File 13.22 KB 0755
atd File 26.01 KB 0755
bcache-super-show File 13.99 KB 0755
biosdecode File 18.87 KB 0755
chat File 30.01 KB 0755
check_forensic File 952 B 0755
chgpasswd File 57.83 KB 0755
chmem File 42.08 KB 0755
chpasswd File 53.86 KB 0755
chroot File 38.18 KB 0755
cpgr File 55.96 KB 0755
cppw File 55.96 KB 0755
cron File 46.3 KB 0755
cryptdisks_start File 1.11 KB 0755
cryptdisks_stop File 1.16 KB 0755
danted File 858.54 KB 0755
dbconfig-generate-include File 12.37 KB 0755
dbconfig-load-include File 5.57 KB 0755
delgroup File 16.11 KB 0755
deluser File 16.11 KB 0755
dmidecode File 106.54 KB 0755
dnsmasq File 379.6 KB 0755
dpkg-preconfigure File 3.58 KB 0755
dpkg-reconfigure File 4.34 KB 0755
e2freefrag File 14.07 KB 0755
e4crypt File 22.07 KB 0755
e4defrag File 25.99 KB 0755
escapesrc File 22.16 KB 0755
faillock File 13.99 KB 0755
fanatic File 35.21 KB 0755
fanctl File 41.98 KB 0755
fdformat File 30.08 KB 0755
filefrag File 14.02 KB 0755
gconf-schemas File 4.45 KB 0755
genccode File 10.36 KB 0755
gencmn File 10.44 KB 0755
genl File 58.05 KB 0755
gennorm2 File 54.59 KB 0755
gensprep File 18.5 KB 0755
groupadd File 61.92 KB 0755
groupdel File 70.37 KB 0755
groupmems File 57.87 KB 0755
groupmod File 68.18 KB 0755
grpck File 53.8 KB 0755
grpconv File 49.68 KB 0755
grpunconv File 49.68 KB 0755
grub-install File 1003.51 KB 0755
grub-macbless File 780.84 KB 0755
grub-mkconfig File 8.03 KB 0755
grub-mkdevicemap File 207.62 KB 0755
grub-probe File 793.09 KB 0755
grub-reboot File 4.73 KB 0755
grub-set-default File 832 B 0755
grub-set-default-legacy-ec2 File 3.13 KB 0755
grub-set-default.real File 3.47 KB 0755
hddtemp File 38.68 KB 0755
httxt2dbm File 9.99 KB 0755
iconvconfig File 30.25 KB 0755
icupkg File 18.77 KB 0755
init.lxc File 38.5 KB 0755
init.lxc.static File 1005.91 KB 0755
invoke-rc.d File 15.66 KB 0755
ip6tables-apply File 6.85 KB 0755
iptables-apply File 6.85 KB 0755
irqbalance File 62.68 KB 0755
irqbalance-ui File 34.06 KB 0755
isadump File 13.99 KB 0755
isaset File 9.99 KB 0755
iscsi-iname File 9.99 KB 0755
iscsi_discovery File 5.16 KB 0755
iscsid File 398.15 KB 0755
iscsistart File 358.13 KB 0755
ispell-autobuildhash File 15.39 KB 0755
ldattach File 30.08 KB 0755
locale-gen File 4.3 KB 0755
logrotate File 74.09 KB 0755
luksformat File 3.32 KB 0755
make-bcache File 18.07 KB 0755
make-ssl-cert File 3.78 KB 0755
mkinitramfs File 10.89 KB 0755
mklost+found File 9.99 KB 0755
mysqld File 23.16 MB 0755
netfilter-persistent File 1.05 KB 0755
netplan File 798 B 0755
newusers File 82.39 KB 0755
nfnl_osf File 13.99 KB 0755
nologin File 5.99 KB 0755
openvpn File 750.27 KB 0755
overlayroot-chroot File 2.45 KB 0755
ownership File 10.13 KB 0755
pam-auth-update File 19.38 KB 0755
pam_getenv File 2.82 KB 0755
pam_timestamp_check File 9.99 KB 0755
paperconfig File 4.07 KB 0755
php7-fpm File 37.24 MB 0755
phpdismod File 7.11 KB 0755
phpenmod File 7.11 KB 0755
phpquery File 6.24 KB 0755
pma-configure File 299 B 0755
pma-secure File 157 B 0755
popcon-largest-unused File 543 B 0755
popularity-contest File 4.92 KB 0755
pppd File 369.73 KB 4754
pppdump File 18.1 KB 0755
pppoe-discovery File 18 KB 0755
pppstats File 13.99 KB 0755
pptp File 62.98 KB 0755
pptpsetup File 6.46 KB 0755
pwck File 49.8 KB 0755
pwconv File 45.7 KB 0755
pwunconv File 45.68 KB 0755
readprofile File 18.11 KB 0755
recvtty File 3.4 MB 0755
remove-default-ispell File 2.86 KB 0755
remove-default-wordlist File 2.86 KB 0755
remove-shell File 904 B 0755
rmt File 58.39 KB 0755
rmt-tar File 58.39 KB 0755
rsyslogd File 668.54 KB 0755
rtcwake File 42.08 KB 0755
rtkitctl File 10.06 KB 0755
runc File 8.37 MB 0755
sd-helper File 3.26 MB 0755
seccompagent File 2.18 MB 0755
select-default-ispell File 3.23 KB 0755
select-default-wordlist File 3.21 KB 0755
sensors-detect File 204.66 KB 0755
service File 9.04 KB 0755
setvesablank File 14.07 KB 0755
split-logfile File 2.36 KB 0755
sshd File 772.41 KB 0755
tarcat File 936 B 0755
tcpdump File 999.6 KB 0755
tzconfig File 106 B 0755
ufw File 4.82 KB 0755
update-ca-certificates File 5.27 KB 0755
update-default-aspell File 1 KB 0755
update-default-ispell File 9.68 KB 0755
update-default-wordlist File 7.5 KB 0755
update-dictcommon-aspell File 1 KB 0755
update-dictcommon-hunspell File 782 B 0755
update-fonts-alias File 5.71 KB 0755
update-fonts-dir File 3.98 KB 0755
update-fonts-scale File 6.1 KB 0755
update-grub File 64 B 0755
update-grub-legacy-ec2 File 43.96 KB 0755
update-grub2 File 64 B 0755
update-gsfontmap File 450 B 0755
update-icon-caches File 596 B 0755
update-info-dir File 1.66 KB 0755
update-initramfs File 8.04 KB 0755
update-locale File 2.99 KB 0755
update-mime File 8.84 KB 0755
update-passwd File 30.41 KB 0755
update-pciids File 2.84 KB 0755
update-rc.d File 16.12 KB 0755
update-secureboot-policy File 7.43 KB 0755
update-usbids File 1.05 KB 0755
usb_modeswitch File 59.51 KB 0755
usb_modeswitch_dispatcher File 46.16 KB 0755
usbmuxd File 70.38 KB 0755
useradd File 123.28 KB 0755
userdel File 82.48 KB 0755
usermod File 123.06 KB 0755
uuidd File 34.16 KB 0755
validlocale File 1.73 KB 0755
vcstime File 9.99 KB 0755
vigr File 60.18 KB 0755
vipw File 60.18 KB 0755
visudo File 208.8 KB 0755
vpddecode File 14.27 KB 0755
xfce4-kiosk-query File 9.99 KB 0755
xfce4-pm-helper File 9.99 KB 0755
xfpm-power-backlight-helper File 13.99 KB 0755
xfs_admin File 1.35 KB 0755
xfs_bmap File 638 B 0755
xfs_copy File 394.31 KB 0755
xfs_db File 667.63 KB 0755
xfs_estimate File 10.01 KB 0755
xfs_freeze File 767 B 0755
xfs_fsr File 30.02 KB 0755
xfs_growfs File 382.27 KB 0755
xfs_info File 472 B 0755
xfs_io File 130.93 KB 0755
xfs_logprint File 414.27 KB 0755
xfs_mdrestore File 370.28 KB 0755
xfs_metadump File 747 B 0755
xfs_mkfile File 1007 B 0755
xfs_ncheck File 650 B 0755
xfs_quota File 86.01 KB 0755
xfs_rtcp File 13.99 KB 0755
zerofree File 9.99 KB 0755
zic File 54.14 KB 0755

© 2025 Coded By Avaa Code.