# program basi:
PATH="$PATH:/usr/bin:/bin:/sbin:/usr/sbin"
export PATH
what=`cat /proc/net/ip_input | grep rules | awk -F 'default' '{print $2}'`
on=""
usage() {
echo -n "fireup: input firewall durumu: "
if [ "$what" = " 4" ]; then
echo "AKTIF."
elif [ "$what" = " 0" ]; then
echo "PASIF."
else
echo ""
echo "fireup: /proc/net/ip_input dosyasInda hata var!"
exit;
fi
echo "fireup: kullanim: fireup aktif|pasif"
exit;
}
do_it() {
if [ "$on" = "1" ]; then
ports="1024:65535"
# su anki kurallar sifirlaniyor
ipfwadm -I -f
echo "- firewall kurallari sifirlandi,"
# ongorulen durum reddet yapildi
ipfwadm -I -p deny
echo "- ongorulen: reddet"
# localhosttan TUM protokoller
ipfwadm -I -a accept -P all -W lo
echo "- izin verildi: localhosttan tum protokoller"
# Her IPden benim IPye 1024-65535 arasi porta TCP & UDP baglanti
ipfwadm -I -a accept -P tcp -S 0/0 -D $ip $ports
ipfwadm -I -a accept -P udp -S 0/0 -D $ip $ports
echo "- izin verildi: TCP & UDP 0/0 -> $ip $ports"
# Her IPden benim IPye 80. porta (web) TCP & UDP baglanti
ipfwadm -I -a accept -P tcp -S 0/0 -D $ip 80
ipfwadm -I -a accept -P udp -S 0/0 -D $ip 80
echo "- izin verildi: TCP & UDP 0/0 -> $ip 80 (www)"
# Her IPden benim IPye 21. porta (ftp) TCP baglanti
# Her IPden benim IPye 20. porta (ftp-data) TCP baglanti
ipfwadm -I -a accept -P tcp -S 0/0 -D $ip 21
ipfwadm -I -a accept -P tcp -S 0/0 -D $ip 20
echo "- izin verildi: TCP 0/0 -> $ip 21 (ftp)"
echo "- izin verildi: TCP 0/0 -> $ip 20 (ftp-data)"
# Her IPden benim IPye 25. porta (smtp) TCP baglanti
ipfwadm -I -a accept -P tcp -S 0/0 -D $ip 25
echo "- izin verildi: TCP 0/0 -> $ip 25 (smtp)"
echo "- tamam."
exit;
elif [ "$on" = "0" ]; then
# mevcut kurallar sifirlandi
ipfwadm -I -f
echo "- firewall kurallari sifirlandi,"
# ongorulen durum reddet yapildi
ipfwadm -I -p accept
echo "- ongorulen: kabul"
echo "- tamam."
exit;
else
echo "fireup: ciddi hata! (Code hatasI)"
exit;
fi
}
check_ip () {
if [ "$ip" = "" ]; then
echo "fireup: lutfen dosya icerisinde \"ip\" degiskenini ayarlayin."
exit;
fi
}
check_root() {
if [ `/usr/bin/whoami` != "root" ]; then
echo "fireup: bu programi kullanmak icin \"root\" olmaniz gerekir."
exit;
fi
}
check_ifthere() {
if [ ! -r /proc/net/ip_input ]; then
echo "fireup: cekirdeginizi yeniden derlemeniz gerekiyor,"
echo "fireup: ve asagidaki ayarlari aktif hale getirmelisiniz:"
echo " o network firewall"
echo " o ip firewall"
exit;
fi
}
check_ip;
check_root;
check_ifthere;
if [ "$1" = "" ]; then
usage;
fi
if [ "$1" = "aktif" ]; then
on=1
elif [ "$1" = "pasif" ]; then
on=0
else
usage;
fi
if [ "$1" = "aktif" -a "$what" = " 0" ]; then
echo "fireup: input firewall durumu zaten AKTIF."
exit;
elif [ "$1" = "pasif" -a "$what" = " 4" ]; then
echo "fireup: input firewall durumu zaten PASIF."
exit;
else
echo "fireup: ciddi hata! (Code hatasi)"
fi
do_it;
# /* _EOF_ */
__
Murat Arslan
PGP KeyID : 2047/7E1DE419
For PGPkey: finger arslanm@gate.marketweb.net.tr
Key FPrint: A2B8 99E7 DFC4 C338 2657 7668 5897 5AF3