I've been making a firewall for my office for a few days now, because so far I have used masquerading of IPs and I have to spend everything through SNAT, Abe confused and и I just had to rewrite all the router logic. As I like to say said done, I wrote it to the firewall, everything works fine, now it's time to cut the ports of the IPs that have access and which do not. I felt sick realizing I had to write about 40 access rules, it's just copying and pesit is not a hava. Then the programmer in me spoke, well, just to make them. Everything was clear – the idea in 2 separate files I write ports and IPs are read, permission rules are created and everything else is cut. The code itself turned out quite a bit “thin” even unexpectedly small
##Allow and DROP ip and ports while read PORT do while read IP do $IPT -A INPUT -p tcp -s $IP --dport $PORT -j ACCEPT done < /etc/firewall/allow_ip $IPT -A INPUT -p tcp --dport $PORT -j DROP done < /etc/firewall/ports
Скриптчето е адски ясно цикъл в цикъла първия чете от /etc/firewall/ports a втория от /etc/firewall/allow_ip и се създават правилта 🙂
ps Заради синктактичното оцветяване не се показва корекно знака < and its html equivalent is displayed <