#! /bin/bash # FireLog v1.2.3 # iptables / netstat frontend thingy # # Homepage : http://linux.blowshard.net/firelog # Updated : 8/20/2007 # Created : 12/2006 # # Install : Place this file in the /sbin/ directory and do "chmod +x" to make it executable # Usage : type "firelog" at the command line to bring up the menu # Help : http://www.murga-linux.com/puppy/viewtopic.php?p=86061 # # Root check. if [ "$(id -u)" != "0" ]; then echo "" echo "Error : You are not root." echo "Please run program as root." echo "" exit 1 fi if [ -e /root/firelog.cfg ]; then # Important Variables # . ~/firelog.cfg > /dev/null touch /root/firelog.log else touch /root/firelog.log echo "vernum=1.2.3" >> /root/firelog.cfg echo "default_device=eth0" >> /root/firelog.cfg echo "home=/root/" >> /root/firelog.cfg echo "log_status=no" >> /root/firelog.cfg echo "firedata=/root/firedata" >> /root/firelog.cfg echo "log=/root/firelog.log" >> /root/firelog.cfg echo "cfg_file=/root/firelog.cfg" >> /root/firelog.cfg echo "log_file=/root/firelog-stream.log" >> /root/firelog.cfg fi # # Beging iptables auto-restore code (or not) # # if [ -e ~/iptables ]; then # iptables-restore ~/iptables # save_file=~/iptables # check_restore="yes" # else # check_restore="no" # save_file="N/A" # fi # # These are the various functions the program uses # # Checks all rules to make sure everything is OK # the_ref() { #rule_check=$rule_eyes if [ -z "$rule_eyes" ]; then null_error="1" ertn bars_long echo "| Exiting : No data given |" bars_long ertn msg_pause function_sui fi if [ "$rule_eyes" = "!i" ]; then msg_iptables echo -n "$rule_message" read rule_eyes the_ref fi if [ "$rule_eyes" = "!x" ]; then msg_abort msg_pause function_sui fi } # # The graphics functions # msg_header() { echo "|" echo "| !x = abort" echo "| !i = iptables info" } msg_pause() { ertn echo "==============================" echo "| Press any key continue" echo "==============================" read -n1 bla bla="0" } bars_long() { echo "==============================" } msg_abort() { ertn bars_long echo "| Aborting" bars_long ertn } msg_iptables() { iptables -L -n -v --line-numbers } log_timestamp() { time_stamp=`date +%H%M_%m%d%x` echo "$time_stamp -- $kommand">>$log } # A simple return ertn() { echo "" } function_log_toggle() { if [ "$log_status" = "no" ]; then log_status="yes" sed -e 's/log_status=no/log_status=yes/g' $cfg_file > $firedata cp $firedata $cfg_file else log_status="no" sed -e 's/log_status=yes/log_status=no/g' $cfg_file > $firedata cp $firedata $cfg_file fi } function_log_eyes() { if [ $log_status = "yes" ]; then time_stamp=`date` echo $timestamp $kommand > $log_file fi } function_repeater() { bars_long echo "| Auto updates every few seconds" echo "| P = pause" echo "| X = exit" echo "| T = logging on/off" echo "| Logging : $log_status " echo "| Log file : $log_file" bars_long ertn echo -n "-->" read -n1 -t 3 keypress if [ "$keypress" = "t" ]; then function_log_toggle fi if [ "$keypress" = "p" ]; then msg_pause fi if [ "$keypress" = "x" ]; then function_sui else sleep 1 fi } # This is the function that makes the main menu function_sui() { # Important Variables # . ~/firelog.cfg clear bla="0" select="0" rule_eyes="0" echo "FireLog version $vernum" echo "Device : $default_device (y) to change" echo "Log file : $log" ertn cat <" read rule_eyes case "$rule_eyes" in # # RC.Firewall start # [aA]*) clear ipaddr # clear # bars_long # echo "| Starting rc.firewall |" # bars_long # if [ -e ~/iptables ]; then # iptables-restore ~/iptables>>$log # kommand="firewall start -- iptables-restore ~/iptables" # log_timestamp # save_file=~/iptables # check_restore="yes" # echo # echo "Firewall started with saved settings from" $save_file # else # /etc/rc.d/rc.firewall start # kommand="firewall start /etc/rc.d/rc.firewall start" # log_timestamp # check_restore="no" # save_file="N/A" # fi msg_pause function_sui;; # # RC.Firewall stop # [bB]*) # clear wvdialshell # ertn # bars_long # echo "| Stopping rc.firewall |" # bars_long # /etc/rc.d/rc.firewall stop>>$log # kommand="firewall stop -- /etc/rc.d/rc.firewall stop" # log_timestamp msg_pause function_sui;; # # IPTables add rule # [cC]*) clear bars_long echo "| Add firewall rule" msg_header bars_long echo "!Commands & names are CaSe SenSiTiVe !" ertn echo -n "#iptables -A " read rule_eyes rule_message="#iptables -A " the_ref ertn echo -n "Execute : iptables -A $rule_eyes (y/n) ? " read -n1 quest case $quest in [Yy]*) ertn iptables -A $rule_eyes>>$log kommand="firewall add -- iptables -A $rule_eyes" log_timestamp ertn echo "EXECUTED iptables -A $rule_eyes" ertn msg_pause function_sui;; [Nn]*) ertn echo "Nothing changed." msg_pause function_sui;; *) function_sui;; esac read bla function_sui;; # # IPTables delete rule # [dD]*) clear bars_long echo "| Delete firewall rule" msg_header bars_long echo "! Names are CaSe SenSiTiVe !" ertn echo -n "Delete rule from which chain ? " read rule_eyes rule_message="Delete rule from which chain ? " the_ref rule_eyes_bump=$rule_eyes ertn echo -n "Delete which rule number from the $rule_eyes_bump chain ? " read rule_eyes rule_message="Delete which rule number from the $rule_eyes_bump chain ? " the_ref the_ref ertn echo "WARNING: Execute iptables -D $rule_eyes_bump $rule_eyes ?" ertn echo -n "Are you sure ? (y/n) " read -n1 quest case $quest in [Yy]*) ertn ertn iptables -D $rule_eyes_bump $rule_eyes>>$log kommand="firewall del -- iptables -D $rule_eyes_bump $rule_eyes" log_timestamp echo "EXECUTED: iptables -D $rule_eyes_bump $rule_eyes" msg_pause function_sui ;; [Nn]*) msg_pause function_sui;; *) function_sui;; esac read bla function_sui;; # # IPTables change chain policy # [eE]*) clear bars_long echo "| Change iptables chain policy" msg_header bars_long echo "! Commands & names are CaSe SenSiTiVe !" ertn echo -n "Change which chain policy ? " read rule_eyes rule_message="Change which chain policy ? " the_ref rule_eyes_bump=$rule_eyes ertn echo -n "Set $rule_eyes_bump policy to ACCEPT or DROP ? " read rule_eyes rule_message="Set $rule_eyes_bump policy to ACCEPT or DROP ? " the_ref ertn echo "WARNING!: Execute iptables -P $rule_eyes_bump $rule_eyes ?" ertn echo -n "Are you sure ? (y/n) " read -n1 quest case $quest in [Yy]*) iptables -P $rule_eyes_bump $rule_eyes>>$log kommand="firewall pol -- iptables -P $rule_eyes_bump $rule_eyes" log_timestamp ertn ertn echo "EXECUTED: iptables -P $rule_eyes_bump $rule_eyes" msg_pause function_sui;; [Nn]*) ertn && ertn && echo Nothing changed ertn msg_pause function_sui;; *) function_sui;; esac read -n1 bla function_sui;; # # Save IPTABLES settings # [fF]*) clear bars_long echo "| Saving iptables settings" bars_long ertn iptables-save > ~/iptables>>$log time_stamp=`date +%H%M_%m%d%x` echo "$time_stamp -- iptables-save > ~/iptables">>$log echo "Your firewall settings have been saved to ~/iptables" msg_pause function_sui;; # # Backup IPTABLES settings # [gG]*) clear time_stamp=`date +%H%M_%m%d%y` backup_name=iptables_backup$time_stamp bars_long echo "| Backup iptables" bars_long ertn iptables-save>~/iptables_backup$time_stamp>>$log time_stamp=`date +%H%M_%m%d%x` echo "$time_stamp -- iptables-save > ~/$backup_name">>$log echo "Your firewall settings have been saved to ~/$backup_name" msg_pause function_sui;; [hH]*) clear ertn bars_long echo "| Restoring iptables settings" msg_header bars_long ertn echo -n "Where do you want to restore the settings from ? " read rule_eyes rule_message="Where do you want to restore the settings from ? " the_ref iptables-restore $rule_eyes>>$log time_stamp=`date +%H%M_%m%d%x` echo "$time_stamp -- iptables-restore $rule_eyes">>$log msg_pause function_sui;; [iI]*) clear date ertn iptables -L --line-numbers ertn msg_pause function_sui;; [jJ]*) clear date ertn iptables -L -n -v --line-numbers msg_pause function_sui;; [kK]*) clear X="1" keypress="3" while [ $X != 6 ] do keypress=$null clear date ertn iptables -L -n -v --line-numbers bars_long echo "| Auto updates every few seconds" echo "| P = pause" echo "| X = exit" bars_long ertn echo -n "-->" read -n1 -t 3 keypress if [ "$keypress" = "p" ]; then msg_pause fi if [ "$keypress" = "x" ]; then function_sui else sleep 1 fi done function_sui;; [lL]*) clear X="1" keypress="3" while [ $X != 6 ] do keypress=$null clear date ertn kommand="netstat -tap" netstat -tap function_log_eyes function_repeater done function_sui;; [mM]*) clear X="1" keypress="3" while [ $X != 6 ] do keypress=$null clear date ertn kommand="netstat -tulp" netstat -tulp function_log_eyes function_repeater done function_sui;; [nN]*) clear X="1" keypress="3" while [ $X != 6 ] do keypress=$null clear date ertn kommand="netstat -t" netstat -t function_log_eyes function_repeater done function_sui;; [oO]*) clear X="1" keypress="3" while [ $X != 6 ] do keypress=$null clear date ertn kommand="netstat -u" netstat -u function_log_eyes function_repeater done function_sui;; [pP]*) clear X="1" keypress="3" while [ $X != 6 ] do keypress=$null clear date ertn kommand="netstat -tu" netstat -tu function_log_eyes function_repeater done function_sui;; [qQ]*) clear ertn ifconfig msg_pause function_sui;; [rR]) clear echo "Shutting down with command ifconfig $default_device down ..." ifconfig $default_device down ertn echo "Done" ertn msg_pause function_sui;; [sS]) clear echo "Turning on with command ifconfig $default_device up ..." ifconfig $default_device up ertn echo "Done" ertn msg_pause function_sui;; [tT]*) clear killall -q dhcpcd echo "Fetching new IP from DHCP server" sleep 1 dhcpcd $default_device tstamp=`date` echo $tstamp " --- DHCP Renew for : $default_device" >> $log echo ertn echo "Done" ertn msg_pause function_sui;; [uU]*) clear date ertn echo $log bars_long cat ~/firelog.log ertn bars_long echo "(above) program log, (below) /var/log stuff" bars_long cat /var/log/messages | grep firewall | more ertn msg_pause function_sui;; [vV]*) ertn echo -n "Enter address to trace :" read rule_eyes rule_message="Enter address to trace :" the_ref traceroute $rule_eyes ertn msg_pause function_sui;; [wW]*) ertn echo -n "Enter address to ping : " read rule_eyes rule_message="Enter address to ping : " the_ref ertn echo "Will ping $rule_eyes 6 times" ertn ping -c 6 $rule_eyes ertn msg_pause function_sui;; [yY]*) ertn echo "Current device : $default_device" echo -n "Enter new device : " read rule_eyes rule_message="Enter new device : " the_ref ertn old_default=$default_device default_device=$rule_eyes sed -e s/$old_default/$default_device/g $cfg_file > $firedata tstamp=`date` echo $tstamp " --- Current device is now : $default_device" >> $log cp $firedata $cfg_file echo "Current device is now : $default_device" ertn msg_pause function_sui;; [xX]*) X="0" exit 0 ;; *) function_sui;; esac } function_sui # # END # # :)