"Fossies" - the Fresh Open Source Software Archive 
Member "aif-2.1.1/configure.sh" (16 Sep 2020, 11128 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style:
standard) with prefixed line numbers and
code folding option.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "configure.sh":
2.1.0_vs_2.1.1.
1 #!/bin/bash
2
3 MY_VERSION="1.04"
4
5 # ------------------------------------------------------------------------------------------
6 # -= Arno's Iptables Firewall(AIF) =-
7 # Single- & multi-homed firewall script with DSL/ADSL support
8 #
9 # ~ In memory of my dear father ~
10 #
11 # (C) Copyright 2001-2019 by Arno van Amersfoort
12 # Homepage : https://rocky.eld.leidenuniv.nl/
13 # Email : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
14 # (note: you must remove all spaces and substitute the @ and the .
15 # at the proper locations!)
16 # ------------------------------------------------------------------------------------------
17 # This program is free software; you can redistribute it and/or
18 # modify it under the terms of the GNU General Public License
19 # version 2 as published by the Free Software Foundation.
20
21 # This program is distributed in the hope that it will be useful,
22 # but WITHOUT ANY WARRANTY; without even the implied warranty of
23 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 # GNU General Public License for more details.
25
26 # You should have received a copy of the GNU General Public License
27 # along with this program; if not, write to the Free Software
28 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
29 # ------------------------------------------------------------------------------------------
30
31 # Check if the environment file exists and if so, load it
32 #########################################################
33 if [ -f ./share/arno-iptables-firewall/environment ]; then
34 . ./share/arno-iptables-firewall/environment
35 else
36 printf "\033[40m\033[1;31mERROR: Could not read environment file ./share/arno-iptables-firewall/environment!\033[0m\n\n" >&2
37 exit 2
38 fi
39
40 # Allow user to override firewall.conf location (undocumented)
41 FIREWALL_CONF=${1:-/etc/arno-iptables-firewall/firewall.conf}
42
43
44 sanity_check()
45 {
46 # root check
47 if [ "$(id -u)" != "0" ]; then
48 printf "\033[40m\033[1;31mERROR: Root check FAILED (you MUST be root to use this script)! Quitting...\033[0m\n\n" >&2
49 exit 1
50 fi
51
52 if [ ! -f "/etc/arno-iptables-firewall/firewall.conf" ]; then
53 printf "\033[40m\033[1;31mERROR: It looks like arno-iptables-firewall is not installed on this system (yet)! Quitting...\033[0m\n\n" >&2
54 exit 1
55 fi
56
57 check_command_error sed
58 check_command_error chmod
59 check_command_error chown
60 check_command_error cp
61 check_command_error ln
62 check_command_error rm
63 check_command_error ip
64 check_command_error ifconfig
65 check_command_error cut
66 check_command_error diff
67 check_command_error sed
68 }
69
70
71 change_conf_var()
72 {
73 if ! grep -E -q "^#?$2=" "$1"; then
74 printf "\033[40m\033[1;31mERROR: Variable \"$2\" not found in \"$1\". File is probably outdated!\033[0m\n\n" >&2
75 elif [ -n "$3" ]; then
76 sed -i -e "s~^#\?$2=.*$~$2=\"$3\"~" "$1"
77 fi
78 }
79
80
81 get_conf_var()
82 {
83 printf "$1 "
84
85 read answer
86
87 if [ -z "$answer" ]; then
88 if [ -n "$4" ]; then
89 # echo "$4"
90 change_conf_var "$2" "$3" "$4"
91 # else
92 # echo "(None)"
93 fi
94 else
95 change_conf_var "$2" "$3" "$answer"
96 fi
97
98 return 0
99 }
100
101
102 get_user_yn()
103 {
104 if [ "$2" = "y" ]; then
105 printf "$1 (Y/n)? "
106 else
107 printf "$1 (y/N)? "
108 fi
109
110 read answer_with_case
111
112 ANSWER=`echo "$answer_with_case" |tr A-Z a-z`
113
114 if [ "$ANSWER" = "y" -o "$ANSWER" = "yes" ]; then
115 return 0
116 fi
117
118 if [ "$ANSWER" = "n" -o "$ANSWER" = "no" ]; then
119 return 1
120 fi
121
122 # Fallback to default
123 if [ "$2" = "y" ]; then
124 return 0
125 else
126 return 1
127 fi
128 }
129
130
131 verify_interfaces()
132 {
133 if [ -z "$1" ]; then
134 if ! get_user_yn "No interface(s) specified. These are required! Continue anyway" "n"; then
135 return 1
136 fi
137 fi
138
139 IFS=' ,'
140 for interface in $1; do
141 if ! check_interface $interface; then
142 if ! get_user_yn "Interface \"$interface\" does not exist (yet). Continue anyway" "n"; then
143 return 1
144 fi
145 fi
146 done
147
148 return 0
149 }
150
151
152 list_interfaces()
153 {
154 IFS=$EOL
155 local CUR_IF=""
156 ifconfig -a 2>/dev/null |while read LINE; do
157 if echo "$LINE" |grep -q -e '^[a-z]'; then
158 if ! echo "$LINE" |grep -q -e '^dummy[0-9]' -e '^bond[0-9]' -e '^lo[[:blank:]]'; then
159 CUR_IF="$(echo "$LINE" |awk '{ print $1 }')"
160 else
161 CUR_IF=""
162 fi
163 fi
164
165 if [ -z "$LINE" -a -n "$CUR_IF" ]; then
166 CUR_IF=""
167 echo ""
168 fi
169
170 if [ -n "$CUR_IF" ] && echo "$LINE" |grep -q -E -i -e ' hwaddr ' -e ' ether ' -e '[[:blank:]]inet6? addr'; then
171 echo "$LINE"
172 fi
173 done
174 }
175
176
177 setup_conf_file()
178 {
179 # Create backup of old config
180 cp -fvb "$FIREWALL_CONF" "${FIREWALL_CONF}.bak"
181
182 echo ""
183 echo "Listing available interfaces:"
184 echo "-----------------------------"
185 list_interfaces;
186 echo "-----------------------------"
187
188 printf "We will now setup the most basic settings of the firewall\n\n"
189
190 while true; do
191 printf "What is your external (aka. internet) interface (multiple interfaces should be comma separated)? "
192 read EXT_IF
193
194 if verify_interfaces $EXT_IF; then
195 change_conf_var "$FIREWALL_CONF" "EXT_IF" "$EXT_IF"
196
197 break
198 fi
199 done
200
201 if get_user_yn "Does your external interface get its IP through DHCP" "n"; then
202 change_conf_var "$FIREWALL_CONF" "EXT_IF_DHCP_IP" "1"
203 else
204 change_conf_var "$FIREWALL_CONF" "EXT_IF_DHCP_IP" "0"
205 fi
206
207 if get_user_yn "Do you want to enable IPv6 support" "y"; then
208 change_conf_var "$FIREWALL_CONF" "IPV6_SUPPORT" "1"
209 else
210 change_conf_var "$FIREWALL_CONF" "IPV6_SUPPORT" "0"
211 fi
212
213 if get_user_yn "Do you want to be pingable from the internet" "n"; then
214 change_conf_var "$FIREWALL_CONF" "OPEN_ICMP" "1"
215 else
216 change_conf_var "$FIREWALL_CONF" "OPEN_ICMP" "0"
217 fi
218
219 get_conf_var "Which TCP ports do you want to allow from the internet? (eg. 22=SSH, 80=HTTP, etc.) (comma separate multiple ports)?" "$FIREWALL_CONF" "OPEN_TCP" ""
220 get_conf_var "Which UDP ports do you want to allow from the internet? (eg. 53=DNS, etc.) (comma separate multiple ports)?" "$FIREWALL_CONF" "OPEN_UDP" ""
221
222 if get_user_yn "Do you have an internal(aka LAN) interface that you want to setup" "n"; then
223 while true; do
224 printf "What is your internal (aka. LAN) interface (multiple interfaces should be comma separated)? "
225 read INT_IF
226
227 if verify_interfaces $INT_IF; then
228 change_conf_var "$FIREWALL_CONF" "INT_IF" "$INT_IF"
229
230 local INTERNAL_NET=""
231 local INT_NET_BCAST_ADDRESS=""
232 IFS=' ,'
233 for interface in $INT_IF; do
234 INTERNAL_NET="$INTERNAL_NET${INTERNAL_NET:+ }$(get_network_ipv4_address_mask $interface)"
235 INT_NET_BCAST_ADDRESS="$INT_NET_BCAST_ADDRESS${INT_NET_BCAST_ADDRESS:+ }$(get_network_ipv4_broadcast $interface)"
236 done
237
238 if [ -n "$INTERNAL_NET" ] && [ -n "$INT_NET_BCAST_ADDRESS" ]; then
239 echo "* Auto-detected internal IPv4 net(s): $INTERNAL_NET"
240 echo "* Auto-detected internal IPv4 broadcast address(es): $INT_NET_BCAST_ADDRESS"
241
242 change_conf_var "$FIREWALL_CONF" "INTERNAL_NET" "$INTERNAL_NET"
243 change_conf_var "$FIREWALL_CONF" "INT_NET_BCAST_ADDRESS" "$INT_NET_BCAST_ADDRESS"
244
245 if get_user_yn "Do you want to enable NAT/masquerading for your internal subnet" "n"; then
246 change_conf_var "$FIREWALL_CONF" "NAT" "1"
247 change_conf_var "$FIREWALL_CONF" "NAT_INTERNAL_NET" '\$INTERNAL_NET'
248 else
249 change_conf_var "$FIREWALL_CONF" "NAT" "0"
250 fi
251 fi
252
253 break
254 fi
255 done
256 fi
257
258 # Make sure init script is executable and root owned
259 if [ -f /etc/init.d/arno-iptables-firewall ]; then
260 chown 0:0 /etc/init.d/arno-iptables-firewall
261 chmod 755 /etc/init.d/arno-iptables-firewall
262 fi
263
264 # Set the correct permissions on the config file
265 chown 0:0 "$FIREWALL_CONF"
266 chmod 600 "$FIREWALL_CONF"
267 }
268
269
270 # main line:
271 AIF_VERSION="$(grep "MY_VERSION=" ./bin/arno-iptables-firewall |sed -e "s/^MY_VERSION=\"//" -e "s/\"$//")"
272
273 printf "\033[40m\033[1;32mArno's Iptables Firewall(AIF) v$AIF_VERSION\033[0m\n"
274 printf "Configure Script v$MY_VERSION\n"
275 echo "-------------------------------------------------------------------------------"
276
277 sanity_check
278
279 RC_PATH="/etc"
280 # Check for Redhat/SUSE rc.d
281 if [ -d "/etc/rc.d" ]; then
282 RC_PATH="/etc/rc.d"
283 fi
284
285 # Remove any symlinks in rc*.d out of the way
286 rm -f $RC_PATH/rc0.d/*arno-iptables-firewall
287 rm -f $RC_PATH/rc1.d/*arno-iptables-firewall
288 rm -f $RC_PATH/rc2.d/*arno-iptables-firewall
289 rm -f $RC_PATH/rc3.d/*arno-iptables-firewall
290 rm -f $RC_PATH/rc4.d/*arno-iptables-firewall
291 rm -f $RC_PATH/rc5.d/*arno-iptables-firewall
292 rm -f $RC_PATH/rc6.d/*arno-iptables-firewall
293 rm -f $RC_PATH/rcS.d/*arno-iptables-firewall
294
295 if get_user_yn "Do you want to start the firewall at boot" "y"; then
296 DONE=0
297
298 if check_command systemctl; then
299 if systemctl enable arno-iptables-firewall; then
300 echo "* Successfully enabled service with systemctl"
301 DONE=1
302 fi
303 elif check_command update-rc.d; then
304 # Note: Currently update-rc.d doesn't seem to properly use the init script's LSB header, so specify explicitly
305 if update-rc.d -f arno-iptables-firewall start 11 S . stop 10 0 6 .; then
306 echo "* Successfully enabled service with update-rc.d"
307 DONE=1
308 fi
309 elif check_command chkconfig; then
310 if chkconfig --add arno-iptables-firewall && chkconfig arno-iptables-firewall on; then
311 echo "* Successfully enabled service with chkconfig"
312 DONE=1
313 fi
314 else
315 if [ -d "$RC_PATH/rcS.d" ]; then
316 if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rcS.d/S11arno-iptables-firewall" &&
317 ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K10arno-iptables-firewall" &&
318 ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K10arno-iptables-firewall"; then
319 echo "* Successfully enabled service through $RC_PATH/rcS.d/ symlink"
320 DONE=1
321 fi
322 elif [ -d "$RC_PATH/rc2.d" ]; then
323 if ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc2.d/S09arno-iptables-firewall" &&
324 ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc0.d/K91arno-iptables-firewall" &&
325 ln -sv /etc/init.d/arno-iptables-firewall "$RC_PATH/rc6.d/K91arno-iptables-firewall"; then
326 echo "* Successfully enabled service through $RC_PATH/rc2.d/ symlink"
327 DONE=1
328 fi
329 else
330 echo "WARNING: Unable to detect /rc2.d or /rcS.d directories. Skipping runlevel symlinks" >&2
331 fi
332 fi
333
334 if [ $DONE -eq 0 ]; then
335 echo "ERROR: Unable to setup automatic start at boot. Please investigate" >&2
336 fi
337 fi
338
339 if diff ./etc/arno-iptables-firewall/firewall.conf "$FIREWALL_CONF" >/dev/null; then
340 if get_user_yn "Your firewall.conf is not configured yet.\nDo you want me to help you setup a basic configuration" "y"; then
341 setup_conf_file
342 else
343 echo "* Skipped"
344 fi
345 else
346 if get_user_yn "Your firewall.conf looks already customized.\nModify configuration" "n"; then
347 setup_conf_file
348 else
349 echo "* Skipped"
350 fi
351 fi
352
353 echo ""
354 echo "** Configuration done **"
355 echo ""
356
357 exit 0