Arno’s iptables firewall: .../90rpc.plugin

"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/90rpc.plugin" (16 Sep 2020, 4501 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:

As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "90rpc.plugin":

2.1.0_vs_2.1.1.

1 # ------------------------------------------------------------------------------ 2 # -= Arno's Iptables Firewall(AIF) - RPC plugin =- 3 # 4 PLUGIN_NAME="RPCplugin" 5 PLUGIN_VERSION="0.22a-BETA" 6 PLUGIN_CONF_FILE="rpc.conf" 7 # 8 # Last changed : April 13, 2020 9 # Requirements : kernel 2.6 10 # Comments : This plugin opens RPC ports 11 # 12 # Author : (C) Copyright 2011-2012 by Jared H. Hudson 13 # Email : jhhudso AT volumehost DOT com 14 # ------------------------------------------------------------------------------ 15 # This program is free software; you can redistribute it and/or 16 # modify it under the terms of the GNU General Public License 17 # version 2 as published by the Free Software Foundation. 18 # 19 # This program is distributed in the hope that it will be useful, 20 # but WITHOUT ANY WARRANTY; without even the implied warranty of 21 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 22 # GNU General Public License for more details. 23 # 24 # You should have received a copy of the GNU General Public License 25 # along with this program; if not, write to the Free Software 26 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 27 # ------------------------------------------------------------------------------ 28 29 # Plugin start function 30 plugin_start() 31 { 32 # Create new DYNDNS_CHAIN chain: 33 iptables -N RPC_CHAIN 2>/dev/null 34 iptables -F RPC_CHAIN 35 36 # Insert rule into the main chain: 37 iptables -A EXT_INPUT_CHAIN -j RPC_CHAIN 38 39 echo "${INDENT}Enabling RPC service(s) $RPC_SERVICES for net(s) $RPC_NETS" 40 41 IFS=' ,' 42 for service in $RPC_SERVICES; do 43 ports="$(rpcinfo -p |awk "/tcp.*$service/"' { print $4 }' |uniq |tr '\n' ' ')" 44 echo "${INDENT}Adding TCP ports $ports for RPC service $service" 45 for net in $RPC_NETS; do 46 for port in $ports; do 47 iptables -I RPC_CHAIN -p tcp -s $net --dport $port -j ACCEPT 48 done 49 done 50 51 ports="$(rpcinfo -p |awk "/udp.*$service/"' { print $4 }' |uniq |tr '\n' ' ')" 52 echo "${INDENT}Adding UDP ports $ports for RPC service $service" 53 for net in $RPC_NETS; do 54 for port in $ports; do 55 iptables -I RPC_CHAIN -p udp -s $net --dport $port -j ACCEPT 56 done 57 done 58 done 59 60 return 0 61 } 62 63 64 # Plugin restart function 65 plugin_restart() 66 { 67 ## Re-add standard chain rules that are flushed on a restart 68 echo "${INDENT}Restarting..." 69 70 # Insert rule into the main chain: 71 iptables -A EXT_INPUT_CHAIN -j RPC_CHAIN 72 73 return 0 74 } 75 76 77 # Plugin stop function 78 plugin_stop() 79 { 80 iptables -D EXT_INPUT_CHAIN -j RPC_CHAIN 2>/dev/null 81 82 iptables -F RPC_CHAIN 83 iptables -X RPC_CHAIN 2>/dev/null 84 85 return 0 86 } 87 88 89 # Plugin status function 90 plugin_status() 91 { 92 iptables -L RPC_CHAIN |sed -e "s/^/$INDENT/" 93 94 return 0 95 } 96 97 98 plugin_sanity_check() 99 { 100 if [ -z "$RPC_SERVICES" ] || [ -z "$RPC_NETS" ]; then 101 printf "\033[40m\033[1;31m${INDENT}ERROR: The plugin config file is not properly setup!\033[0m\n" >&2 102 return 1 103 fi 104 105 if ! check_command rpcinfo; then 106 printf "\033[40m\033[1;31m${INDENT}ERROR: Required binary \"rpcinfo\" is not available!\n\033[0m" >&2 107 return 1 108 fi 109 110 return 0 111 } 112 113 114 ############ 115 # Mainline # 116 ############ 117 118 # Check where to find the config file 119 CONF_FILE="" 120 if [ -n "$PLUGIN_CONF_PATH" ]; then 121 CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE" 122 fi 123 124 # Preinit to success: 125 PLUGIN_RET_VAL=0 126 127 # Check if the config file exists 128 if [ ! -f "$CONF_FILE" ]; then 129 printf "NOTE: Config file \"$CONF_FILE\" not found!\n Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2 130 else 131 # Source the plugin config file 132 . "$CONF_FILE" 133 134 if [ "$ENABLED" = "1" -a "$PLUGIN_CMD" != "stop-restart" ] || 135 [ "$ENABLED" = "0" -a "$PLUGIN_CMD" = "stop-restart" ] || 136 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] || 137 [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then 138 # Show who we are: 139 echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION" 140 141 # Increment indention 142 INDENT="$INDENT " 143 144 # Only proceed if environment ok 145 if ! plugin_sanity_check; then 146 PLUGIN_RET_VAL=1 147 else 148 case $PLUGIN_CMD in 149 start|'') plugin_start; PLUGIN_RET_VAL=$? ;; 150 restart ) plugin_restart; PLUGIN_RET_VAL=$? ;; 151 stop|stop-restart) plugin_stop; PLUGIN_RET_VAL=$? ;; 152 status ) plugin_status; PLUGIN_RET_VAL=$? ;; 153 * ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;; 154 esac 155 fi 156 fi 157 fi