分享
 
 
 

Linux服务器上适用的防火墙分析

王朝system·作者佚名  2008-05-19
窄屏简体版  字體: |||超大  

#!/bin/bash

echo -e " \t\t \033[1;31m RainLow firewall \033[m server version 1.0rc1 -- 09/24/2004 \n"

echo -e "############################################################"

echo -e " This software may be used and distributed according to "

echo -e "the terms of the GNU General Public License (GPL) provided"

echo -e "credit is given to the original author. "

echo -e "\t\t\t \033[1;31m Copyright (c) 2004 rainlow \033[m \n"

echo -e "\t\t\t\t All rights reserved \n\n\n"

echo -e "############################################################"

# now begins the firewall

echo -e "\n\t\t\t Welcome to \033[3;31m Rainlow Firewall \033[0m \n\n"

echo -e " \t\t\t\t \033[1;32m http://www.rainlow.com \033[m \n"

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

. /etc/init.d/functions

exit_failure()

{

echo -en " \t \033[3;031m [ FAILED ] \033[0m \n"

echo -en " \033[3;031m - FATAL: $FAILURE \033[0m \n"

echo -en " \033[3;031m - ** ABORTED **.\033[0m \n"

exit 1

}

check_root()

{

ROOT_ID=0

echo "Checking if you are root...."

if [ "$UID" = "$ROOT_ID" ]

then

echo -e "\n\t OK ! continue....\n"

echo -e "\a"

else

echo -e " Sorry,you are not root and not permitted to do this option...\n"

echo -e "\a"

FAILURE="you can not run this command ,you must be root to do this"

exit_failure

fi

}

check_enviroment()

{

echo -e "\t\t \033[1;31m Now Checking software envrioment \033[m \n"

OS=`uname -s`

_OS=$OS

if [ "$_OS" != "Linux" ];then

FAILURE="Sorry this version can only work under linux "

exit_failure

else

echo -en "\t\t \033[1;32m PASS \033[m \n"

fi

KERNELMAJ=`uname -r | sed -e 's,\..*,,'`

KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`

if [ "$KERNELMAJ" -lt 2 ] ; then

FAILURE="Sorry you kernel is too old,please upgrade it first!"

exit_failure

fi

if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 4 ] ; then

FAILURE="only kernel greater than 2.4 is supported"

exit_failure

fi

if ((`iptables -V 2&1 | grep -c "Command not found"` )); then

FAILURE="can not find iptables command you must install iptables first"

exit_failure

fi

if !(( `which modprobe 2&1 | grep -c "which: no modprobe in"` )) && ( [ -a /proc/modules ] || ! [ -a /proc/version ] ); then

if (( `lsmod | grep -c "ipchains"` )); then

rmmod ipchains /dev/null 2&1

fi

fi

}

wait()

{

echo | awk '{printf "||" ,$1}'

for x in `seq 1 10`;

do

sleep 1

echo "#" | awk '{printf "%s",$1}'

done

echo -en "\n"

}

iptables()

{

/sbin/iptables "$@"

}

mp()

{

/sbin/modprobe "$@"

}

load_module()

{

if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.o ]

then

echo -e "\n\tLoading iptables modules please wait...."

mp ip_tables

mp ipt_LOG

mp ipt_owner

mp ipt_MASQURADE

mp ipt_REJECT

mp ipt_conntrack_ftp

mp ipt_conntrack_irc

mp iptable_filter

mp iptable_nat

mp iptable_mangle

mp ip_conntrack

mp ipt_limit

mp ipt_state

mp ipt_unclean

mp ipt_TCPMSS

mp ipt_TOS

mp ipt_TTL

mp ipt_quota

mp ipt_iplimit

mp ipt_pkttype

mp ipt_ipv4options

mp ipt_MARK

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

else

echo -e "\tSorry,no iptables modules found !!"

fi

}

ip_stack_adjust()

{

if [ -e /proc/sys/net/ipv4/ip_forward ]

then

echo -e "enable ip_forward.please wait...."

echo 0

/proc/sys/net/ipv4/ip_forward

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/ip_default_ttl ]

then

echo -e "changing default ttl...."

echo 88

/proc/sys/net/ipv4/ip_default_ttl

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

echo -e "\n\t disable dynamic ip support...."

echo 0

/proc/sys/net/ipv4/ip_dynaddr

echo -e "\t\t\t\t\033[3;032m [ OK ] \033[0m\n"

if [ -e /proc/sys/net/ipv4/ip_no_pmtu_disc ]

then

echo -e "disable path mtu discovery.please wait...."

echo 0

/proc/sys/net/ipv4/ip_no_pmtu_disc

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/ipfrag_high_thresh ]

then

echo -e "changing ipfrag_high_thresh.please wait...."

echo 5800

/proc/sys/net/ipv4/ipfrag_high_thresh

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/ipfrag_low_thresh ]

then

echo -e "changing ipfrag_low_thresh.please wait...."

echo 2048

/proc/sys/net/ipv4/ipfrag_low_thresh

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/ipfrag_time ]

then

echo -e "changing ipfrag_low_thresh.please wait...."

echo 20

/proc/sys/net/ipv4/ipfrag_time

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/ipfrag_secret_interval ]

then

echo -e "changing ipfrag_secret_interval.please wait...."

echo 600

/proc/sys/net/ipv4/ipfrag_secret_interval

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_syn_retries ]

then

echo -e "changing tcp_syn_retries.please wait...."

echo 4

/proc/sys/net/ipv4/tcp_syn_retries

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_synack_retries ]

then

echo -e "changing tcp_synack_retries.please wait...."

echo 4

/proc/sys/net/ipv4/tcp_synack_retries

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_keepalive_time ]

then

echo -e "changing tcp_keepalive_time.please wait...."

echo 300

/proc/sys/net/ipv4/tcp_keepalive_time

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_keepalive_probes ]

then

echo -e "changing tcp_keepalive_probes.please wait...."

echo 4

/proc/sys/net/ipv4/tcp_keepalive_probes

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_keepalive_intvl ]

then

echo -e "changing tcp_keepalive_intvl.please wait...."

echo 60

/proc/sys/net/ipv4/tcp_keepalive_intvl

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_retries1 ]

then

echo -e "changing tcp_retriest.please wait...."

echo 3

/proc/sys/net/ipv4/tcp_retries1

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_retries2 ]

then

echo -e "changing tcp_retriest.please wait...."

echo 15

/proc/sys/net/ipv4/tcp_retries2

echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"

fi

if [ -e /proc/sys/net/ipv4/tcp_orphan_retries ]

then

echo -e "disable tcp

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有