From 111c48a2445c4d5d464d0e9e650e522834b3d50c Mon Sep 17 00:00:00 2001 From: Someone Date: Thu, 19 Nov 2015 18:00:37 +0100 Subject: [PATCH] xtables snapshot/load/apply-new scripts - needed for sucessful boot! --- xtable_apply.sh | 29 ++++++++++++++++++++++++ xtable_git_load.sh | 23 +++++++++++++++++++ xtable_rules/.keep | 0 xtable_snapshot.sh | 55 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 107 insertions(+) create mode 100755 xtable_apply.sh create mode 100755 xtable_git_load.sh create mode 100644 xtable_rules/.keep create mode 100755 xtable_snapshot.sh diff --git a/xtable_apply.sh b/xtable_apply.sh new file mode 100755 index 0000000..18e1708 --- /dev/null +++ b/xtable_apply.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# +# Copyright 2013-2016 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# +# Script to apply new xtable rules. +# + +cat iptables.rules.* > iptables.new.tmp + +/sbin/iptables-save > iptables.old.tmp + +echo "applying new rules ..." +/sbin/iptables-restore < iptables.new.tmp +mkdir -p /media/sf_vmshare/_orga/read_only_info +cat iptables.new.tmp > /media/sf_vmshare/_orga/read_only_info/iptables.rules +rm iptables.new.tmp +echo -e "APPLIED!\n" + +echo "LOCK-OUT-PREVENTION will revert to old rules in 30 sec. ctrl + c to abort." +echo "ctrl + c to abort." +sleep 30 + +echo "reverting to old rules ..." +/sbin/iptables-restore < iptables.old.tmp +cat iptables.old.tmp > /media/sf_vmshare/_orga/read_only_info/iptable.rules +rm iptables.old.tmp +echo "REVERTED!" diff --git a/xtable_git_load.sh b/xtable_git_load.sh new file mode 100755 index 0000000..3863951 --- /dev/null +++ b/xtable_git_load.sh @@ -0,0 +1,23 @@ +#!/bin/bash +# +# Copyright 2013-2016 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# +# Script to reload CURRENT xtable rules from gitrepo. +# Most likely no longer really useful as of 2016. +# + +cd /root/network +chmod -R u=rw,go-rwx . +chmod u+x *.sh + +if [[ ! -d "xtable_rules/.git" ]]; then + echo "*** ERROR: cannot cd xtable_current_rules or git repo not found." + exit 1 +fi + +cd xtable_rules + +/sbin/iptables-restore < iptable.rules.current.save + diff --git a/xtable_rules/.keep b/xtable_rules/.keep new file mode 100644 index 0000000..e69de29 diff --git a/xtable_snapshot.sh b/xtable_snapshot.sh new file mode 100755 index 0000000..acf4673 --- /dev/null +++ b/xtable_snapshot.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# +# Copyright 2013-2016 by Jan Vales (Someone ) +# send me your changes. credit author(s). do not publish. share alike. +# to be done: find a suitable licence text. +# +# Script to create xtable snapshots. +# Most likely no longer really useful as of 2016. +# +## ADD TO CRONTAB: +# Snapshot current xtable ruleset every 10 min. +#*/10 * * * * /root/network/xtable_snapshot.sh "CRON: UNKNOWN CHANGES" > /dev/null 2>&1 +# + + +cd /root/network +chmod -R u=rw,go-rwx . +chmod u+x *.sh + +if [ ! -d "xtable_rules" ]; then + echo "*** FAIL: cannot cd xtable_current_rules" + exit 1 +fi + +cd xtable_rules + +if [ ! -d ".git" ]; then + echo "*** WARN: git repo not found. creating..." + git init + git commit --allow-empty -m "Initial commit" + git tag InitialCommit + + echo -e "# only store current saves\n*\n!*.current.save" > .gitignore + + git add -f -- .gitignore + git commit -m ".gitignore" -- .gitignore +fi + + +/sbin/iptables-save | grep -v '#' > iptables.rules.current.save.raw.tmp + +echo '# recovery with' > iptables.rules.current.save.tmp +echo '# /root/network/load_xtables.sh' >> iptables.rules.current.save.tmp +echo '' >> iptables.rules.current.save.tmp +sed 's/\(\:[^\[]*\)\[[0-9]*\:[0-9]*\]/\1[0:0]/' iptables.rules.current.save.raw.tmp >> iptables.rules.current.save.tmp +echo '' >> iptables.rules.current.save.tmp +echo '# recovery with' >> iptables.rules.current.save.tmp +echo '# /root/network/load_xtables.sh' >> iptables.rules.current.save.tmp + +cat iptables.rules.current.save.tmp > iptables.rules.current.save + +rm *.current.save.tmp *.current.save.*.tmp +git add -f -- *.current.save +git commit -m "$1" -- *.current.save + -- 2.43.0