歡迎來到Linux教程網
Linux教程網
Linux教程網
Linux教程網
您现在的位置: Linux教程網 >> UnixLinux >  >> Linux管理 >> Linux服務

Linux服務器上適用的防火牆分析

  #!/bin/bash   echo -e " \t\t \033[1;31m RainLow firewall \033[m server version 1.0rc1 -- 09/24/2004 \n"   echo -e "############################################################"   echo -e " This software may be used and distributed according to "   echo -e "the terms of the GNU General Public License (GPL) provided"   echo -e "credit is given to the original author. "   echo -e "\t\t\t \033[1;31m Copyright (c) 2004 rainlow \033[m \n"   echo -e "\t\t\t\t All rights reserved \n\n\n"   echo -e "############################################################"     # now begins the firewall   echo -e "\n\t\t\t Welcome to \033[3;31m Rainlow Firewall \033[0m \n\n"   echo -e " \t\t\t\t \033[1;32m http://www.rainlow.com \033[m \n"       PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin   . /etc/init.d/functions     exit_failure()   {   echo -en " \t \033[3;031m [ FAILED ] \033[0m \n"   echo -en " \033[3;031m -> FATAL: $FAILURE \033[0m \n"   echo -en " \033[3;031m -> ** ABORTED **.\033[0m \n"   exit 1   }     check_root()   {   ROOT_ID=0   echo "Checking if you are root...."   if [ "$UID" = "$ROOT_ID" ]   then   echo -e "\n\t OK ! continue....\n"   echo -e "\a"   else   echo -e " Sorry,you are not root and not permitted to do this option...\n"   echo -e "\a"   FAILURE="you can not run this command ,you must be root to do this"   exit_failure     fi   }     check_enviroment()   {   echo -e "\t\t \033[1;31m Now Checking software envrioment \033[m \n"     OS=`uname -s`   _OS=$OS   if [ "$_OS" != "Linux" ];then   FAILURE="Sorry this version can only work under linux "   exit_failure   else   echo -en "\t\t \033[1;32m PASS \033[m \n"   fi     KERNELMAJ=`uname -r sed -e 's,\..*,,'`   KERNELMIN=`uname -r sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`     if [ "$KERNELMAJ" -lt 2 ] ; then   FAILURE="Sorry you kernel is too old,please upgrade it first!"   exit_failure   fi   if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 4 ] ; then   FAILURE="only kernel greater than 2.4 is supported"   exit_failure   fi     if ((`iptables -V 2>&1 grep -c "Command not found"` )); then     FAILURE="can not find iptables command you must install iptables first"   exit_failure   fi     if !(( `which modprobe 2>&1 grep -c "which: no modprobe in"` )) && ( [ -a /proc/modules ] ! [ -a /proc/version ] ); then   if (( `lsmod grep -c "ipchains"` )); then   rmmod ipchains > /dev/null 2>&1   fi   fi     }     wait()   {   echo awk '{printf "" ,$1}'   for x in `seq 1 10`;   do   sleep 1   echo "#" awk '{printf "%s",$1}'   done     echo -en "\n"   }     iptables()   {   /sbin/iptables "$@"   }     mp()   {   /sbin/modprobe "$@"   }     load_module()   {   if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.o ]   then   echo -e "\n\tLoading iptables modules please wait...."   mp ip_tables   mp ipt_LOG   mp ipt_owner   mp ipt_MASQURADE   mp ipt_REJECT   mp ipt_conntrack_FTP   mp ipt_conntrack_irc   mp iptable_filter   mp iptable_nat   mp iptable_mangle   mp ip_conntrack   mp ipt_limit   mp ipt_state   mp ipt_unclean   mp ipt_TCPMSS   mp ipt_TOS   mp ipt_TTL   mp ipt_quota   mp ipt_iplimit   mp ipt_pkttype   mp ipt_ipv4options   mp ipt_MARK   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   else   echo -e "\tSorry,no iptables modules found !!"   fi   }     ip_stack_adjust()   {   if [ -e /proc/sys/net/ipv4/ip_forward ]     then   echo -e "enable ip_forward.please wait...."   echo 0 >/proc/sys/net/ipv4/ip_forward   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/ip_default_ttl ]     then   echo -e "changing default ttl...."   echo 88 >/proc/sys/net/ipv4/ip_default_ttl   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   echo -e "\n\t disable dynamic ip support...."   echo 0 > /proc/sys/net/ipv4/ip_dynaddr   echo -e "\t\t\t\t\033[3;032m [ OK ] \033[0m\n"     if [ -e /proc/sys/net/ipv4/ip_no_pmtu_disc ]     then   echo -e "disable path mtu discovery.please wait...."   echo 0 >/proc/sys/net/ipv4/ip_no_pmtu_disc   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi     if [ -e /proc/sys/net/ipv4/ipfrag_high_thresh ]     then   echo -e "changing ipfrag_high_thresh.please wait...."   echo 5800 >/proc/sys/net/ipv4/ipfrag_high_thresh   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/ipfrag_low_thresh ]     then   echo -e "changing ipfrag_low_thresh.please wait...."   echo 2048 >/proc/sys/net/ipv4/ipfrag_low_thresh   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/ipfrag_time ]     then   echo -e "changing ipfrag_low_thresh.please wait...."   echo 20 >/proc/sys/net/ipv4/ipfrag_time   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/ipfrag_secret_interval ]     then   echo -e "changing ipfrag_secret_interval.please wait...."   echo 600 >/proc/sys/net/ipv4/ipfrag_secret_interval   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/tcp_syn_retries ]     then   echo -e "changing tcp_syn_retries.please wait...."   echo 4 >/proc/sys/net/ipv4/tcp_syn_retries   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/tcp_synack_retries ]     then   echo -e "changing tcp_synack_retries.please wait...."   echo 4 >/proc/sys/net/ipv4/tcp_synack_retries   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/tcp_keepalive_time ]     then   echo -e "changing tcp_keepalive_time.please wait...."   echo 300 >/proc/sys/net/ipv4/tcp_keepalive_time   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/tcp_keepalive_probes ]     then   echo -e "changing tcp_keepalive_probes.please wait...."   echo 4 >/proc/sys/net/ipv4/tcp_keepalive_probes   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/tcp_keepalive_intvl ]     then   echo -e "changing tcp_keepalive_intvl.please wait...."   echo 60 >/proc/sys/net/ipv4/tcp_keepalive_intvl   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi   if [ -e /proc/sys/net/ipv4/tcp_retries1 ]     then   echo -e "changing tcp_retriest.please wait...."   echo 3 >/proc/sys/net/ipv4/tcp_retries1   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi     if [ -e /proc/sys/net/ipv4/tcp_retries2 ]     then   echo -e "changing tcp_retriest.please wait...."   echo 15 >/proc/sys/net/ipv4/tcp_retries2   echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"   fi     if [ -e /proc/sys/net/ipv4/tcp_orphan_retries ]     then   echo -e "disable tcp




Copyright © Linux教程網 All Rights Reserved