#!/bin/bash echo -e " \t\t \033[1;31m RainLow firewall \033[m server version 1.0rc1 -- 09/24/2004 \n" echo -e "############################################################" echo -e " This software may be used and distributed according to " echo -e "the terms of the GNU General Public License (GPL) provided" echo -e "credit is given to the original author. " echo -e "\t\t\t \033[1;31m Copyright (c) 2004 rainlow \033[m \n" echo -e "\t\t\t\t All rights reserved \n\n\n" echo -e "############################################################" # now begins the firewall echo -e "\n\t\t\t Welcome to \033[3;31m Rainlow Firewall \033[0m \n\n" echo -e " \t\t\t\t \033[1;32m http://www.rainlow.com \033[m \n" PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin . /etc/init.d/functions exit_failure() { echo -en " \t \033[3;031m [ FAILED ] \033[0m \n" echo -en " \033[3;031m -> FATAL: $FAILURE \033[0m \n" echo -en " \033[3;031m -> ** ABORTED **.\033[0m \n" exit 1 } check_root() { ROOT_ID=0 echo "Checking if you are root...." if [ "$UID" = "$ROOT_ID" ] then echo -e "\n\t OK ! continue....\n" echo -e "\a" else echo -e " Sorry,you are not root and not permitted to do this option...\n" echo -e "\a" FAILURE="you can not run this command ,you must be root to do this" exit_failure fi } check_enviroment() { echo -e "\t\t \033[1;31m Now Checking software envrioment \033[m \n" OS=`uname -s` _OS=$OS if [ "$_OS" != "Linux" ];then FAILURE="Sorry this version can only work under linux " exit_failure else echo -en "\t\t \033[1;32m PASS \033[m \n" fi KERNELMAJ=`uname -r sed -e 's,\..*,,'` KERNELMIN=`uname -r sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` if [ "$KERNELMAJ" -lt 2 ] ; then FAILURE="Sorry you kernel is too old,please upgrade it first!" exit_failure fi if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 4 ] ; then FAILURE="only kernel greater than 2.4 is supported" exit_failure fi if ((`iptables -V 2>&1 grep -c "Command not found"` )); then FAILURE="can not find iptables command you must install iptables first" exit_failure fi if !(( `which modprobe 2>&1 grep -c "which: no modprobe in"` )) && ( [ -a /proc/modules ] ! [ -a /proc/version ] ); then if (( `lsmod grep -c "ipchains"` )); then rmmod ipchains > /dev/null 2>&1 fi fi } wait() { echo awk '{printf "" ,$1}' for x in `seq 1 10`; do sleep 1 echo "#" awk '{printf "%s",$1}' done echo -en "\n" } iptables() { /sbin/iptables "$@" } mp() { /sbin/modprobe "$@" } load_module() { if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.o ] then echo -e "\n\tLoading iptables modules please wait...." mp ip_tables mp ipt_LOG mp ipt_owner mp ipt_MASQURADE mp ipt_REJECT mp ipt_conntrack_FTP mp ipt_conntrack_irc mp iptable_filter mp iptable_nat mp iptable_mangle mp ip_conntrack mp ipt_limit mp ipt_state mp ipt_unclean mp ipt_TCPMSS mp ipt_TOS mp ipt_TTL mp ipt_quota mp ipt_iplimit mp ipt_pkttype mp ipt_ipv4options mp ipt_MARK echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" else echo -e "\tSorry,no iptables modules found !!" fi } ip_stack_adjust() { if [ -e /proc/sys/net/ipv4/ip_forward ] then echo -e "enable ip_forward.please wait...." echo 0 >/proc/sys/net/ipv4/ip_forward echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/ip_default_ttl ] then echo -e "changing default ttl...." echo 88 >/proc/sys/net/ipv4/ip_default_ttl echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi echo -e "\n\t disable dynamic ip support...." echo 0 > /proc/sys/net/ipv4/ip_dynaddr echo -e "\t\t\t\t\033[3;032m [ OK ] \033[0m\n" if [ -e /proc/sys/net/ipv4/ip_no_pmtu_disc ] then echo -e "disable path mtu discovery.please wait...." echo 0 >/proc/sys/net/ipv4/ip_no_pmtu_disc echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/ipfrag_high_thresh ] then echo -e "changing ipfrag_high_thresh.please wait...." echo 5800 >/proc/sys/net/ipv4/ipfrag_high_thresh echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/ipfrag_low_thresh ] then echo -e "changing ipfrag_low_thresh.please wait...." echo 2048 >/proc/sys/net/ipv4/ipfrag_low_thresh echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/ipfrag_time ] then echo -e "changing ipfrag_low_thresh.please wait...." echo 20 >/proc/sys/net/ipv4/ipfrag_time echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/ipfrag_secret_interval ] then echo -e "changing ipfrag_secret_interval.please wait...." echo 600 >/proc/sys/net/ipv4/ipfrag_secret_interval echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_syn_retries ] then echo -e "changing tcp_syn_retries.please wait...." echo 4 >/proc/sys/net/ipv4/tcp_syn_retries echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_synack_retries ] then echo -e "changing tcp_synack_retries.please wait...." echo 4 >/proc/sys/net/ipv4/tcp_synack_retries echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_keepalive_time ] then echo -e "changing tcp_keepalive_time.please wait...." echo 300 >/proc/sys/net/ipv4/tcp_keepalive_time echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_keepalive_probes ] then echo -e "changing tcp_keepalive_probes.please wait...." echo 4 >/proc/sys/net/ipv4/tcp_keepalive_probes echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_keepalive_intvl ] then echo -e "changing tcp_keepalive_intvl.please wait...." echo 60 >/proc/sys/net/ipv4/tcp_keepalive_intvl echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_retries1 ] then echo -e "changing tcp_retriest.please wait...." echo 3 >/proc/sys/net/ipv4/tcp_retries1 echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_retries2 ] then echo -e "changing tcp_retriest.please wait...." echo 15 >/proc/sys/net/ipv4/tcp_retries2 echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n" fi if [ -e /proc/sys/net/ipv4/tcp_orphan_retries ] then echo -e "disable tcp