#!/bin/bash
echo -e " \t\t \033[1;31m RainLow firewall \033[m server version 1.0rc1 -- 09/24/2004 \n"
echo -e "############################################################"
echo -e " This software may be used and distributed according to "
echo -e "the terms of the GNU General Public License (GPL) provided"
echo -e "credit is given to the original author. "
echo -e "\t\t\t \033[1;31m Copyright (c) 2004 rainlow \033[m \n"
echo -e "\t\t\t\t All rights reserved \n\n\n"
echo -e "############################################################"
# now begins the firewall
echo -e "\n\t\t\t Welcome to \033[3;31m Rainlow Firewall \033[0m \n\n"
echo -e " \t\t\t\t \033[1;32m http://www.rainlow.com \033[m \n"
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
. /etc/init.d/functions
exit_failure()
{
echo -en " \t \033[3;031m [ FAILED ] \033[0m \n"
echo -en " \033[3;031m -> FATAL: $FAILURE \033[0m \n"
echo -en " \033[3;031m -> ** ABORTED **.\033[0m \n"
exit 1
}
check_root()
{
ROOT_ID=0
echo "Checking if you are root...."
if [ "$UID" = "$ROOT_ID" ]
then
echo -e "\n\t OK ! continue....\n"
echo -e "\a"
else
echo -e " Sorry,you are not root and not permitted to do this option...\n"
echo -e "\a"
FAILURE="you can not run this command ,you must be root to do this"
exit_failure
fi
}
check_enviroment()
{
echo -e "\t\t \033[1;31m Now Checking software envrioment \033[m \n"
OS=`uname -s`
_OS=$OS
if [ "$_OS" != "Linux" ];then
FAILURE="Sorry this version can only work under linux "
exit_failure
else
echo -en "\t\t \033[1;32m PASS \033[m \n"
fi
KERNELMAJ=`uname -r | sed -e 's,\..*,,'`
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`
if [ "$KERNELMAJ" -lt 2 ] ; then
FAILURE="Sorry you kernel is too old,please upgrade it first!"
exit_failure
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 4 ] ; then
FAILURE="only kernel greater than 2.4 is supported"
exit_failure
fi
if ((`iptables -V 2>&1 | grep -c "Command not found"` )); then
FAILURE="can not find iptables command you must install iptables first"
exit_failure
fi
if !(( `which modprobe 2>&1 | grep -c "which: no modprobe in"` )) && ( [ -a /proc/modules ] || ! [ -a /proc/version ] ); then
if (( `lsmod | grep -c "ipchains"` )); then
rmmod ipchains > /dev/null 2>&1
fi
fi
}
wait()
{
echo | awk '{printf "||" ,$1}'
for x in `seq 1 10`;
do
sleep 1
echo "#" | awk '{printf "%s",$1}'
done
echo -en "\n"
}
iptables()
{
/sbin/iptables "$@"
}
mp()
{
/sbin/modprobe "$@"
}
load_module()
{
if [ -e /lib/modules/`uname -r`/kernel/net/ipv4/netfilter/ip_tables.o ]
then
echo -e "\n\tLoading iptables modules please wait...."
mp ip_tables
mp ipt_LOG
mp ipt_owner
mp ipt_MASQURADE
mp ipt_REJECT
mp ipt_conntrack_ftp
mp ipt_conntrack_irc
mp iptable_filter
mp iptable_nat
mp iptable_mangle
mp ip_conntrack
mp ipt_limit
mp ipt_state
mp ipt_unclean
mp ipt_TCPMSS
mp ipt_TOS
mp ipt_TTL
mp ipt_quota
mp ipt_iplimit
mp ipt_pkttype
mp ipt_ipv4options
mp ipt_MARK
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
else
echo -e "\tSorry,no iptables modules found !!"
fi
}
ip_stack_adjust()
{
if [ -e /proc/sys/net/ipv4/ip_forward ]
then
echo -e "enable ip_forward.please wait...."
echo 0 >/proc/sys/net/ipv4/ip_forward
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/ip_default_ttl ]
then
echo -e "changing default ttl...."
echo 88 >/proc/sys/net/ipv4/ip_default_ttl
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
echo -e "\n\t disable dynamic ip support...."
echo 0 > /proc/sys/net/ipv4/ip_dynaddr
echo -e "\t\t\t\t\033[3;032m [ OK ] \033[0m\n"
if [ -e /proc/sys/net/ipv4/ip_no_pmtu_disc ]
then
echo -e "disable path mtu discovery.please wait...."
echo 0 >/proc/sys/net/ipv4/ip_no_pmtu_disc
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/ipfrag_high_thresh ]
then
echo -e "changing ipfrag_high_thresh.please wait...."
echo 5800 >/proc/sys/net/ipv4/ipfrag_high_thresh
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/ipfrag_low_thresh ]
then
echo -e "changing ipfrag_low_thresh.please wait...."
echo 2048 >/proc/sys/net/ipv4/ipfrag_low_thresh
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/ipfrag_time ]
then
echo -e "changing ipfrag_low_thresh.please wait...."
echo 20 >/proc/sys/net/ipv4/ipfrag_time
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/ipfrag_secret_interval ]
then
echo -e "changing ipfrag_secret_interval.please wait...."
echo 600 >/proc/sys/net/ipv4/ipfrag_secret_interval
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_syn_retries ]
then
echo -e "changing tcp_syn_retries.please wait...."
echo 4 >/proc/sys/net/ipv4/tcp_syn_retries
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_synack_retries ]
then
echo -e "changing tcp_synack_retries.please wait...."
echo 4 >/proc/sys/net/ipv4/tcp_synack_retries
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_keepalive_time ]
then
echo -e "changing tcp_keepalive_time.please wait...."
echo 300 >/proc/sys/net/ipv4/tcp_keepalive_time
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_keepalive_probes ]
then
echo -e "changing tcp_keepalive_probes.please wait...."
echo 4 >/proc/sys/net/ipv4/tcp_keepalive_probes
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_keepalive_intvl ]
then
echo -e "changing tcp_keepalive_intvl.please wait...."
echo 60 >/proc/sys/net/ipv4/tcp_keepalive_intvl
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_retries1 ]
then
echo -e "changing tcp_retriest.please wait...."
echo 3 >/proc/sys/net/ipv4/tcp_retries1
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_retries2 ]
then
echo -e "changing tcp_retriest.please wait...."
echo 15 >/proc/sys/net/ipv4/tcp_retries2
echo -e "\t\t\t\t \033[3;032m [ OK ] \033[0m\n"
fi
if [ -e /proc/sys/net/ipv4/tcp_orphan_retries ]
then
echo -e "disable tcp
