-
Notifications
You must be signed in to change notification settings - Fork 1
/
firewall_iran.py
84 lines (84 loc) · 3.35 KB
/
firewall_iran.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import subprocess
import os
import shutil
def firewall():
os.chdir('/root/')
try :
shutil.rmtree('/root/iptables_rules/', ignore_errors=True)
finally:
os.mkdir("iptables_rules")
os.chdir('/root/iptables_rules')
shutil.copyfile("/root/Config-server/firewall.txt" , "/root/iptables_rules/firewall.txt")
print("how many white ip do you have ? ",end="")
a = int(input())
for i in range (a) :
print("enter your ",i+1," ip :",end='')
q = input()
f = open("firewall.txt",'a')
f.write("\n" + q)
f.close()
install = subprocess.run(["apt",'install','iptables','ipset','-y'])
if install.returncode == 0 :
print("\niptables installed.")
else :
print("\nunable to install iptables")
install2 = subprocess.run(["apt",'install','iptables-persistent'])
if install2.returncode == 0 :
print("\niptables-persistent installed.")
else :
print("\nunable to install iptables-persistent")
service_run = subprocess.run(["service",'iptables','start'])
if service_run.returncode == 0 :
print("\niptables runned.")
else :
print("\nunable to run iptables")
u = open("apply.sh",'a')
u.write("\n#!/bin/bash")
u.write("\niptables -F")
print("Enter your ssh port : ",end="")
ssh = input()
u.write("\niptables -A INPUT -p tcp --dport "+ ssh +" -j ACCEPT")
print("How many white IP do you have ? ",end="")
num = int(input())
for i in range(num):
print('Enter your', i + 1, 'IP :', end='')
ip = input()
u.write("\niptables -A INPUT -s " + ip + " -j ACCEPT")
u.write("\niptables -A OUTPUT -s " + ip + " -j ACCEPT")
u.write("\nipset create whitelist hash:net")
u.write("\nwhile read line; do ipset add whitelist $line; done < /root/iptables_rules/firewall.txt")
u.write("\niptables -A INPUT -m set --match-set whitelist src -j ACCEPT")
u.write("\niptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT")
u.write("\niptables -I INPUT 1 -i lo -j ACCEPT")
u.write("\niptables -A INPUT -j DROP")
u.close()
chmod = subprocess.run(["chmod", "+x", "apply.sh"])
if chmod.returncode == 0:
print("Chmod done")
else:
print("chmod failed")
run = subprocess.run(["bash", "apply.sh"])
if run.returncode == 0:
print("apply runned")
else:
print("unable to run apply")
tada = open("/etc/rc.local", 'a')
tada.write("#!/bin/sh")
tada.write("\nchmod +x /root/iptables_rules/apply.sh")
tada.write("\nbash /root/iptables_rules/apply.sh")
tada.close()
chown = subprocess.run(["chown", "root", '/etc/rc.local'])
if chown.returncode == 0:
print("chown Done")
else:
print("unable to chown")
chmod = subprocess.run(["chmod", "755", '/etc/rc.local'])
if chmod.returncode == 0:
print("chmod Done")
else:
print("unable to mod")
start = subprocess.run(["bash", "/etc/rc.local", "start"])
if start.returncode == 0:
print("Started")
else:
print("unable to Start")