3 ///Settings////////////////////////////
4 $rulefile = "hfwrules.conf";
5 $fwscript = "fwscript.sh";
10 $iptbin = "/sbin/iptables";
11 $iptsave = "/sbin/iptables-save";
12 $iptrestore = "/sbin/iptables-restore";
14 ///Version/////////////////////////////
15 $version = "0.1 Alpha";
17 ///Banner//////////////////////////////
18 echo("Harvie's Firewall\n");
19 echo("\t<-Harvie 2oo7\n");
20 echo("\tVersion $version\n\n");
22 ///CODE////////////////////////////////
24 echo("Loading rulesfile ".$rulefile."... ");
25 if(is_file($rulefile)) {
29 echo("File not found!\n\n");
32 //Make iptables script file
33 $ipt = fopen($fwscript, "w");
34 fwrite($ipt, "#!/bin/sh\n#This firewall script was generated by Harvie's php firewall ($version)\n\n");
37 echo("Rules info: \n");
39 fwrite($ipt, "#Author: $author\n");
40 echo("Author: $author\n");
42 if(isset($description)){
43 fwrite($ipt, "#Description: $description\n");
44 echo("Description: $description\n");
46 fwrite($ipt, "######################################################################################################\n");
51 ///Rules Others////////////////////////////////////////////////////////////////////
52 fwrite($ipt, "#Rules Others:\n");
53 echo("Rules Others:\n");
55 if($icmp_echo_ignore_broadcasts) {
56 echo("Ignore ICMP echo-request messages sent to broadcast or multicast addresses\n");
57 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n");
59 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n");
62 if($accept_source_route) {
63 echo("Accept source routed packets\n");
64 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\n");
66 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\n");
70 echo("Enable TCP SYN cookie protection from SYN floods\n");
71 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/tcp_syncookies\n");
73 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/tcp_syncookies\n");
76 if($accept_redirects) {
77 echo("Accept ICMP redirect messages\n");
78 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\n");
80 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\n");
84 echo("Send ICMP redirect messages\n");
85 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\n");
87 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\n");
91 echo("Enable source address spoofing protection\n");
92 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter\n");
94 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter\n");
98 echo("Log packets from Martians (with impossible source addresses)\n");
99 fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\n");
101 fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\n");
107 ///Rules IPTables//////////////////////////////////////////////////////////////////
108 fwrite($ipt, "#Rules IPTables:\n");
109 echo("Rules IPTables:\n");
113 echo("Flush old rules\n");
114 fwrite($ipt, "$iptbin --flush\n\n");
118 if($loopback_allow_all == true) {
119 echo("Allow all traffic on loopback\n");
120 fwrite($ipt, "$iptbin -A INPUT -i lo -j ACCEPT\n");
121 fwrite($ipt, "$iptbin -A OUTPUT -o lo -j ACCEPT\n\n");
125 echo("Default policies: ");
126 foreach($default_policies as $default_policy) {
127 fwrite($ipt, "$iptbin --policy $default_policy\n");
128 echo("$default_policy, ");
133 //Rules outbound traffic
134 if($allow_outbound_traffic) {
135 fwrite($ipt, "$iptbin -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n");
136 fwrite($ipt, "$iptbin -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT\n\n");
140 echo("Open ports: ");
141 foreach($open_ports as $open_port) {
142 fwrite($ipt, "$iptbin -A INPUT -p tcp --dport $open_port -m state --state NEW -j ACCEPT\n");
143 echo("$open_port, ");
149 if(drop_other
== true) {
150 echo("Other traffic will be droped\n");
151 fwrite($ipt, "$iptbin -A INPUT -j DROP\n");
156 //Close iptables script
157 fwrite($ipt, "\n\n");
158 echo("\nClosing $fwscript\n");
161 //Chmod u+x iptables script
163 echo("chmod u+x $fwscript\n");
164 system("chmod u+x $fwscript");
166 //Run iptables script
168 echo("Running firewall script...\n\n");
169 system("./".$fwscript);
This page took 1.962567 seconds and 4 git commands to generate.