#! /usr/bin/php /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts\n"); } if($accept_source_route) { echo("Accept source routed packets\n"); fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/accept_source_route\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route\n"); } if($tcp_syncookies) { echo("Enable TCP SYN cookie protection from SYN floods\n"); fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/tcp_syncookies\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/tcp_syncookies\n"); } if($accept_redirects) { echo("Accept ICMP redirect messages\n"); fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects\n"); } if($send_redirects) { echo("Send ICMP redirect messages\n"); fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/send_redirects\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects\n"); } if($rp_filter) { echo("Enable source address spoofing protection\n"); fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter\n"); } if($log_martians) { echo("Log packets from Martians (with impossible source addresses)\n"); fwrite($ipt, "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians\n"); } else { fwrite($ipt, "echo 0 > /proc/sys/net/ipv4/conf/all/log_martians\n"); } fwrite($ipt, "\n"); echo("\n"); ///Rules IPTables////////////////////////////////////////////////////////////////// fwrite($ipt, "#Rules IPTables:\n"); echo("Rules IPTables:\n"); //Rules flush if($flush_rules) { echo("Flush old rules\n"); fwrite($ipt, "$iptbin --flush\n\n"); } //Rules loopback if($loopback_allow_all == true) { echo("Allow all traffic on loopback\n"); fwrite($ipt, "$iptbin -A INPUT -i lo -j ACCEPT\n"); fwrite($ipt, "$iptbin -A OUTPUT -o lo -j ACCEPT\n\n"); } //Rules policies echo("Default policies: "); foreach($default_policies as $default_policy) { fwrite($ipt, "$iptbin --policy $default_policy\n"); echo("$default_policy, "); } fwrite($ipt, "\n"); echo("\n"); //Rules outbound traffic if($allow_outbound_traffic) { fwrite($ipt, "$iptbin -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n"); fwrite($ipt, "$iptbin -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT\n\n"); } //Rules open ports echo("Open ports: "); foreach($open_ports as $open_port) { fwrite($ipt, "$iptbin -A INPUT -p tcp --dport $open_port -m state --state NEW -j ACCEPT\n"); echo("$open_port, "); } fwrite($ipt, "\n"); echo("\n"); //Drop other if(drop_other == true) { echo("Other traffic will be droped\n"); fwrite($ipt, "$iptbin -A INPUT -j DROP\n"); } //Close iptables script fwrite($ipt, "\n\n"); echo("\nClosing $fwscript\n"); fclose($ipt); //Chmod u+x iptables script if($chmod) { echo("chmod u+x $fwscript\n"); system("chmod u+x $fwscript"); } //Run iptables script if($run) { echo("Running firewall script...\n\n"); system("./".$fwscript); }