firewall_iptables/vlanm

#!/bin/python3
#
import argparse
from getpass import getpass
import re
import subprocess

def device_by_vlan(n):
    return 'eth0' if n == 10 else 'eth0.%d' % n

def iprange_by_vlan(n):
    return '192.168.0.0/24' if n == 10 else '192.168.%d.0/24' % n

def get_iptables_info():
    global password
    my_cmd = "sudo -S iptables -L -n -v --line-numbers".split()
    cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
    return cmd.stdout

def get_rule_num(chain, comment):
    required_chain = False
    for line in get_iptables_info().split('\n'):
        if line.strip().lower().startswith('chain'):
            required_chain = line.strip().lower().startswith('chain ' + chain.strip().lower())
        if required_chain:
            rule_num = None
            try:
                rule_num = int(line.split()[0])
            except:
                pass
            else:
                s = re.search(r'\/\*(.*?)\*\/', line)
                if s is not None:
                    if s.group(1).strip() == comment:
                        return rule_num


if __name__ == "__main__":
    global password

    prog = 'vlan manager'
    description = 'Add and removes iptable rules for a given vlan'
    epilog = 'Text at the bottom of help'
    parser = argparse.ArgumentParser(prog=prog, description=description, epilog=epilog)
    parser.add_argument('-v', '--vlan_number', type=int, required=True, help="Define the vlan to be used")
    parser.add_argument('-o', '--open_to_internet', action='store_true', help="Toggle rule: Open vlan to the internet")
    parser.add_argument('-l', '--log_to_internet', action='store_true', help="Toggle rule: Log vlan to the internet")

    args = parser.parse_args()

    UID_O = 'VLANM_RULE__OPEN_TO_INTERNET_%d' % args.vlan_number
    UID_L = 'VLANM_RULE__LOG_TO_INTERNET_%d' % args.vlan_number

    if args.open_to_internet:
        password = getpass("password: ")
        print()
        rn = get_rule_num('forward', UID_O)
        if rn is None:
            print("Add rule:", UID_O)
        else:
            print("Remove rule:", UID_O)
        if getpass('Proceed? [Y/n]') in ['', 'y', 'Y']:
            if rn is None:
                my_cmd = ['sudo',  '-S', 'iptables', '-A', 'FORWARD', '-j', 'ACCEPT', '-i', device_by_vlan(args.vlan_number), '-o', 'eth0', '!', '-d', '192.168.0.0/16', '-m', 'comment', '--comment', UID_O]
                cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
                print(cmd.stdout)
            else:
                my_cmd = ['sudo', '-S', 'iptables', '-D', 'FORWARD', str(rn)]
                cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
                print(cmd.stdout)
    elif args.log_to_internet:
        password = getpass("password: ")
        print()
        rn = get_rule_num('forward', UID_L)
        if rn is None:
            print("Add rule:", UID_L)
        else:
            print("Remove rule:", UID_L)
        if getpass('Proceed? [Y/n]') in ['', 'y', 'Y']:
            if rn is None:
                my_cmd = ['sudo', '-S', 'iptables', '-A', 'FORWARD', '-j', 'LOG', '-i', device_by_vlan(args.vlan_number), '-o', 'eth0', '!', '-d', '192.168.0.0/16', '-m', 'comment', '--comment', UID_L]
                cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
                print(cmd.stdout)
                print("Use 'sudo ~/bin/ftail /var/log/kern.log' to view the logs.")
            else:
                my_cmd = ['sudo', '-S', 'iptables', '-D', 'FORWARD', str(rn)]
                cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
                print(cmd.stdout)


    else:
        print("************************")
        print("* No action specified! *")
        print("************************")
        print()
        parser.print_help()
added iptables scripts 2023-10-02 20:09:39 +02:00			`#!/bin/python3`
			`#`
			`import argparse`
			`from getpass import getpass`
			`import re`
			`import subprocess`

			`def device_by_vlan(n):`
			`return 'eth0' if n == 10 else 'eth0.%d' % n`

			`def iprange_by_vlan(n):`
			`return '192.168.0.0/24' if n == 10 else '192.168.%d.0/24' % n`

			`def get_iptables_info():`
			`global password`
			`my_cmd = "sudo -S iptables -L -n -v --line-numbers".split()`
			`cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)`
			`return cmd.stdout`

			`def get_rule_num(chain, comment):`
			`required_chain = False`
			`for line in get_iptables_info().split('\n'):`
			`if line.strip().lower().startswith('chain'):`
			`required_chain = line.strip().lower().startswith('chain ' + chain.strip().lower())`
			`if required_chain:`
			`rule_num = None`
			`try:`
			`rule_num = int(line.split()[0])`
			`except:`
			`pass`
			`else:`
			`s = re.search(r'\/\(.?)\*\/', line)`
			`if s is not None:`
			`if s.group(1).strip() == comment:`
			`return rule_num`



			`if __name__ == "__main__":`
			`global password`

			`prog = 'vlan manager'`
			`description = 'Add and removes iptable rules for a given vlan'`
			`epilog = 'Text at the bottom of help'`
			`parser = argparse.ArgumentParser(prog=prog, description=description, epilog=epilog)`
			`parser.add_argument('-v', '--vlan_number', type=int, required=True, help="Define the vlan to be used")`
			`parser.add_argument('-o', '--open_to_internet', action='store_true', help="Toggle rule: Open vlan to the internet")`
			`parser.add_argument('-l', '--log_to_internet', action='store_true', help="Toggle rule: Log vlan to the internet")`

			`args = parser.parse_args()`

			`UID_O = 'VLANM_RULE__OPEN_TO_INTERNET_%d' % args.vlan_number`
			`UID_L = 'VLANM_RULE__LOG_TO_INTERNET_%d' % args.vlan_number`

			`if args.open_to_internet:`
			`password = getpass("password: ")`
			`print()`
			`rn = get_rule_num('forward', UID_O)`
			`if rn is None:`
			`print("Add rule:", UID_O)`
			`else:`
			`print("Remove rule:", UID_O)`
			`if getpass('Proceed? [Y/n]') in ['', 'y', 'Y']:`
			`if rn is None:`
			`my_cmd = ['sudo', '-S', 'iptables', '-A', 'FORWARD', '-j', 'ACCEPT', '-i', device_by_vlan(args.vlan_number), '-o', 'eth0', '!', '-d', '192.168.0.0/16', '-m', 'comment', '--comment', UID_O]`
			`cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)`
			`print(cmd.stdout)`
			`else:`
			`my_cmd = ['sudo', '-S', 'iptables', '-D', 'FORWARD', str(rn)]`
			`cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)`
			`print(cmd.stdout)`
			`elif args.log_to_internet:`
			`password = getpass("password: ")`
			`print()`
			`rn = get_rule_num('forward', UID_L)`
			`if rn is None:`
			`print("Add rule:", UID_L)`
			`else:`
			`print("Remove rule:", UID_L)`
			`if getpass('Proceed? [Y/n]') in ['', 'y', 'Y']:`
			`if rn is None:`
			`my_cmd = ['sudo', '-S', 'iptables', '-A', 'FORWARD', '-j', 'LOG', '-i', device_by_vlan(args.vlan_number), '-o', 'eth0', '!', '-d', '192.168.0.0/16', '-m', 'comment', '--comment', UID_L]`
			`cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)`
			`print(cmd.stdout)`
			`print("Use 'sudo ~/bin/ftail /var/log/kern.log' to view the logs.")`
			`else:`
			`my_cmd = ['sudo', '-S', 'iptables', '-D', 'FORWARD', str(rn)]`
			`cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)`
			`print(cmd.stdout)`


			`else:`
			`print("************************")`
			`print("* No action specified! *")`
			`print("************************")`
			`print()`
			`parser.print_help()`