/etc/iptables
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. #!/bin/python3
  2. #
  3. import argparse
  4. from getpass import getpass
  5. import re
  6. import subprocess
  7. def device_by_vlan(n):
  8. return 'eth0' if n == 10 else 'eth0.%d' % n
  9. def iprange_by_vlan(n):
  10. return '192.168.0.0/24' if n == 10 else '192.168.%d.0/24' % n
  11. def get_iptables_info():
  12. global password
  13. my_cmd = "sudo -S iptables -L -n -v --line-numbers".split()
  14. cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
  15. return cmd.stdout
  16. def get_rule_num(chain, comment):
  17. required_chain = False
  18. for line in get_iptables_info().split('\n'):
  19. if line.strip().lower().startswith('chain'):
  20. required_chain = line.strip().lower().startswith('chain ' + chain.strip().lower())
  21. if required_chain:
  22. rule_num = None
  23. try:
  24. rule_num = int(line.split()[0])
  25. except:
  26. pass
  27. else:
  28. s = re.search(r'\/\*(.*?)\*\/', line)
  29. if s is not None:
  30. if s.group(1).strip() == comment:
  31. return rule_num
  32. if __name__ == "__main__":
  33. global password
  34. prog = 'vlan manager'
  35. description = 'Add and removes iptable rules for a given vlan'
  36. epilog = 'Text at the bottom of help'
  37. parser = argparse.ArgumentParser(prog=prog, description=description, epilog=epilog)
  38. parser.add_argument('-v', '--vlan_number', type=int, required=True, help="Define the vlan to be used")
  39. parser.add_argument('-o', '--open_to_internet', action='store_true', help="Toggle rule: Open vlan to the internet")
  40. parser.add_argument('-l', '--log_to_internet', action='store_true', help="Toggle rule: Log vlan to the internet")
  41. args = parser.parse_args()
  42. UID_O = 'VLANM_RULE__OPEN_TO_INTERNET_%d' % args.vlan_number
  43. UID_L = 'VLANM_RULE__LOG_TO_INTERNET_%d' % args.vlan_number
  44. if args.open_to_internet:
  45. password = getpass("password: ")
  46. print()
  47. rn = get_rule_num('forward', UID_O)
  48. if rn is None:
  49. print("Add rule:", UID_O)
  50. else:
  51. print("Remove rule:", UID_O)
  52. if getpass('Proceed? [Y/n]') in ['', 'y', 'Y']:
  53. if rn is None:
  54. my_cmd = ['sudo', '-S', 'iptables', '-A', 'FORWARD', '-j', 'ACCEPT', '-i', device_by_vlan(args.vlan_number), '-o', device_by_vlan(10), '!', '-d', '192.168.0.0/16', '-m', 'comment', '--comment', UID_O]
  55. cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
  56. print(cmd.stdout)
  57. else:
  58. my_cmd = ['sudo', '-S', 'iptables', '-D', 'FORWARD', str(rn)]
  59. cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
  60. print(cmd.stdout)
  61. elif args.log_to_internet:
  62. password = getpass("password: ")
  63. print()
  64. rn = get_rule_num('forward', UID_L)
  65. if rn is None:
  66. print("Add rule:", UID_L)
  67. else:
  68. print("Remove rule:", UID_L)
  69. if getpass('Proceed? [Y/n]') in ['', 'y', 'Y']:
  70. if rn is None:
  71. my_cmd = ['sudo', '-S', 'iptables', '-A', 'FORWARD', '-j', 'LOG', '-i', device_by_vlan(args.vlan_number), '-o', device_by_vlan(10), '!', '-d', '192.168.0.0/16', '-m', 'comment', '--comment', UID_L]
  72. cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
  73. print(cmd.stdout)
  74. print("Use 'sudo ~/bin/ftail /var/log/kern.log' to view the logs.")
  75. else:
  76. my_cmd = ['sudo', '-S', 'iptables', '-D', 'FORWARD', str(rn)]
  77. cmd = subprocess.run(my_cmd, stdout=subprocess.PIPE, input=password, encoding="ascii",)
  78. print(cmd.stdout)
  79. else:
  80. print("************************")
  81. print("* No action specified! *")
  82. print("************************")
  83. print()
  84. parser.print_help()