当前位置: 首页 > 图文教程 > 服务器 > Linux服务器 > Linux服务器上适用的防火墙分析

Linux服务器
中小企业服务器配置-邮件服务器(1)
中小企业服务器配置-邮件服务器(2)
典型WEB服务器Apache高级设置指南
从HTTP服务器状态代码分析
基于反向代理的Web缓存加速现代理服务器
在ApacheHTTPD服务器中使用DSO完全分析
组网不求人!搭建简易Linux局网服务器
基于NUMA架构的高性能服务器技术(1)
基于NUMA架构的高性能服务器技术(2)
复制另一台Linux服务器及相关问题
Linux服务器之间怎么样SSH不需密码
Rsync在服务器间镜像或者备份目录
服务器诊所:鲜为人知但很有用的观念
服务器诊所:并不是仅仅就是线程化而已
服务器诊所:PDF自动生成专业质量输出
用低代价的服务器过程将文档处理自动化
设置一个企业级的LinuxPOP3服务器
WEB服务器Apache编译指南及高级技巧
给Qmail邮件服务器加个病毒防火墙
LinuxCVS服务器与WinCVS的配置与使用

Linux服务器上适用的防火墙分析


出处:互联网   整理: 软晨网(RuanChen.com)   发布: 2009-10-18   浏览: 36 ::
收藏到网摘: n/a


#!/bin/bash
echo-e"\t\t\033[1;31mRainLowfirewall\033[mserverversion1.0rc1--09/24/2004\n"
echo-e"############################################"
echo-e"Thissoftwaremaybeusedanddistributedaccordingto"
echo-e"thetermsoftheGNUGeneralPublicLicense(GPL)provided"
echo-e"creditisgiventotheoriginalauthor."
echo-e"\t\t\t\033[1;31mCopyright(c)2004rainlow\033[m\n"
echo-e"\t\t\t\tAllrightsreserved\n\n\n"
echo-e"#######################################"

#nowbeginsthefirewall
echo-e"\n\t\t\tWelcometo\033[3;31mRainlowFirewall\033[0m\n\n"
echo-e"\t\t\t\t\033[1;32mhttp://www.rainlow.com\033[m\n"


PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
./etc/init.d/functions

exit_failure()
{
echo-en"\t\033[3;031m[FAILED]\033[0m\n"
echo-en"\033[3;031m->FATAL:$FAILURE\033[0m\n"
echo-en"\033[3;031m->**ABORTED**.\033[0m\n"
exit1
}

check_root()
{
ROOT_ID=0
echo"Checkingifyouareroot...."
if["$UID"="$ROOT_ID"]
then
echo-e"\n\tOK!continue....\n"
echo-e"\a"
else
echo-e"Sorry,youarenotrootandnotpermittedtodothisoption...\n"
echo-e"\a"
FAILURE="youcannotrunthiscommand,youmustberoottodothis"
exit_failure

fi
}

check_enviroment()
{
echo-e"\t\t\033[1;31mNowCheckingsoftwareenvrioment\033[m\n"

OS=`uname-s`
_OS=$OS
if["$_OS"!="Linux"];then
FAILURE="Sorrythisversioncanonlyworkunderlinux"
exit_failure
else
echo-en"\t\t\033[1;32mPASS\033[m\n"
fi

KERNELMAJ=`uname-r|sed-e's,\..*,,'`
KERNELMIN=`uname-r|sed-e's,[^\.]*\.,,'-e's,\..*,,'`

if["$KERNELMAJ"-lt2];then
FAILURE="Sorryyoukernelistooold,pleaseupgradeitfirst!"
exit_failure
fi
if["$KERNELMAJ"-eq2-a"$KERNELMIN"-lt4];then
FAILURE="onlykernelgreaterthan2.4issupported"
exit_failure
fi

if((`iptables-V2>&1|grep-c"Commandnotfound"`));then

FAILURE="cannotfindiptablescommandyoumustinstalliptablesfirst"
exit_failure
fi

if!((`whichmodprobe2>&1|grep-c"which:nomodprobein"`))&&
        ([-a/proc/modules]||![-a/proc/version]);then
if((`lsmod|grep-c"ipchains"`));then
rmmodipchains>/dev/null2>&1
fi
fi

}

wait()
{
echo|awk'{printf"||",$1}'
forxin`seq110`;
do
sleep1
echo"#"|awk'{printf"%s",$1}'
done

echo-en"\n"
}

iptables()
{
/sbin/iptables"$@"
}

mp()
{
/sbin/modprobe"$@"
}

load_module()
{
if[-e/lib/modules/`uname-r`/kernel/net/ipv4/netfilter/ip_tables.o]
then
echo-e"\n\tLoadingiptablesmodulespleasewait...."
mpip_tables
mpipt_LOG
mpipt_owner
mpipt_MASQURADE
mpipt_REJECT
mpipt_conntrack_ftp
mpipt_conntrack_irc
mpiptable_filter
mpiptable_nat
mpiptable_mangle
mpip_conntrack
mpipt_limit
mpipt_state
mpipt_unclean
mpipt_TCPMSS
mpipt_TOS
mpipt_TTL
mpipt_quota
mpipt_iplimit
mpipt_pkttype
mpipt_ipv4options
mpipt_MARK
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
else
echo-e"\tSorry,noiptablesmodulesfound!!"
fi
}

ip_stack_adjust()
{
if[-e/proc/sys/net/ipv4/ip_forward]

then
echo-e"enableip_forward.pleasewait...."
echo0>/proc/sys/net/ipv4/ip_forward
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ip_default_ttl]

then
echo-e"changingdefaultttl...."
echo88>/proc/sys/net/ipv4/ip_default_ttl
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
echo-e"\n\tdisabledynamicipsupport...."
echo0>/proc/sys/net/ipv4/ip_dynaddr
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"

if[-e/proc/sys/net/ipv4/ip_no_pmtu_disc]

then
echo-e"disablepathmtudiscovery.pleasewait...."
echo0>/proc/sys/net/ipv4/ip_no_pmtu_disc
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi

if[-e/proc/sys/net/ipv4/ipfrag_high_thresh]

then
echo-e"changingipfrag_high_thresh.pleasewait...."
echo5800>/proc/sys/net/ipv4/ipfrag_high_thresh
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ipfrag_low_thresh]

then
echo-e"changingipfrag_low_thresh.pleasewait...."
echo2048>/proc/sys/net/ipv4/ipfrag_low_thresh
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ipfrag_time]

then
echo-e"changingipfrag_low_thresh.pleasewait...."
echo20>/proc/sys/net/ipv4/ipfrag_time
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/ipfrag_secret_interval]

then
echo-e"changingipfrag_secret_interval.pleasewait...."
echo600>/proc/sys/net/ipv4/ipfrag_secret_interval
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_syn_retries]

then
echo-e"changingtcp_syn_retries.pleasewait...."
echo4>/proc/sys/net/ipv4/tcp_syn_retries
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_synack_retries]

then
echo-e"changingtcp_synack_retries.pleasewait...."
echo4>/proc/sys/net/ipv4/tcp_synack_retries
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_keepalive_time]

then
echo-e"changingtcp_keepalive_time.pleasewait...."
echo300>/proc/sys/net/ipv4/tcp_keepalive_time
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_keepalive_probes]

then
echo-e"changingtcp_keepalive_probes.pleasewait...."
echo4>/proc/sys/net/ipv4/tcp_keepalive_probes
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_keepalive_intvl]

then
echo-e"changingtcp_keepalive_intvl.pleasewait...."
echo60>/proc/sys/net/ipv4/tcp_keepalive_intvl
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi
if[-e/proc/sys/net/ipv4/tcp_retries1]

then
echo-e"changingtcp_retriest.pleasewait...."
echo3>/proc/sys/net/ipv4/tcp_retries1
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi

if[-e/proc/sys/net/ipv4/tcp_retries2]

then
echo-e"changingtcp_retriest.pleasewait...."
echo15>/proc/sys/net/ipv4/tcp_retries2
echo-e"\t\t\t\t\033[3;032m[OK]\033[0m\n"
fi

if[-e/proc/sys/net/ipv4/tcp_orphan_retries]

then
echo-e"disabletcp