added script for blocking direct tinc traffic

git-svn-id: https://zerberus.eonerc.rwth-aachen.de:8443/svn/s2ss/trunk@252 8ec27952-4edc-4aab-86aa-e87bb2611832
2025-03-09 00:00:00 +01:00 · 2014-09-12 09:03:10 +00:00 · 2014-09-12 09:03:10 +00:00 · 9a088f3080
commit 9a088f3080
parent d0c8436086
1 changed files with 45 additions and 0 deletions
--- a/contrib/tinc.sh
+++ b/contrib/tinc.sh
@ -0,0 +1,45 @@
+#!/bin/sh
+
+# die on error
+set -e
+
+if [ "$(hostname)" != "acs-s2ss" ]; then
+	echo "This script has to be run only acs-s2ss!" 1>&2
+	exit 1
+fi
+
+if [ "$(id -u)" != "0" ]; then
+	echo -e "This script must be run as root" 1>&2
+	exit 1
+fi
+
+IP=78.91.103.24
+PORT=12010
+IPT=iptables
+RULE1="-p udp --dport $PORT -s $IP -j REJECT"
+RULE2="-p tcp --dport $PORT -s $IP -j REJECT"
+
+case $1 in
+    block)
+	$IPT -I INPUT 1 $RULE1 
+	$IPT -I INPUT 1 $RULE2
+	service tincd restart
+	;;
+
+    unblock)
+	$IPT -D INPUT $RULE1
+	$IPT -D INPUT $RULE2
+	service tincd restart
+	;;
+
+    status)
+	$IPT -C INPUT $RULE1 && echo "Tinc UDP is blocked"
+	$IPT -C INPUT $RULE2 && echo "Tinc TCP is blocked"
+
+	echo -n "Sintef "
+	tinc -n s2ss info sintef | grep "Reachability"
+
+	echo -n "Frankfurt "
+	tinc -n s2ss info fra | grep "Reachability"
+	;;
+esac