From 9a088f308042aa5eeb4b8a446682e71004d6ad01 Mon Sep 17 00:00:00 2001 From: Steffen Vogel Date: Fri, 12 Sep 2014 09:03:10 +0000 Subject: [PATCH] added script for blocking direct tinc traffic git-svn-id: https://zerberus.eonerc.rwth-aachen.de:8443/svn/s2ss/trunk@252 8ec27952-4edc-4aab-86aa-e87bb2611832 --- contrib/tinc.sh | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100755 contrib/tinc.sh diff --git a/contrib/tinc.sh b/contrib/tinc.sh new file mode 100755 index 000000000..a93de032d --- /dev/null +++ b/contrib/tinc.sh @@ -0,0 +1,45 @@ +#!/bin/sh + +# die on error +set -e + +if [ "$(hostname)" != "acs-s2ss" ]; then + echo "This script has to be run only acs-s2ss!" 1>&2 + exit 1 +fi + +if [ "$(id -u)" != "0" ]; then + echo -e "This script must be run as root" 1>&2 + exit 1 +fi + +IP=78.91.103.24 +PORT=12010 +IPT=iptables +RULE1="-p udp --dport $PORT -s $IP -j REJECT" +RULE2="-p tcp --dport $PORT -s $IP -j REJECT" + +case $1 in + block) + $IPT -I INPUT 1 $RULE1 + $IPT -I INPUT 1 $RULE2 + service tincd restart + ;; + + unblock) + $IPT -D INPUT $RULE1 + $IPT -D INPUT $RULE2 + service tincd restart + ;; + + status) + $IPT -C INPUT $RULE1 && echo "Tinc UDP is blocked" + $IPT -C INPUT $RULE2 && echo "Tinc TCP is blocked" + + echo -n "Sintef " + tinc -n s2ss info sintef | grep "Reachability" + + echo -n "Frankfurt " + tinc -n s2ss info fra | grep "Reachability" + ;; +esac