#!/bin/sh # Defcon4- A firewall Script for Ipchains- Should work with most Distro's # Tested on Redhat 5.x, 6.x all kernels above 2.2.x # Latest script is available at http://www.vap0r.com # Vap0r 2/19/99 - Vap0r @gte.net # # Installing- # Copy this to somewhere in your path for root- (/usr/sbin) # cp defcon4 /usr/sbin/ # chmod it so you can execute it: chmod 700 defcon4 # Now as root, run it! # You may have to change the interfaces below # # How Does This Work? # Basically this uses NAT- Network Adress Translation to hide the machines on your local # network. The rules that get applied are for blocking exact ports and prevent your # machine from being accessed without your permission. Keep in mind that this is a good # starting point, the default rules tighten it up pretty good but it needs to be customized # for your needs. If you have any questions feel free to email me ;)# # # version="4.5" # Revised 2/5/00 - Added Cool Interface and cleaned up some crap # Revised 2/15/00 - Added spoofing protection (really should be done # before the interfaces are brought up) - Whatever......... # Revised 4/15/00 - Changed the Net mask for the GET segment- Thanks to Barjin # for pointing out my error! (externalnet) # 11/4/00 - Added command line usage to help clean things up a bit. Email me with # your thoughts or Ideas!!! I want to hear it! Let me have it!! # 12/4/00 - Cleaned things up a bit- also ensured defautl policy for input is # Set to deny. Also removed the --sport flags for Bootp had trouble with # newer versions of ipchains # 2/1/01 - More Cleanup, added support for Red Alert 2 and also killed # Windows 2000 Netbios crap on port 445 # # Use Defcon4 --help for commands. # Legal Mumbo Jumbo - # The script is a good starting point- it does have holes! # This script may be used for personal non-commercial use. Using for # any business purpose is forbidden unless written permission is given. # By using this you agree to not hold the author liable for anything # # Thanks to Barjin for his beta testing and brain power :) # I'm using Ipchains version 1.3.9 # You Must be ROOT to run this script (Duh) # Set the following variables to match your network # ############################### # User Defined Variables # ############################################################## internet="eth0" #Device of your internet # local="eth1" #Device of your local net # IPCHAINS="/sbin/ipchains" #Path to ipchains # ############################################################## # End of User Variables # ############################## #Snagging (hopefully) your IP for the internet or ext if [ -x /sbin/ip ]; then [ -z "$ip" ] && EXTERNALIP=`ip addr show $internet | grep inet | sed s/" "// | cut -d' ' -f 2 | cut -d'/' -f1` useip="Yes" else [ -z "$ip" ] && EXTERNALIP=`ifconfig $internet | awk '/inet addr/ { sub(/inet addr:/, ""); print $1}'` useip="" fi #Snagging (hopefully) your IP for the local interface if [ -x /sbin/ip ]; then [ -z "$ip" ] && INTERNALIP=`ip addr show $local | grep inet | sed s/" "// | cut -d' ' -f 2 | cut -d'/' -f1` useip="Yes" else [ -z "$ip" ] && INTERNALIP=`ifconfig $local | awk '/inet addr/ { sub(/inet addr:/, ""); print $1}'` useip="" fi # Get local subnet in the form ip/netmask if [ -n "$useip" ]; then INTERNALNET=`ip addr show $local | grep inet | sed s/" "// | cut -d' ' -f 2` else INTERNALNET=`ifconfig $local | awk '/inet addr/ { sub(/inet addr:/, ""); sub(/Bcast:.*Mask:/, "" ); print $1 "/" $2 }'` fi # Get external subnet in the form ip/netmask # Lora here- brb if [ -n "$useip" ]; then EXTERNALNET=`ip addr show $internet | grep inet | sed s/" "// | cut -d' ' -f 2` else EXTERNALNET=`ifconfig $internet | awk '/inet addr/ { sub(/inet addr:/, ""); sub(/Bcast:.*Mask:/, "" ); print $1 "/" $2 }'` fi # First Clear the screen- # out if you dont have clear in /usr/bin /usr/bin/clear INTERNALIF=$local EXTERNALIF=$internet echo -e "\033[1;36m" echo -e "Defcon4-$version probing $HOSTNAME - `date`\\n" lora="Fin" mario="ack" echo -e "\033[0m" ############################ # Define Stop Defcon4 # ############################ stop_firewall() { if [ -n "`ipchains -L -n | grep 'Chain defcon4'`" ]; then ipchains -F defcon4 ipchains -X defcon4 fi ipchains -P input DENY ipchains -F input ipchains -A input -i lo -j ACCEPT # Enable local interfaces for interface in $local; do ipchains -A input -i $interface -j ACCEPT done ipchains -P forward DENY ipchains -F forward ipchains -P output DENY ipchains -F output ipchains -A output -i lo -j ACCEPT # Allow DHCP to work for interface in $local; do ipchains -A output -i $interface -j ACCEPT done # Allow for Bootps and Bootpc- Thanks to John for pointing out the # the incompatabilities with the newer 1.3.9 ipchains ipchains -A output -i $internet -p UDP -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A output -i $internet -p TCP -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A output -i $internet -p UDP -s 0/0 -d 0/0 68 -j ACCEPT ipchains -A output -i $internet -p TCP -s 0/0 -d 0/0 68 -j ACCEPT ipchains -A input -i $internet -p UDP -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A input -i $internet -p TCP -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A input -i $internet -p UDP -s 0/0 -d 0/0 68 -j ACCEPT ipchains -A input -i $internet -p TCP -s 0/0 -d 0/0 68 -j ACCEPT } ############################## # Clear out Defcon4 # ############################## clear_firewall() { stop_firewall ipchains -P input ACCEPT ipchains -F input ipchains -P forward ACCEPT ipchains -F forward ipchains -P output ACCEPT ipchains -F output echo "" ipchains -L logger "Defcon4 Cleared - Default policy is Accept" echo "Defcon4 Cleared - Default Policy is Accept" } ############################## # Error trap for chains # ############################## run_ipchains() { if ( ! ipchains $* ); then stop_firewall exit 1 fi } ############################## # Lets get it going # ############################## define_firewall() # $1 = Command (Start or Restart) { echo -e "\033[1;36m" echo "${1}ing Defcon4..." echo "After carefully probing your system," echo "Here is what I came up with:" echo -e "\033[1;33m++++++++++++++++++++++++++++++++++++" echo "Internal Device ->$local" echo "Internal IP ->$INTERNALIP" echo "Internal Network->$INTERNALNET" echo "++++++++++++++++++++++++++++++++++++" echo -e "\033[1;32m" echo "External Device ->$internet" echo "External IP ->$EXTERNALIP" echo "External Network->$EXTERNALNET" echo "++++++++++++++++++++++++++++++++++++" (sleep 3) echo echo -e "\033[0m" # Set Dummy rule to indicate Defcon is runnign if [ -n "`ipchains -L -n | grep 'Chain defcon4'`" ]; then ipchains -F defcon4 ipchains -X defcon4 fi # Add dummy rule so we know Defcon4 is loaded ipchains -N defcon4 echo -e "\033[1;36m" echo " Welcome to DEFCON4" (sleep 1) echo "Flushing everything [ OK ]" # Incoming packets from the outside world $IPCHAINS -F input # Outgoing packets from the internal world $IPCHAINS -F output # Forwarding/masquerading $IPCHAINS -F forward # This makes sure that ip forwarding is active if [ -n "$local" ]; then echo "Enabling IP Forwarding [ OK ]" echo 1 > /proc/sys/net/ipv4/ip_forward fi # Spoof protection If this doesnt work for you, just put # in front # of the next 9 lines (just up to fi) echo "Attempting SPOOF protection [ OK ]" # This is the best method: turn on Source Address Verification if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo -n "Setting up IP spoofing protection..." for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done echo " [ OK ]" else echo PROBLEMS SETTING UP IP SPOOFING PROTECTION. NOT GOOD! fi echo "Allow all connections on the internal interface [ OK ]" # $IPCHAINS -A input -i $INTERNALIF -s 0/0 -d 0/0 -j ACCEPT $IPCHAINS -A output -i $INTERNALIF -s 0/0 -d 0/0 -j ACCEPT $IPCHAINS -A input -i lo -s 0/0 -d 0/0 -j ACCEPT $IPCHAINS -A output -i lo -s 0/0 -d 0/0 -j ACCEPT # # echo "Starting IP Masq [ OK ]" ### dont masq internal-internal traffic $IPCHAINS -A forward -s $INTERNALNET -d $INTERNALNET -j ACCEPT # ## dont masq external interface direct echo "Not masqing internal traffic [ OK ]" $IPCHAINS -A forward -s $EXTERNALIP -d 0/0 -j ACCEPT ## masquerade all internal IP's going outside echo "Masq all internal IP's going out [ OK ]" $IPCHAINS -A forward -s $INTERNALNET -d 0/0 -j MASQ # Type of Service (TOS) bit echo "Setting telnet, WWW and FTP for minimum delay [ OK ]" $IPCHAINS -A output -p tcp -d 0/0 www -t 0x01 0x10 $IPCHAINS -A output -p tcp -d 0/0 telnet -t 0x01 0x10 $IPCHAINS -A output -p tcp -d 0/0 ftp -t 0x01 0x10 # Set ftp-data for maximum throughput $IPCHAINS -A output -p tcp -d 0/0 ftp-data -t 0x01 0x08 # $IPCHAINS -A input -p udp -s 127.0.0.1 -d 127.0.0.1 111 -j ACCEPT echo "Allowing ftp-data 20 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 20 -j ACCEPT echo "Allowing ftp 21 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 21 -j ACCEPT echo "Allowing SSH 22 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 22 -j ACCEPT # smtp echo "Adding SMTP 25 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 25 -j ACCEPT #whois echo "Adding WHOIS 43 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 43 -j ACCEPT echo "Allowing DNS 53 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 53 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 53 -j ACCEPT echo "Adding BOOTP 67 [ OK ]" echo "Adding BOOTP 68 [ OK ]" ipchains -A output -i $internet -p udp -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A output -i $internet -p tcp -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A output -i $internet -p udp -s 0/0 -d 0/0 68 -j ACCEPT ipchains -A output -i $internet -p tcp -s 0/0 -d 0/0 68 -j ACCEPT ipchains -A input -i $internet -p udp -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A input -i $internet -p tcp -s 0/0 -d 0/0 67 -j ACCEPT ipchains -A input -i $internet -p udp -s 0/0 -d 0/0 68 -j ACCEPT ipchains -A input -i $internet -p tcp -s 0/0 -d 0/0 68 -j ACCEPT (sleep 1) echo "Allowing http 80 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 80 -j ACCEPT #echo "Allowing Visual Route 85 [ OK ]" #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 85 -j ACCEPT #$IPCHAINS -A input -p udp -s 0/0 -d 0/0 85 -j ACCEPT echo "Allowing POP-3 110 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 110 -j ACCEPT echo "Allowing indentd 113 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 113 -j ACCEPT echo "Allowing NNTP News 119 [ OK ]" #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 119 -j ACCEPT ##### Added by Barj1n ####### #echo "Allowing IMAP4 (TCP) 143 [ OK ]" #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 143 -j ACCEPT echo "Allowing https 443 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 443 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 123 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 123 -j ACCEPT ##### Added by Barj1n ####### #echo "Allowing Secure NNTP News (SSL) 563 [ OK ]" #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 563 -j ACCEPT ##### Added by Barj1n ####### #echo "Allowing Secure IMAP4 (SSL) 933 [ OK ]" #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 933 -j ACCEPT ##### Added by Barj1n ####### #echo "Allowing Secure POP-3 (SSL) 995 [ OK ]" #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 995 -j ACCEPT ##### Added by Barj1n ####### echo "Allowing Terminal Services 3389 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 3389 -j ACCEPT echo "Adding Red Alert 2 tcp 4000,5000 amd 1140 udp 1234:1237 [ OK ]" $IPCHAINS -A input -p udp -s 0/0 -d 0/0 1234 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 1235 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 1236 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 1237 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 4000 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 1140 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 5400 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 7000 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 7001 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 3840 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 4005 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 4808 -j ACCEPT $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 4810 -j ACCEPT #echo "Adding Rodger Wilco 3782 [ OK ]" #$IPCHAINS -A input -p udp -s 0/0 -d 0/0 3782 -j ACCEPT #$IPCHAINS -A input -p tcp -s 0/0 -d 0/0 3782 -j ACCEPT echo "Adding Quake2 27910 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 27910 -j ACCEPT echo "Adding Unreal Tourney 7777/7778 [ OK ]" $IPCHAINS -A input -p udp -s 0/0 -d 0/0 7778 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 7777 -j ACCEPT ######################################################################### # # # Add your customized additions here # ######################################################################### # # # # ## High unpriv ports This is a very large hole! It was left open so # Most games will work without having to mess with opening ports up # If you dont play a lot of online games, place a # in front of the next 3 lines echo "Adding unpriv ports 1023:65635 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 1023:65535 -j ACCEPT $IPCHAINS -A input -p udp -s 0/0 -d 0/0 1023:65535 -j ACCEPT echo "Allowing incoming ICMP [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p icmp -s 0/0 -d 0/0 -j ACCEPT $IPCHAINS -A input -i $INTERNALIF -p icmp -s 0/0 -d 0/0 -j ACCEPT $IPCHAINS -P input DENY (sleep 1) echo "" echo -e "\033[1;33m" echo " Adding Deny Rules- This is sorta redundant :D { OK }" echo "" (sleep 1) ## ICMP #$IPCHAINS -A output -i eth0 -p udp -s 0/0 -d 0/0 1031 -l -j DENY #$IPCHAINS -A output -i eth0 -p tcp -s 0/0 -d 0/0 1031 -l -j DENY echo "Killing ICMP attacks (Not engaged) [ OK ]" # Use this to deny ICMP attacks from specific addresses #$IPCHAINS -A input -b -i $EXTERNALIF -p icmp -s
-d 0/0 -j DENY # echo "Killing telnet session 23 [ OK ]" $IPCHAINS -A input -p tcp -s 0/0 -d 0/0 23 -l -j DENY # echo "Killing NetBios- no logging 137 [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 137 -j DENY $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 137 -j DENY echo "Killing NetBEUI 139 [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 139 -j DENY $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 139 -j DENY $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 138 -j DENY $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 138 -j DENY echo "Killing NetBios 2000 445 [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 445 -l -j DENY $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 445 -l -j DENY # echo "Killing MS-SQL 1433 [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 1433 -l -j DENY $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 1433 -l -j DENY # echo "Killing NFS 2049 [ OK ]" #$IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 2049 -l -j DENY #$IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 2049 -l -j DENY # echo "Killing postgresSQL 5432 [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 5432 -l -j DENY $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 5432 -l -j DENY echo "Killing X11disp:0-:2- 5999:6003 [ OK ]" $IPCHAINS -A input -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 5999:6003 -l -j DENY $IPCHAINS -A input -i $EXTERNALIF -p udp -s 0/0 -d 0/0 5999:6003 -l -j DENY echo "" echo -e "\033[1;31m" echo " Initiating OUTBOUND rule set { OK }" (sleep 2) echo " " echo "Allowing outgoing ICMP [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p icmp -s 0/0 -d 0/0 -j ACCEPT $IPCHAINS -A output -i $INTERNALIF -p icmp -s 0/0 -d 0/0 -j ACCEPT #killing outbound NB echo "Killing NetBios 137 [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 137 -j DENY $IPCHAINS -A output -i $EXTERNALIF -p udp -s 0/0 -d 0/0 137 -j DENY echo "Killing NetBEUI 139 [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 139 -j DENY $IPCHAINS -A output -i $EXTERNALIF -p udp -s 0/0 -d 0/0 139 -j DENY $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 138 -j DENY $IPCHAINS -A output -i $EXTERNALIF -p udp -s 0/0 -d 0/0 138 -j DENY echo "Killing Rip/SAP 513 [ OK ]" $IPCHAINS -A output -p tcp -s 0/0 -d 0/0 513 -j DENY $IPCHAINS -A output -p udp -s 0/0 -d 0/0 513 -j DENY echo "Killing X11disp:0-:2- 5999:6003 [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 5999:6003 -l -j DENY $IPCHAINS -A output -i $EXTERNALIF -p udp -s 0/0 -d 0/0 5999:6003 -l -j DENY echo "Killing Back Orifice ports 31337 [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 31337 -j DENY $IPCHAINS -A output -i $EXTERNALIF -p udp -s 0/0 -d 0/0 31337 -j DENY echo "Killing Webmin port 10000 [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 10000 -l -j DENY echo "Killing NetBus ports 12345:12346 [ OK ]" $IPCHAINS -A output -i $EXTERNALIF -p tcp -s 0/0 -d 0/0 12345:12346 -j DENY $IPCHAINS -A output -i $EXTERNALIF -p udp -s 0/0 -d 0/0 12345:12346 -j DENY ## set default policies ## ipchains reverts to these if it hasn't matched any of the previous ## rules. echo " Deny the rest of it [ OK ]" echo "" $IPCHAINS -A input -l -j DENY $IPCHAINS -A output -j ACCEPT $IPCHAINS -A forward -j ACCEPT echo -e "\033[1;32m +---------------------------------------------+" echo " | Locked up! Should be tight now |" echo " | As always, Vaporware is free! |" echo " | 2/17/99 - Buddha |" echo " | Get the latest script @ |" echo " | http://www.vap0r.com |" echo " | vap0r@gte.net |" echo " +---------------------------------------------+" (sleep 2) echo -e "\033[0m" echo -E logger "Defcon4 ${1}ed" } ##################### # Define Usage # ##################### usage() { echo "Usage: $0" echo " {[start|stop|clear|reset|restart|status|masq|con|mod|dump]}" echo echo " start/stop/restart stop flushes rules and defaults to deny" echo " clear: Removes Defcon4 and puts system into accept all" echo " reset: Resets counters back to zero" echo " status: Gives a detailed list of rules" echo " Integrated tools---------------------------------" echo " masq: Displays a list of masq connections (NAT)" echo " con: Display a list of connections (slow)" echo " mod: Display a list of modules loaded" echo " dump: Dumps the rules to $home/defcon.txt" echo " Updates at http://www.vap0r.com " echo " Please email any ideas you have to make this better" echo " vap0r@gte.net" exit 1 } ##################### # Get Command # ##################### [ $# -ne 1 ] && usage PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin case "$1" in stop) echo -e "\033[1;31m" echo -n "Stopping Defcon4..." stop_firewall [ -n "$lockfile" ] && rm -f $lockfile echo "" ipchains -L logger "Defcon4 Stopped - Default policy is Deny" echo "Defcon4 Stopped - Default policy is Deny" echo -e "\033[0m" ;; start) if [ -n "`ipchains -L -n | grep 'Chain defcon4'`" ]; then [ -n "$lockfile" ] && touch $lockfile echo "Defcon4 Already Started" exit 0; fi define_firewall "Start" && [ -n "$lockfile" ] && touch $lockfile ;; restart) if [ -n "`ipchains -L -n | grep 'Chain defcon4'`" ]; then define_firewall "Restart" else echo "Defcon4 Not Currently Running" define_firewall "Start" fi [ $? -eq 0 ] && [ -n "$lockfile" ] && touch $lockfile ;; status) echo -e "Defcon4-$version Status at $HOSTNAME - `date`\\n" ipchains -L -n -v|more ;; reset) ipchains -Z input ipchains -Z output ipchains -Z forward echo "Defcon4 Counters Reset" logger "Defcon4 Counters Reset" ;; masq) echo -e "\033[1;36m" netstat -M echo -e "\033[0m" ;; con) netstat -a ;; mod) echo -e "\033[1;31m" lsmod echo -e "\033[0m" ;; dump) echo "Dumping rules to defcon.txt in your home directory..." ipchains -L -n > $HOME/defcon4.txt echo "Completed dump to $HOME/defcon4.txt" ;; clear) echo -n "Clearing Defcon4...." clear_firewall [ -n "$lockfile" ] && rm -f $lockfile ;; *) usage ;; esac