mirror of
https://github.com/drk1wi/portspoof.git
synced 2024-06-30 18:51:39 +00:00
Add improved init.d script
This commit is contained in:
parent
70b6bf2ad9
commit
8fe2b0fe05
79
system_files/init.d/portspoof_improved.sh
Executable file
79
system_files/init.d/portspoof_improved.sh
Executable file
@ -0,0 +1,79 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Starts and stops Portspoof daemon
|
||||||
|
|
||||||
|
setup_iptables() {
|
||||||
|
# Allowed ports
|
||||||
|
unfilteredPorts="53 80 443 49152:65534"
|
||||||
|
interfaces="eth0"
|
||||||
|
|
||||||
|
iptables -t nat -N PREPORTSPOOF 2> /dev/null
|
||||||
|
iptables -t nat -F PREPORTSPOOF
|
||||||
|
|
||||||
|
iptables -t nat -N PORTSPOOF 2> /dev/null
|
||||||
|
iptables -t nat -F PORTSPOOF
|
||||||
|
|
||||||
|
iptables -t nat -A PORTSPOOF -p tcp -j LOG --log-prefix 'PORTSPOOF ' --log-level 4
|
||||||
|
iptables -t nat -A PORTSPOOF -p tcp -j REDIRECT --to-ports 4444
|
||||||
|
iptables -t nat -A PORTSPOOF -p udp -j LOG --log-prefix 'PORTSPOOF ' --log-level 4
|
||||||
|
iptables -t nat -A PORTSPOOF -p udp -j REDIRECT --to-ports 4444
|
||||||
|
|
||||||
|
# Disable LAN spoofing
|
||||||
|
#iptables -t nat -A PREPORTSPOOF -s 192.168.0.0/24 -j RETURN
|
||||||
|
|
||||||
|
rules=$(iptables -t nat -vnL PREROUTING --line-numbers|grep "/\* PORTSPOOF-REDIRECT \*/"|awk '{ print $1 }'|tac)
|
||||||
|
for rule in ${rules}; do
|
||||||
|
iptables -t nat -D PREROUTING ${rule}
|
||||||
|
done
|
||||||
|
for int in ${interfaces}; do
|
||||||
|
for port in ${unfilteredPorts}; do
|
||||||
|
iptables -t nat -A PREPORTSPOOF -i ${int} -p tcp -m tcp --dport ${port} -j RETURN
|
||||||
|
iptables -t nat -A PREPORTSPOOF -i ${int} -p udp -m udp --dport ${port} -j RETURN
|
||||||
|
done
|
||||||
|
|
||||||
|
iptables -t nat -A PREPORTSPOOF -p tcp -m tcp -i ${int} -j PORTSPOOF
|
||||||
|
iptables -t nat -A PREPORTSPOOF -p udp -m udp -i ${int} -j PORTSPOOF
|
||||||
|
|
||||||
|
iptables -t nat -A PREROUTING -i ${int} -j PREPORTSPOOF -m comment --comment "PORTSPOOF-REDIRECT"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
case "$1" in
|
||||||
|
start)
|
||||||
|
if ! pidof portspoof > /dev/null; then
|
||||||
|
count=$(iptables -t nat -N PREPORTSPOOF 2>&1|wc -l)
|
||||||
|
if [ "$count" -eq 0 ]; then
|
||||||
|
setup_iptables
|
||||||
|
elif [ "$count" -eq 1 ]; then
|
||||||
|
echo "iptables rules already loaded, skipping."
|
||||||
|
else
|
||||||
|
echo "Failed loading iptables rules."
|
||||||
|
fi
|
||||||
|
echo "Starting Portspoof..."
|
||||||
|
/usr/local/bin/portspoof -D -c /usr/local/etc/portspoof.conf -s /usr/local/etc/portspoof_signatures
|
||||||
|
else
|
||||||
|
echo "Portspoof already running."
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
stop)
|
||||||
|
if pidof portspoof > /dev/null; then
|
||||||
|
killall portspoof > /dev/null
|
||||||
|
echo "Portspoof stopped."
|
||||||
|
else
|
||||||
|
echo "Portspoof not running."
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
|
||||||
|
reload)
|
||||||
|
setup_iptables
|
||||||
|
;;
|
||||||
|
|
||||||
|
restart)
|
||||||
|
$0 stop
|
||||||
|
$0 start
|
||||||
|
;;
|
||||||
|
|
||||||
|
*)
|
||||||
|
echo "Usage: $0 {start|stop|reload|restart}"
|
||||||
|
exit 1
|
||||||
|
esac
|
Loading…
Reference in New Issue
Block a user