| #!/bin/bash |
| |
| # Licensed to the Apache Software Foundation (ASF) under one or more |
| # contributor license agreements. See the NOTICE file distributed with |
| # this work for additional information regarding copyright ownership. |
| # The ASF licenses this file to You under the Apache License, Version 2.0 |
| # (the "License"); you may not use this file except in compliance with |
| # the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| |
| # $1 = source IP range |
| # $2 = flag for persistence |
| |
| if [ -z "$1" ]; then |
| source="any" |
| else |
| source="$1" |
| fi |
| |
| if [ -n "$2" ]; then |
| persist=1 |
| fi |
| |
| # find available rule number |
| unset -v i new_rule idvar |
| declare -i new_rule=0 i=12300 idvar=0 |
| while [[ $idvar -eq 0 ]]; do |
| if [[ -z "$(grep $i /etc/ipfilter/ipfw.conf.apple)" ]]; then |
| new_rule=$i |
| idvar=1 |
| #break |
| fi |
| i=$[i-1] |
| done |
| |
| declare -i i=$new_rule idvar=0 |
| while [[ $idvar -eq 0 ]]; do |
| if [[ -z "$(grep $i /etc/ipfilter/ipfw.conf)" ]]; then |
| new_rule=$i |
| idvar=1 |
| #break |
| fi |
| i=$[i-1] |
| done |
| |
| if [ -n "$(ipfw list | grep 'dst-port 3389')" ]; then |
| echo "active firewall already contains rdp rule " |
| else |
| ipfw add $new_rule allow tcp from $source to any dst-port 3389 |
| fi |
| |
| if [ -n "$persist" ]; then |
| if [ -n "$(grep 'dst-port 3389' /etc/ipfilter/ipfw.conf)" ]; then |
| echo "RDP persistence already set" |
| else |
| echo "add $new_rule allow tcp from $source to any dst-port 3389" >> /etc/ipfilter/ipfw.conf |
| fi |
| fi |
| |
| |