blob: 07d554b81190bb42fb612eebd582d1d904340e03 [file] [log] [blame]
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# $1 = source IP range
# $2 = flag for persistence
if [ -z "$1" ]; then
source="any"
else
source="$1"
fi
if [ -n "$2" ]; then
persist=1
fi
# find available rule number
unset -v i new_rule idvar
declare -i new_rule=0 i=12300 idvar=0
while [[ $idvar -eq 0 ]]; do
if [[ -z "$(grep $i /etc/ipfilter/ipfw.conf.apple)" ]]; then
new_rule=$i
idvar=1
#break
fi
i=$[i-1]
done
declare -i i=$new_rule idvar=0
while [[ $idvar -eq 0 ]]; do
if [[ -z "$(grep $i /etc/ipfilter/ipfw.conf)" ]]; then
new_rule=$i
idvar=1
#break
fi
i=$[i-1]
done
if [ -n "$(ipfw list | grep 'dst-port 3389')" ]; then
echo "active firewall already contains rdp rule "
else
ipfw add $new_rule allow tcp from $source to any dst-port 3389
fi
if [ -n "$persist" ]; then
if [ -n "$(grep 'dst-port 3389' /etc/ipfilter/ipfw.conf)" ]; then
echo "RDP persistence already set"
else
echo "add $new_rule allow tcp from $source to any dst-port 3389" >> /etc/ipfilter/ipfw.conf
fi
fi