OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	04/29/2025 04:07:52 PM	rwxr-xr-x
📄 aa-remove-unknown	3 KB	03/06/2024 06:40:00 PM	rwxr-xr-x
📄 aa-status	8.63 KB	03/06/2024 06:40:00 PM	rwxr-xr-x
📄 aa-teardown	139 bytes	06/17/2019 11:55:38 PM	rwxr-xr-x
📄 add-shell	860 bytes	12/07/2019 02:13:44 AM	rwxr-xr-x
📄 addgroup	36.9 KB	04/16/2020 02:12:53 PM	rwxr-xr-x
📄 adduser	36.9 KB	04/16/2020 02:12:53 PM	rwxr-xr-x
📄 agetty	67.38 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 apparmor_parser	1.46 MB	03/06/2024 06:40:00 PM	rwxr-xr-x
📄 apparmor_status	8.63 KB	03/06/2024 06:40:00 PM	rwxr-xr-x
📄 arpd	78.27 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 arptables	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 arptables-nft	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 arptables-nft-restore	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 arptables-nft-save	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 arptables-restore	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 arptables-save	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 badblocks	34.32 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 blkdeactivate	14.49 KB	02/13/2020 09:21:51 PM	rwxr-xr-x
📄 blkdiscard	34.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 blkid	118.26 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 blkzone	70.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 blockdev	66.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 bridge	102.3 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 capsh	30.3 KB	02/20/2025 04:01:08 PM	rwxr-xr-x
📄 cfdisk	102.59 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 chcpu	46.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 chgpasswd	66.2 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 chmem	62.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 chpasswd	58.2 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 chroot	42.34 KB	09/05/2019 10:38:40 AM	rwxr-xr-x
📄 cpgr	60.34 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 cppw	60.34 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 cryptdisks_start	1.51 KB	02/04/2020 01:11:12 PM	rwxr-xr-x
📄 cryptdisks_stop	844 bytes	02/04/2020 01:11:12 PM	rwxr-xr-x
📄 cryptsetup	135.54 KB	01/29/2025 06:37:57 PM	rwxr-xr-x
📄 cryptsetup-reencrypt	105.32 KB	01/29/2025 06:37:57 PM	rwxr-xr-x
📄 ctrlaltdel	38.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 debugfs	225.8 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 delgroup	16.11 KB	04/16/2020 02:12:53 PM	rwxr-xr-x
📄 deluser	16.11 KB	04/16/2020 02:12:53 PM	rwxr-xr-x
📄 depmod	146.18 KB	07/28/2020 02:46:39 PM	rwxr-xr-x
📄 devlink	150.47 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 dhclient	508.98 KB	01/31/2023 10:10:35 PM	rwxr-xr-x
📄 dhclient-script	15.92 KB	01/31/2023 10:10:35 PM	rwxr-xr-x
📄 dmsetup	171.02 KB	02/13/2020 09:21:51 PM	rwxr-xr-x
📄 dmstats	171.02 KB	02/13/2020 09:21:51 PM	rwxr-xr-x
📄 dosfsck	58.08 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 dosfslabel	54.08 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 dumpe2fs	30.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2freefrag	18.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2fsck	327.21 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2image	42.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2label	106.55 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2mmpstatus	30.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2scrub	7.13 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2scrub_all	5.27 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e2undo	22.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e4crypt	30.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 e4defrag	34.3 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 ebtables	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ebtables-nft	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ebtables-nft-restore	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ebtables-nft-save	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ebtables-restore	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ebtables-save	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 faillock	14.15 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 fatlabel	54.08 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 fdformat	34.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 fdisk	150.27 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 filefrag	18.33 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 findfs	14.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 fsck	54.27 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 fsck.cramfs	38.26 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 fsck.ext2	327.21 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 fsck.ext3	327.21 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 fsck.ext4	327.21 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 fsck.fat	58.08 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 fsck.minix	122.25 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 fsck.msdos	58.08 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 fsck.vfat	58.08 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 fsfreeze	14.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 fstab-decode	14.3 KB	02/13/2020 06:38:21 PM	rwxr-xr-x
📄 fstrim	70.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 genl	82.29 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 getcap	14.3 KB	02/20/2025 04:01:08 PM	rwxr-xr-x
📄 getpcaps	14.3 KB	02/20/2025 04:01:08 PM	rwxr-xr-x
📄 getty	67.38 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 groupadd	90.95 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 groupdel	86.77 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 groupmems	62.24 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 groupmod	94.86 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 grpck	62.18 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 grpconv	58.05 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 grpunconv	58.05 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 halt	178.08 KB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 hwclock	102.35 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 iconvconfig	30.4 KB	01/29/2025 02:41:47 PM	rwxr-xr-x
📄 init	1.54 MB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 insmod	146.18 KB	07/28/2020 02:46:39 PM	rwxr-xr-x
📄 installkernel	2.58 KB	12/07/2019 02:13:44 AM	rwxr-xr-x
📄 integritysetup	60.23 KB	01/29/2025 06:37:57 PM	rwxr-xr-x
📄 invoke-rc.d	16.64 KB	06/21/2019 06:56:55 PM	rwxr-xr-x
📄 ip	545.12 KB	01/26/2021 01:33:08 PM	rwxr-xr-x
📄 ip6tables	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-apply	6.89 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-legacy	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-legacy-restore	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-legacy-save	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-nft	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-nft-restore	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-nft-save	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-restore	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-restore-translate	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-save	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 ip6tables-translate	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-apply	6.89 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-legacy	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-legacy-restore	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-legacy-save	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-nft	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-nft-restore	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-nft-save	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-restore	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-restore-translate	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-save	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 iptables-translate	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 isosize	30.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 killall5	26.38 KB	02/13/2020 06:38:21 PM	rwxr-xr-x
📄 ldattach	34.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 ldconfig	387 bytes	01/29/2025 02:41:47 PM	rwxr-xr-x
📄 ldconfig.real	1 MB	01/29/2025 02:41:47 PM	rwxr-xr-x
📄 logsave	14.16 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 losetup	110.34 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 lsmod	146.18 KB	07/28/2020 02:46:39 PM	rwxr-xr-x
📄 luksformat	3.32 KB	02/04/2020 01:11:12 PM	rwxr-xr-x
📄 mkdosfs	34.5 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 mke2fs	134.62 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 mkfs	14.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 mkfs.bfs	34.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 mkfs.cramfs	42.16 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 mkfs.ext2	134.62 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 mkfs.ext3	134.62 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 mkfs.ext4	134.62 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 mkfs.fat	34.5 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 mkfs.minix	106.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 mkfs.msdos	34.5 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 mkfs.vfat	34.5 KB	05/12/2018 10:59:39 PM	rwxr-xr-x
📄 mkhomedir_helper	22.17 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 mklost+found	14.3 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 mkswap	106.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 modinfo	146.18 KB	07/28/2020 02:46:39 PM	rwxr-xr-x
📄 modprobe	146.18 KB	07/28/2020 02:46:39 PM	rwxr-xr-x
📄 netplan	798 bytes	06/28/2024 04:59:34 PM	rwxr-xr-x
📄 newusers	98.8 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 nfnl_osf	18.3 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 nologin	14.3 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 pam-auth-update	19.86 KB	09/17/2021 06:05:34 AM	rwxr-xr-x
📄 pam_extrausers_chkpwd	42.16 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 pam_extrausers_update	42.16 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 pam_getenv	2.82 KB	08/12/2020 12:15:04 AM	rwxr-xr-x
📄 pam_tally	14.16 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 pam_tally2	18.16 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 pam_timestamp_check	14.15 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 pivot_root	14.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 poweroff	178.08 KB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 pwck	58.17 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 pwconv	54.05 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 pwunconv	54.05 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 raw	14.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 readprofile	22.26 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 reboot	178.08 KB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 remove-shell	904 bytes	12/07/2019 02:13:44 AM	rwxr-xr-x
📄 resize2fs	66.38 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 rfkill	50.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 rmmod	146.18 KB	07/28/2020 02:46:39 PM	rwxr-xr-x
📄 rmt	58.55 KB	12/05/2023 05:16:50 AM	rwxr-xr-x
📄 rmt-tar	58.55 KB	12/05/2023 05:16:50 AM	rwxr-xr-x
📄 rtacct	48.29 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 rtcwake	46.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 rtmon	78.24 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 runlevel	178.08 KB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 runuser	66.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 service	9.04 KB	06/21/2019 06:56:55 PM	rwxr-xr-x
📄 setcap	14.3 KB	02/20/2025 04:01:08 PM	rwxr-xr-x
📄 sfdisk	138.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 shadowconfig	885 bytes	07/14/2021 10:08:18 PM	rwxr-xr-x
📄 shutdown	178.08 KB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 sshd	863.79 KB	04/11/2025 12:16:08 PM	rwxr-xr-x
📄 start-stop-daemon	47.32 KB	05/25/2022 11:14:20 AM	rwxr-xr-x
📄 sulogin	50.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 swaplabel	18.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 swapoff	22.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 swapon	50.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 switch_root	14.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 sysctl	30.23 KB	10/31/2023 11:35:56 AM	rwxr-xr-x
📄 tarcat	936 bytes	12/05/2023 05:16:50 AM	rwxr-xr-x
📄 tc	529.45 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 telinit	178.08 KB	03/02/2023 12:58:02 PM	rwxr-xr-x
📄 tipc	126.23 KB	02/13/2020 05:21:59 PM	rwxr-xr-x
📄 tune2fs	106.55 KB	10/09/2023 01:56:01 AM	rwxr-xr-x
📄 tzconfig	106 bytes	03/26/2025 05:32:00 PM	rwxr-xr-x
📄 unix_chkpwd	42.15 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 unix_update	42.15 KB	01/10/2024 01:55:08 PM	rwxr-xr-x
📄 update-ca-certificates	5.29 KB	09/24/2024 05:46:09 PM	rwxr-xr-x
📄 update-mime	9.18 KB	10/18/2019 11:05:50 PM	rwxr-xr-x
📄 update-passwd	34.56 KB	12/16/2019 11:51:51 PM	rwxr-xr-x
📄 update-rc.d	16.76 KB	06/21/2019 06:56:55 PM	rwxr-xr-x
📄 useradd	143.71 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 userdel	98.89 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 usermod	139.49 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 veritysetup	51.82 KB	01/29/2025 06:37:57 PM	rwxr-xr-x
📄 vigr	68.55 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 vipw	68.55 KB	02/06/2024 12:49:54 PM	rwxr-xr-x
📄 visudo	218.2 KB	04/04/2023 11:56:28 AM	rwxr-xr-x
📄 wipefs	46.23 KB	04/09/2024 03:34:13 PM	rwxr-xr-x
📄 wpa_action	1.69 KB	08/13/2019 11:12:36 PM	rwxr-xr-x
📄 wpa_cli	152.22 KB	02/24/2025 08:14:55 PM	rwxr-xr-x
📄 wpa_supplicant	2.77 MB	02/24/2025 08:14:55 PM	rwxr-xr-x
📄 xtables-legacy-multi	96.97 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 xtables-monitor	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 xtables-nft-multi	215.32 KB	05/09/2023 06:39:57 PM	rwxr-xr-x
📄 zic	62.29 KB	01/29/2025 02:41:47 PM	rwxr-xr-x
📄 zramctl	114.34 KB	04/09/2024 03:34:13 PM	rwxr-xr-x

Editing: ip6tables-apply

#!/bin/bash
# iptables-apply -- a safer way to update iptables remotely
#
# Usage:
#   iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}
#
# Versions:
#   * 1.0 Copyright 2006 Martin F. Krafft <madduck@madduck.net>
#         Original version
#   * 1.1 Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>
#         Added parameter -c (run command)
#         Added parameter -w (save successfully applied rules to file)
#         Major code cleanup
#
# Released under the terms of the Artistic Licence 2.0
#
set -eu

PROGNAME="${0##*/}"
VERSION=1.1

### Default settings

DEF_TIMEOUT=10

MODE=0  # apply rulesfile mode
# MODE=1  # run command mode

case "$PROGNAME" in
	(*6*)
		SAVE=ip6tables-save
		RESTORE=ip6tables-restore
		DEF_RULESFILE="/etc/network/ip6tables.up.rules"
		DEF_SAVEFILE="$DEF_RULESFILE"
		DEF_RUNCMD="/etc/network/ip6tables.up.run"
		;;
	(*)
		SAVE=iptables-save
		RESTORE=iptables-restore
		DEF_RULESFILE="/etc/network/iptables.up.rules"
		DEF_SAVEFILE="$DEF_RULESFILE"
		DEF_RUNCMD="/etc/network/iptables.up.run"
		;;
esac

### Functions

function blurb() {
	cat <<-__EOF__
	$PROGNAME $VERSION -- a safer way to update iptables remotely
	__EOF__
}

function copyright() {
	cat <<-__EOF__
	$PROGNAME has been published under the terms of the Artistic Licence 2.0.

Original version - Copyright 2006 Martin F. Krafft <madduck@madduck.net>.
	Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>.
	__EOF__
}

function about() {
	blurb
	echo
	copyright
}

function usage() {
	blurb
	echo
	cat <<-__EOF__
	Usage:
	  $PROGNAME [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}

The script will try to apply a new rulesfile (as output by iptables-save,
	read by iptables-restore) or run a command to configure iptables and then
	prompt the user whether the changes are okay. If the new iptables rules cut
	the existing connection, the user will not be able to answer affirmatively.
	In this case, the script rolls back to the previous working iptables rules
	after the timeout expires.

Successfully applied rules can also be written to savefile and later used
	to roll back to this state. This can be used to implement a store last good
	configuration mechanism when experimenting with an iptables setup script:
	  $PROGNAME -w $DEF_SAVEFILE -c $DEF_RUNCMD

When called as ip6tables-apply, the script will use ip6tables-save/-restore
	and IPv6 default values instead. Default value for rulesfile is
	'$DEF_RULESFILE'.

Options:

-t seconds, --timeout seconds
	  Specify the timeout in seconds (default: $DEF_TIMEOUT).
	-w savefile, --write savefile
	  Specify the savefile where successfully applied rules will be written to
	  (default if empty string is given: $DEF_SAVEFILE).
	-c runcmd, --command runcmd
	  Run command runcmd to configure iptables instead of applying a rulesfile
	  (default: $DEF_RUNCMD).
	-h, --help
	  Display this help text.
	-V, --version
	  Display version information.

__EOF__
}

function checkcommands() {
	for cmd in "${COMMANDS[@]}"; do
		if ! command -v "$cmd" >/dev/null; then
			echo "Error: needed command not found: $cmd" >&2
			exit 127
		fi
	done
}

function revertrules() {
	echo -n "Reverting to old iptables rules... "
	"$RESTORE" <"$TMPFILE"
	echo "done."
}

### Parsing and checking parameters

TIMEOUT="$DEF_TIMEOUT"
SAVEFILE=""

SHORTOPTS="t:w:chV";
LONGOPTS="timeout:,write:,command,help,version";

OPTS=$(getopt -s bash -o "$SHORTOPTS" -l "$LONGOPTS" -n "$PROGNAME" -- "$@") || exit $?
for opt in $OPTS; do
	case "$opt" in
		(-*)
			unset OPT_STATE
			;;
		(*)
			case "${OPT_STATE:-}" in
				(SET_TIMEOUT) eval TIMEOUT=$opt;;
				(SET_SAVEFILE)
					eval SAVEFILE=$opt
					[ -z "$SAVEFILE" ] && SAVEFILE="$DEF_SAVEFILE"
					;;
			esac
			;;
	esac

# Validate parameters
if [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then
	TIMEOUT=$(($TIMEOUT))
else
	echo "Error: timeout must be a positive number" >&2
	exit 1
fi

if [ -n "$SAVEFILE" -a -e "$SAVEFILE" -a ! -w "$SAVEFILE" ]; then
	echo "Error: savefile not writable: $SAVEFILE" >&2
	exit 8
fi

case "$MODE" in
	(1)
		# Treat parameter as runcmd (run command mode)
		RUNCMD="${1:-$DEF_RUNCMD}"
		if [ ! -x "$RUNCMD" ]; then
			echo "Error: runcmd not executable: $RUNCMD" >&2
			exit 6
		fi

# Needed commands
		COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD")
		checkcommands
		;;
	(*)
		# Treat parameter as rulesfile (apply rulesfile mode)
		RULESFILE="${1:-$DEF_RULESFILE}";
		if [ ! -r "$RULESFILE" ]; then
			echo "Error: rulesfile not readable: $RULESFILE" >&2
			exit 2
		fi

# Needed commands
		COMMANDS=(mktemp "$SAVE" "$RESTORE")
		checkcommands
		;;
esac

### Begin work

# Store old iptables rules to temporary file
TMPFILE=`mktemp /tmp/$PROGNAME-XXXXXXXX`
trap "rm -f $TMPFILE" EXIT HUP INT QUIT ILL TRAP ABRT BUS \
		      FPE USR1 SEGV USR2 PIPE ALRM TERM

if ! "$SAVE" >"$TMPFILE"; then
	# An error occured
	if ! grep -q ipt /proc/modules 2>/dev/null; then
		echo "Error: iptables support lacking from the kernel" >&2
		exit 3
	else
		echo "Error: unknown error saving old iptables rules: $TMPFILE" >&2
		exit 4
	fi
fi

# Legacy to stop the fail2ban daemon if present
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban stop

# Configure iptables
case "$MODE" in
	(1)
		# Run command in background and kill it if it times out
		echo -n "Running command '$RUNCMD'... "
		"$RUNCMD" &
		CMD_PID=$!
		( sleep "$TIMEOUT"; kill "$CMD_PID" 2>/dev/null; exit 0 ) &
		CMDTIMEOUT_PID=$!
		if ! wait "$CMD_PID"; then
			echo "failed."
			echo "Error: unknown error running command: $RUNCMD" >&2
			revertrules
			exit 7
		else
			echo "done."
		fi
		;;
	(*)
		# Apply iptables rulesfile
		echo -n "Applying new iptables rules from '$RULESFILE'... "
		if ! "$RESTORE" <"$RULESFILE"; then
			echo "failed."
			echo "Error: unknown error applying new iptables rules: $RULESFILE" >&2
			revertrules
			exit 5
		else
			echo "done."
		fi
		;;
esac

# Prompt user for confirmation
echo -n "Can you establish NEW connections to the machine? (y/N) "

read -n1 -t "$TIMEOUT" ret 2>&1 || :
case "${ret:-}" in
	(y*|Y*)
		# Success
		echo

if [ ! -z "$SAVEFILE" ]; then
			# Write successfully applied rules to the savefile
			echo "Writing successfully applied rules to '$SAVEFILE'..."
			if ! "$SAVE" >"$SAVEFILE"; then
				echo "Error: unknown error writing successfully applied rules: $SAVEFILE" >&2
				exit 9
			fi
		fi

echo "... then my job is done. See you next time."
		;;
	(*)
		# Failed
		echo
		if [ -z "${ret:-}" ]; then
			echo "Timeout! Something happened (or did not). Better play it safe..."
		else
			echo "No affirmative response! Better play it safe..."
		fi
		revertrules
		exit 255
		;;
esac

# Legacy to start the fail2ban daemon again
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban start

exit 0

# vim:noet:sw=8