OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	03/18/2025 08:12:00 AM	rwxr-xr-x
📄 aa-load	38.75 KB	07/18/2024 06:28:46 PM	rwxr-xr-x
📄 aa-remove-unknown	3.15 KB	07/18/2024 06:28:46 PM	rwxr-xr-x
📄 aa-status	39.06 KB	07/18/2024 06:28:46 PM	rwxr-xr-x
📄 aa-teardown	137 bytes	04/12/2024 03:59:30 AM	rwxr-xr-x
📄 add-shell	1.03 KB	03/31/2024 08:47:33 AM	rwxr-xr-x
📄 agetty	59.56 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 apparmor_parser	1.55 MB	07/18/2024 06:28:46 PM	rwxr-xr-x
📄 apparmor_status	39.06 KB	07/18/2024 06:28:46 PM	rwxr-xr-x
📄 arpd	26.33 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 arptables	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 arptables-nft	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 arptables-nft-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 arptables-nft-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 arptables-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 arptables-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 badblocks	34.32 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 blkdeactivate	15.97 KB	11/27/2024 07:06:49 PM	rwxr-xr-x
📄 blkdiscard	22.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 blkid	54.41 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 blkzone	34.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 blockdev	34.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 bridge	108.49 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 capsh	57.09 KB	02/20/2025 03:49:57 PM	rwxr-xr-x
📄 cfdisk	94.73 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 chcpu	30.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 chgpasswd	58.32 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 chmem	34.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 chpasswd	54.43 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 chroot	38.51 KB	04/05/2024 02:36:57 PM	rwxr-xr-x
📄 cpgr	48.45 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 cppw	48.45 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 cryptdisks_start	1.51 KB	06/05/2024 01:46:49 PM	rwxr-xr-x
📄 cryptdisks_stop	844 bytes	06/05/2024 01:46:49 PM	rwxr-xr-x
📄 cryptsetup	225.9 KB	11/14/2024 03:44:47 AM	rwxr-xr-x
📄 ctrlaltdel	14.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 dcb	80.52 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 debugfs	225.87 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 depmod	170.24 KB	10/02/2024 12:40:49 PM	rwxr-xr-x
📄 devlink	150.86 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 dhcpcd	395.4 KB	05/07/2024 10:12:01 AM	rwxr-xr-x
📄 dmsetup	171.05 KB	11/27/2024 07:06:49 PM	rwxr-xr-x
📄 dmstats	171.05 KB	11/27/2024 07:06:49 PM	rwxr-xr-x
📄 dosfsck	78.38 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 dosfslabel	38.38 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 dumpe2fs	34.31 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2freefrag	18.3 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2fsck	364.34 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2image	42.31 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2label	110.56 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2mmpstatus	34.31 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2scrub	7.12 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2scrub_all	5.27 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e2undo	22.3 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e4crypt	30.38 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 e4defrag	34.3 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 ebtables	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ebtables-nft	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ebtables-nft-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ebtables-nft-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ebtables-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ebtables-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ebtables-translate	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ethtool	651.68 KB	04/08/2024 03:57:18 PM	rwxr-xr-x
📄 faillock	22.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 fatlabel	38.38 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 fdisk	114.42 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 filefrag	18.32 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 findfs	14.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 fsck	42.42 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 fsck.cramfs	30.44 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 fsck.ext2	364.34 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 fsck.ext3	364.34 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 fsck.ext4	364.34 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 fsck.fat	78.38 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 fsck.minix	54.41 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 fsck.msdos	78.38 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 fsck.vfat	78.38 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 fsfreeze	14.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 fstab-decode	14.3 KB	04/08/2024 04:20:36 PM	rwxr-xr-x
📄 fstrim	42.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 genl	120.58 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 getcap	14.3 KB	02/20/2025 03:49:57 PM	rwxr-xr-x
📄 getpcaps	14.3 KB	02/20/2025 03:49:57 PM	rwxr-xr-x
📄 getty	59.56 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 groupadd	71.13 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 groupdel	62.91 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 groupmems	58.34 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 groupmod	71.04 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 grpck	58.32 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 grpconv	50.16 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 grpunconv	50.16 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 halt	1.43 MB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 iconvconfig	34.47 KB	01/28/2025 05:07:37 PM	rwxr-xr-x
📄 init	98.45 KB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 insmod	170.24 KB	10/02/2024 12:40:49 PM	rwxr-xr-x
📄 installkernel	2.6 KB	03/31/2024 08:47:33 AM	rwxr-xr-x
📄 integritysetup	67.06 KB	11/14/2024 03:44:47 AM	rwxr-xr-x
📄 invoke-rc.d	16.13 KB	12/06/2023 07:46:52 AM	rwxr-xr-x
📄 ip	545.12 KB	01/26/2021 01:33:08 PM	rwxr-xr-x
📄 ip6tables	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-apply	6.89 KB	08/12/2023 10:33:39 PM	rwxr-xr-x
📄 ip6tables-legacy	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-legacy-restore	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-legacy-save	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-nft	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-nft-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-nft-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-restore-translate	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 ip6tables-translate	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-apply	6.89 KB	08/12/2023 10:33:39 PM	rwxr-xr-x
📄 iptables-legacy	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-legacy-restore	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-legacy-save	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-nft	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-nft-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-nft-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-restore	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-restore-translate	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-save	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 iptables-translate	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 isosize	14.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 killall5	26.23 KB	04/08/2024 04:20:36 PM	rwxr-xr-x
📄 ldattach	26.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 ldconfig	387 bytes	01/28/2025 05:07:37 PM	rwxr-xr-x
📄 ldconfig.real	1 MB	01/28/2025 05:07:37 PM	rwxr-xr-x
📄 logsave	14.16 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 losetup	74.52 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 lsmod	170.24 KB	10/02/2024 12:40:49 PM	rwxr-xr-x
📄 mkdosfs	50.83 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 mke2fs	130.62 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 mkfs	14.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 mkfs.bfs	22.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 mkfs.cramfs	34.32 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 mkfs.ext2	130.62 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 mkfs.ext3	130.62 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 mkfs.ext4	130.62 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 mkfs.fat	50.83 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 mkfs.minix	42.39 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 mkfs.msdos	50.83 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 mkfs.vfat	50.83 KB	03/31/2024 08:49:11 AM	rwxr-xr-x
📄 mkhomedir_helper	22.34 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 mklost+found	14.3 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 mkswap	50.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 modinfo	170.24 KB	10/02/2024 12:40:49 PM	rwxr-xr-x
📄 modprobe	170.24 KB	10/02/2024 12:40:49 PM	rwxr-xr-x
📄 netplan	802 bytes	10/14/2024 03:31:38 PM	rwxr-xr-x
📄 newusers	86.96 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 nfnl_osf	18.3 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 nologin	14.3 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 pam_extrausers_chkpwd	26.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 pam_extrausers_update	34.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 pam_namespace_helper	467 bytes	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 pam_timestamp_check	14.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 pivot_root	14.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 plymouthd	146.57 KB	02/25/2025 05:47:08 AM	rwxr-xr-x
📄 poweroff	1.43 MB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 pwck	54.29 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 pwconv	46.16 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 pwhistory_helper	22.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 pwunconv	46.16 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 readprofile	22.41 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 reboot	1.43 MB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 remove-shell	1.08 KB	03/31/2024 08:47:33 AM	rwxr-xr-x
📄 resize2fs	70.3 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 resolvconf	158.67 KB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 rfkill	30.23 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 rmmod	170.24 KB	10/02/2024 12:40:49 PM	rwxr-xr-x
📄 rmt	54.71 KB	04/08/2024 04:20:47 PM	rwxr-xr-x
📄 rmt-tar	54.71 KB	04/08/2024 04:20:47 PM	rwxr-xr-x
📄 rtacct	28.31 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 rtcwake	34.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 rtmon	116.52 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 runlevel	1.43 MB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 runuser	54.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 service	8.89 KB	12/06/2023 07:50:15 AM	rwxr-xr-x
📄 setcap	14.3 KB	02/20/2025 03:49:57 PM	rwxr-xr-x
📄 sfdisk	106.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 shadowconfig	2.22 KB	05/07/2024 01:44:18 PM	rwxr-xr-x
📄 shutdown	1.43 MB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 sshd	899.82 KB	02/11/2025 01:41:04 PM	rwxr-xr-x
📄 start-stop-daemon	47.49 KB	07/17/2024 09:09:50 AM	rwxr-xr-x
📄 sudo_logsrvd	248.5 KB	04/08/2024 02:50:39 PM	rwxr-xr-x
📄 sudo_sendlog	131.67 KB	04/08/2024 02:50:39 PM	rwxr-xr-x
📄 sulogin	42.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 swaplabel	18.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 swapoff	22.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 swapon	42.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 switch_root	22.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 sysctl	30.38 KB	09/26/2024 08:44:05 AM	rwxr-xr-x
📄 tarcat	936 bytes	01/01/2024 09:15:10 PM	rwxr-xr-x
📄 tc	630.08 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 telinit	1.43 MB	02/21/2025 09:18:31 PM	rwxr-xr-x
📄 tipc	90.52 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 tune2fs	110.56 KB	04/28/2024 11:44:46 PM	rwxr-xr-x
📄 ub-device-create	22.32 KB	09/26/2024 07:05:19 AM	rwxr-xr-x
📄 unix_chkpwd	30.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 unix_update	34.31 KB	05/02/2024 10:20:13 PM	rwxr-xr-x
📄 update-ca-certificates	5.32 KB	02/04/2024 09:41:43 AM	rwxr-xr-x
📄 update-passwd	34.56 KB	04/08/2024 03:54:09 PM	rwxr-xr-x
📄 update-shells	3.89 KB	03/31/2024 08:47:33 AM	rwxr-xr-x
📄 useradd	139.88 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 userdel	91.01 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 usermod	127.65 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 vdpa	34.56 KB	03/31/2024 09:00:13 AM	rwxr-xr-x
📄 veritysetup	43.94 KB	11/14/2024 03:44:47 AM	rwxr-xr-x
📄 vigr	60.69 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 vipw	60.69 KB	05/30/2024 02:52:35 PM	rwxr-xr-x
📄 visudo	248.71 KB	04/08/2024 02:50:39 PM	rwxr-xr-x
📄 wipefs	38.38 KB	12/05/2024 02:26:54 AM	rwxr-xr-x
📄 wpa_action	1.69 KB	12/25/2023 09:47:06 AM	rwxr-xr-x
📄 wpa_cli	140.31 KB	02/21/2025 09:03:52 PM	rwxr-xr-x
📄 wpa_supplicant	3.22 MB	02/21/2025 09:03:52 PM	rwxr-xr-x
📄 xtables-legacy-multi	92.95 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 xtables-monitor	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 xtables-nft-multi	219.16 KB	04/08/2024 03:59:59 PM	rwxr-xr-x
📄 zic	66.39 KB	01/28/2025 05:07:37 PM	rwxr-xr-x
📄 zramctl	54.52 KB	12/05/2024 02:26:54 AM	rwxr-xr-x

Editing: ip6tables-apply

#!/bin/bash
# iptables-apply -- a safer way to update iptables remotely
#
# Usage:
#   iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}
#
# Versions:
#   * 1.0 Copyright 2006 Martin F. Krafft <madduck@madduck.net>
#         Original version
#   * 1.1 Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>
#         Added parameter -c (run command)
#         Added parameter -w (save successfully applied rules to file)
#         Major code cleanup
#
# Released under the terms of the Artistic Licence 2.0
#
set -eu

PROGNAME="${0##*/}"
VERSION=1.1

### Default settings

DEF_TIMEOUT=10

MODE=0  # apply rulesfile mode
# MODE=1  # run command mode

case "$PROGNAME" in
	(*6*)
		SAVE=ip6tables-save
		RESTORE=ip6tables-restore
		DEF_RULESFILE="/etc/network/ip6tables.up.rules"
		DEF_SAVEFILE="$DEF_RULESFILE"
		DEF_RUNCMD="/etc/network/ip6tables.up.run"
		;;
	(*)
		SAVE=iptables-save
		RESTORE=iptables-restore
		DEF_RULESFILE="/etc/network/iptables.up.rules"
		DEF_SAVEFILE="$DEF_RULESFILE"
		DEF_RUNCMD="/etc/network/iptables.up.run"
		;;
esac

### Functions

function blurb() {
	cat <<-__EOF__
	$PROGNAME $VERSION -- a safer way to update iptables remotely
	__EOF__
}

function copyright() {
	cat <<-__EOF__
	$PROGNAME has been published under the terms of the Artistic Licence 2.0.

Original version - Copyright 2006 Martin F. Krafft <madduck@madduck.net>.
	Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or http://gw.tnode.com/>.
	__EOF__
}

function about() {
	blurb
	echo
	copyright
}

function usage() {
	blurb
	echo
	cat <<-__EOF__
	Usage:
	  $PROGNAME [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}

The script will try to apply a new rulesfile (as output by iptables-save,
	read by iptables-restore) or run a command to configure iptables and then
	prompt the user whether the changes are okay. If the new iptables rules cut
	the existing connection, the user will not be able to answer affirmatively.
	In this case, the script rolls back to the previous working iptables rules
	after the timeout expires.

Successfully applied rules can also be written to savefile and later used
	to roll back to this state. This can be used to implement a store last good
	configuration mechanism when experimenting with an iptables setup script:
	  $PROGNAME -w $DEF_SAVEFILE -c $DEF_RUNCMD

When called as ip6tables-apply, the script will use ip6tables-save/-restore
	and IPv6 default values instead. Default value for rulesfile is
	'$DEF_RULESFILE'.

Options:

-t seconds, --timeout seconds
	  Specify the timeout in seconds (default: $DEF_TIMEOUT).
	-w savefile, --write savefile
	  Specify the savefile where successfully applied rules will be written to
	  (default if empty string is given: $DEF_SAVEFILE).
	-c runcmd, --command runcmd
	  Run command runcmd to configure iptables instead of applying a rulesfile
	  (default: $DEF_RUNCMD).
	-h, --help
	  Display this help text.
	-V, --version
	  Display version information.

__EOF__
}

function checkcommands() {
	for cmd in "${COMMANDS[@]}"; do
		if ! command -v "$cmd" >/dev/null; then
			echo "Error: needed command not found: $cmd" >&2
			exit 127
		fi
	done
}

function revertrules() {
	echo -n "Reverting to old iptables rules... "
	"$RESTORE" <"$TMPFILE"
	echo "done."
}

### Parsing and checking parameters

TIMEOUT="$DEF_TIMEOUT"
SAVEFILE=""

SHORTOPTS="t:w:chV";
LONGOPTS="timeout:,write:,command,help,version";

OPTS=$(getopt -s bash -o "$SHORTOPTS" -l "$LONGOPTS" -n "$PROGNAME" -- "$@") || exit $?
for opt in $OPTS; do
	case "$opt" in
		(-*)
			unset OPT_STATE
			;;
		(*)
			case "${OPT_STATE:-}" in
				(SET_TIMEOUT) eval TIMEOUT="$opt";;
				(SET_SAVEFILE)
					eval SAVEFILE="$opt"
					[ -z "$SAVEFILE" ] && SAVEFILE="$DEF_SAVEFILE"
					;;
			esac
			;;
	esac

# Validate parameters
if [ "$TIMEOUT" -ge 0 ] 2>/dev/null; then
	TIMEOUT=$((TIMEOUT))
else
	echo "Error: timeout must be a positive number" >&2
	exit 1
fi

if [ -n "$SAVEFILE" ] && [ -e "$SAVEFILE" ] && [ ! -w "$SAVEFILE" ]; then
	echo "Error: savefile not writable: $SAVEFILE" >&2
	exit 8
fi

case "$MODE" in
	(1)
		# Treat parameter as runcmd (run command mode)
		RUNCMD="${1:-$DEF_RUNCMD}"
		if [ ! -x "$RUNCMD" ]; then
			echo "Error: runcmd not executable: $RUNCMD" >&2
			exit 6
		fi

# Needed commands
		COMMANDS=(mktemp "$SAVE" "$RESTORE" "$RUNCMD")
		checkcommands
		;;
	(*)
		# Treat parameter as rulesfile (apply rulesfile mode)
		RULESFILE="${1:-$DEF_RULESFILE}";
		if [ ! -r "$RULESFILE" ]; then
			echo "Error: rulesfile not readable: $RULESFILE" >&2
			exit 2
		fi

# Needed commands
		COMMANDS=(mktemp "$SAVE" "$RESTORE")
		checkcommands
		;;
esac

### Begin work

# Store old iptables rules to temporary file
TMPFILE=$(mktemp "/tmp/$PROGNAME-XXXXXXXX")
trap 'rm -f $TMPFILE' EXIT HUP INT QUIT ILL TRAP ABRT BUS \
		      FPE USR1 SEGV USR2 PIPE ALRM TERM

if ! "$SAVE" >"$TMPFILE"; then
	# An error occured
	if ! grep -q ipt /proc/modules 2>/dev/null; then
		echo "Error: iptables support lacking from the kernel" >&2
		exit 3
	else
		echo "Error: unknown error saving old iptables rules: $TMPFILE" >&2
		exit 4
	fi
fi

# Legacy to stop the fail2ban daemon if present
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban stop

# Configure iptables
case "$MODE" in
	(1)
		# Run command in background and kill it if it times out
		echo -n "Running command '$RUNCMD'... "
		"$RUNCMD" &
		CMD_PID=$!
		( sleep "$TIMEOUT"; kill "$CMD_PID" 2>/dev/null; exit 0 ) &
		if ! wait "$CMD_PID"; then
			echo "failed."
			echo "Error: unknown error running command: $RUNCMD" >&2
			revertrules
			exit 7
		else
			echo "done."
		fi
		;;
	(*)
		# Apply iptables rulesfile
		echo -n "Applying new iptables rules from '$RULESFILE'... "
		if ! "$RESTORE" <"$RULESFILE"; then
			echo "failed."
			echo "Error: unknown error applying new iptables rules: $RULESFILE" >&2
			revertrules
			exit 5
		else
			echo "done."
		fi
		;;
esac

# Prompt user for confirmation
echo -n "Can you establish NEW connections to the machine? (y/N) "

read -r -n1 -t "$TIMEOUT" ret 2>&1 || :
case "${ret:-}" in
	(y*|Y*)
		# Success
		echo

if [ -n "$SAVEFILE" ]; then
			# Write successfully applied rules to the savefile
			echo "Writing successfully applied rules to '$SAVEFILE'..."
			if ! "$SAVE" >"$SAVEFILE"; then
				echo "Error: unknown error writing successfully applied rules: $SAVEFILE" >&2
				exit 9
			fi
		fi

echo "... then my job is done. See you next time."
		;;
	(*)
		# Failed
		echo
		if [ -z "${ret:-}" ]; then
			echo "Timeout! Something happened (or did not). Better play it safe..."
		else
			echo "No affirmative response! Better play it safe..."
		fi
		revertrules
		exit 255
		;;
esac

# Legacy to start the fail2ban daemon again
[ -x /etc/init.d/fail2ban ] && /etc/init.d/fail2ban start

exit 0

# vim:noet:sw=8