-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdisable-nat.sh
More file actions
executable file
·111 lines (104 loc) · 2.47 KB
/
disable-nat.sh
File metadata and controls
executable file
·111 lines (104 loc) · 2.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/bin/bash
#
# This deletes a NAT masquerade for a static VM
# or bans a dynamic VM from the Internet
#
# See also enable-nat.sh
#
# gnd @ gnd.sk, 2017 - 2019
#
####################################################################
usage() {
printf "\n"
printf "Usage: \n"
printf "$0 <iface IFACE |name NAME |ip IP |def> \n\n"
}
# Check if LIMA_ROOT set
if [ -z $LIMA_ROOT ]; then
echo "Cant find LIMA. Please check if the install finished correctly."
echo "Exiting. Reason: LIMA_ROOT not set."
exit
fi
# Define globals
source $LIMA_ROOT/vms/settings
### VM specified
case "$1" in
'iface')
IFACE=$2
LINS=`cat $VM_LIST | awk {'print $1;'}|grep $IFACE|wc -l`
if [[ $LINS -lt 1 ]]; then
echo "No such interface $IFACE found"
exit
fi
if [[ $LINS -gt 1 ]]; then
echo "More interfaces found, please be specific:"
cat $VM_LIST | awk {'print $1;'}|grep $IFACE
exit
fi
IFACE=`cat $VM_LIST | awk {'print $1;'}|grep $IFACE`
;;
'name')
VM_NAME=$2
LINS=`cat $VM_LIST | awk {'print $2;'}|grep "^$VM_NAME$"|wc -l`
if [[ $LINS -lt 1 ]]; then
printf "\n$0: No such name $VM_NAME found\n\n"
exit
fi
if [[ $LINS -gt 1 ]]; then
printf "\n$0: More names like '$VM_NAME' found, please be specific:\n"
cat $VM_LIST | awk {'print $2;'}|grep "^$VM_NAME$"
printf "\n"
exit
fi
IFACE=`cat $VM_LIST | awk {'print $1" "$2;'}|grep " $VM_NAME$"|awk {'print $1;'}`
;;
'ip')
IP=$2
LINS=`cat $VM_LIST | awk {'print $3;'}|grep $IP|wc -l`
if [[ $LINS -lt 1 ]]; then
echo "No such ip $IP found"
exit
fi
if [[ $LINS -gt 1 ]]; then
echo "More ips found, please be specific:"
cat $VM_LIST | awk {'print $3;'}|grep $IP
exit
fi
IFACE=`cat $VM_LIST | awk {'print $1" "$3;'}|grep $IP|awk {'print $1;'}`
;;
'def')
IFACE='sta-def'
;;
*)
usage
exit
;;
esac
### Disable traffic from given IFACE
TYPE=`echo $IFACE|sed 's/-.*//g'`
# Dynamic
if [[ "$TYPE" == "dyn" ]]; then
LINS=`cat $VM_DIR/dynamic.banned|grep $IFACE|wc -l`
if [[ $LINS -lt 1 ]]; then
echo "Banning dynamic interface $IFACE"
echo $IFACE >> $VM_DIR/dynamic.banned
$EBFW
exit
else
echo "Dynamic interface $IFACE already banned"
exit
fi
fi
# Static
if [[ "$TYPE" == "sta" ]]; then
LINS=`cat $VM_DIR/static.allowed|grep $IFACE|wc -l`
if [[ $LINS -lt 1 ]]; then
echo "Static interfaces are banned by default."
exit
else
echo "Disabling static interface $IFACE"
sed -i "/$IFACE/d" $VM_DIR/static.allowed
$EBFW
exit
fi
fi