You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
49 lines
1.0 KiB
49 lines
1.0 KiB
#!/bin/sh
|
|
# Author: Christoph Galuschka <christoph.galuschka@chello.at>
|
|
# Athmane Madjoudj <athmanem@gmail.com>
|
|
|
|
t_Log "Running $0 - iptables functional check - deny ping on loopback"
|
|
|
|
if [ "$centos_ver" -ge 7 ];then
|
|
t_Log "CentOS $centos_ver uses firewalld and not iptables -> SKIP"
|
|
t_CheckExitStatus 0
|
|
exit 0
|
|
fi
|
|
|
|
|
|
ACL='INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -p icmp -m icmp -j REJECT'
|
|
COUNT='4'
|
|
DEADTIME='1'
|
|
|
|
# ensure we have the default iptables-setting
|
|
#/etc/init.d/iptables restart > /dev/null
|
|
service iptables restart
|
|
|
|
# Verify it worked previously
|
|
ping -q -c $COUNT -i 0.25 127.0.0.1 |grep -qc "${COUNT} received"
|
|
|
|
if [ $? == 1 ]
|
|
then
|
|
t_Log "ping to loopback failed prior to test, this should not happen"
|
|
t_CheckExitStatus 1
|
|
fi
|
|
|
|
# Applying ACL
|
|
iptables -I ${ACL}
|
|
|
|
ping -q -c $COUNT -i 0.25 -w $DEADTIME 127.0.0.1 > /dev/null 2>&1
|
|
if [ $? == 1 ]
|
|
then
|
|
t_Log "iptables REJECT works fine"
|
|
ret_val=0
|
|
else
|
|
ret_val=1
|
|
fi
|
|
|
|
# cleanup
|
|
service iptables restart
|
|
#/etc/init.d/iptables restart > /dev/null
|
|
|
|
t_CheckExitStatus $ret_val
|
|
|