IUT/vdn/networks.bak/secure-buster/scripts/testFirewall

#!/usr/bin/env bash 

set -eu

DESC="Test de la configuration de base du TP DMZ."

SYSTEMS="bigboss lambda nomade societe tiny web"

config() {
	IP_SOCIETE_PUBLIC=$($VDN_PATH/bin/vdn-infos societe PUBLIC_IP)
	vdn-ssh -t root@societe "
# net.ipv4.ip_forward=1
sed -i -re 's/#(net.ipv4.ip_forward=1)/\1/g' /etc/sysctl.conf
sysctl -p

cat << EOF > vide.sh
#!/bin/sh
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -F POSTROUTING -t nat
iptables -F PREROUTING -t nat
EOF

chmod 755 vide.sh

cat << EOF > local-1.sh
#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
EOF

chmod 755 local-1.sh

cat << EOF > fermeDehors.sh
#!/bin/sh

iptables -A INPUT -p tcp --dport 22 -j ACCEPT     # ssh 
iptables -A INPUT -p tcp --dport 53 -j ACCEPT     # DNS
iptables -A INPUT -p tcp --dport 25 -j ACCEPT     # Mail   
iptables -A INPUT -p tcp --dport 993 -j ACCEPT    # Imap sur ssl
  
iptables -A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT
  
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED -j ACCEPT
  
iptables -A INPUT -i eth0 -j REJECT
EOF

chmod 755 fermeDehors.sh

cat << EOF > forward.sh
iptables -t nat -A PREROUTING -p tcp -d $IP_SOCIETE_PUBLIC  --dport 80 -j DNAT --to 192.168.1.2
EOF

chmod 755 forward.sh

cat << EOF > local.sh
#!/bin/sh

echo "1" > /proc/sys/net/ipv4/ip_forward

iptables -s 192.168.30.0/24 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 

iptables -s 192.168.1.2 -p tcp --dport 80 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -s 192.168.1.2 -p tcp --dport 53 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -s 192.168.1.2 -p tcp --dport 25 -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
EOF

chmod 755 local.sh

cat << EOF > fw-on.sh
#!/bin/sh

/root/vide.sh
/root/fermeDehors.sh
/root/local.sh
/root/forward.sh
if [ -x /root/dns.sh ]; then
	/root/dns.sh
fi 
EOF

chmod 755 fw-on.sh

/root/fw-on.sh
"
}


run() {
	setErrorHandler
	echoStart

	requireSshGuests $SYSTEMS

	config

	sleep 1

	parallelDisablePause
	vdn-scripts diagFirewall

	unsetErrorHandler
	echoDone
}