/usr/sbin/fwlw_respond is in fwlogwatch 1.4-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 | #!/bin/sh
# Copyright (C) 2000-2013 Boris Wesslowski
# $Id: fwlw_respond 731 2013-05-17 14:15:23Z bw $
# fwlogwatch realtime response script
# Set the $MODE variable to activate realtime modification of
# ipchains or netfilter packet filters.
# You may want to add custom commands at the commented spots to modify
# tcp wrappers or ipfilter rules or even remote control access lists
# on cisco routers...
# $TARGET contains the name of the chain that will be used for rules
# generated by this script.
# See fwlw_notify for the contents of the variables passed by fwlogwatch
#MODE=iptables
IPCHAINS=/sbin/ipchains
IPTABLES=/sbin/iptables
TARGET=fwlw
RETVAL=0
case "$1" in
##############################################################################
start)
case "$MODE" in
ipchains)
if $IPCHAINS -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPCHAINS -F $TARGET
else
$IPCHAINS -N $TARGET
$IPCHAINS -I input -j $TARGET
fi
;;
iptables)
if $IPTABLES -t filter -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPTABLES -F $TARGET
else
$IPTABLES -N $TARGET
$IPTABLES -I INPUT -j $TARGET
$IPTABLES -I FORWARD -j $TARGET
fi
;;
# Insert setup for custom response here
*)
RETVAL=1
;;
esac
;;
##############################################################################
add)
if [ -z "$3" ]
then
exit 1
fi
case "$MODE" in
ipchains)
if $IPCHAINS -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPCHAINS -A $TARGET -s $3 -j DENY
else
$IPCHAINS -N $TARGET
$IPCHAINS -I input -j $TARGET
$IPCHAINS -A $TARGET -s $3 -j DENY
fi
;;
iptables)
if $IPTABLES -t filter -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPTABLES -A $TARGET -s $3 -j DROP
else
$IPTABLES -N $TARGET
$IPTABLES -I INPUT -j $TARGET
$IPTABLES -I FORWARD -j $TARGET
$IPTABLES -A $TARGET -s $3 -j DROP
fi
;;
# Insert custom response action here
*)
RETVAL=1
;;
esac
;;
##############################################################################
remove)
if [ -z "$3" ]
then
exit 1
fi
case "$MODE" in
ipchains)
if $IPCHAINS -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPCHAINS -D $TARGET -s $3 -j DENY
else
RETVAL=1
fi
;;
iptables)
if $IPTABLES -t filter -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPTABLES -D $TARGET -s $3 -j DROP
else
RETVAL=1
fi
;;
# Insert custom response action stop here
*)
RETVAL=1
;;
esac
;;
##############################################################################
stop)
case "$MODE" in
ipchains)
if $IPCHAINS -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPCHAINS -F $TARGET
$IPCHAINS -D input -j $TARGET
$IPCHAINS -X $TARGET
fi
;;
iptables)
if $IPTABLES -t filter -n -L $TARGET 2>/dev/null | /bin/grep "Chain $TARGET " >/dev/null
then
$IPTABLES -F $TARGET
$IPTABLES -D INPUT -j $TARGET
$IPTABLES -D FORWARD -j $TARGET
$IPTABLES -X $TARGET
fi
;;
# Insert cleanup for custom response here
*)
RETVAL=1
;;
esac
;;
##############################################################################
*)
echo "Usage: $0 {start|add|remove|stop} [count src_ip dst_ip protocol src_port dst_port]"
;;
##############################################################################
esac
exit $RETVAL
# EOF
|