/* mfwall2 Copyright (C) <2014-2015> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see mfwall2.c iptables front-end by mah00 www.mahoosoft.com linux: gcc -o mfwall2 mfwall2.c sudo ./mfwall2 */ #include #include #include enum { ftp1, ftp2, ftp3, ftp4, ssh1, ssh2, ssh3, ssh4, smtp1, smtp2, smtp3, smtp4, domain1, domain2, domain3, domain4, www1, www2, www3, www4, pop1, pop2, pop3, pop4, ntp1, ntp2, ntp3, ntp4, netbios1, netbios2, netbios3, netbios4, https1, https2, https3, https4, microsoft1, microsoft2, microsoft3, microsoft4, ipp1, ipp2, ipp3, ipp4, squid1, squid2, squid3, squid4, sql1, sql2, sql3, sql4, proxy1, proxy2, proxy3, proxy4, tor1, tor2, tor3, tor4, blockallports, blockallports2, blockallports3, blockallports4, blockallports5, blockallports6, relatedports, dropall, listrules, deleterules, bye }; int main(void) { int menu; do { printf("\n"); printf("mfwall2 Copyright (C) 2015 by Matthias Holl \n"); printf("\n"); printf("-%d- ftp (tcp/udp) port 20,21 input reject\n", ftp1); printf("-%d- ftp (tcp/udp) port 20,21 output reject\n", ftp2); printf("-%d- ftp (tcp/udp) port 20,21 input accept\n", ftp3); printf("-%d- ftp (tcp/udp) port 20,21 output accept\n", ftp4); printf("-%d- ssh (tcp/udp) port 22 input reject\n", ssh1); printf("-%d- ssh (tcp/udp) port 22 output reject\n", ssh2); printf("-%d- ssh (tcp/udp) port 22 input accept\n", ssh3); printf("-%d- ssh (tcp/udp) port 22 output accept\n", ssh4); printf("-%d- smtp (tcp/udp) port 25 input reject\n", smtp1); printf("-%d- smtp (tcp/udp) port 25 output reject\n", smtp2); printf("-%d- smtp (tcp/udp) port 25 input accept\n", smtp3); printf("-%d- smtp (tcp/udp) port 25 output accept\n", smtp4); printf("-%d- domain (tcp/udp) port 53 input reject\n", domain1); printf("-%d- domain (tcp/udp) port 53 output reject\n", domain2); printf("-%d- domain (tcp/udp) port 53 input accept\n", domain3); printf("-%d- domain (tcp/udp) port 53 output accept\n", domain4); printf("-%d- www (tcp/udp) port 80 input reject\n", www1); printf("-%d- www (tcp/udp) port 80 output reject\n", www2); printf("-%d- www (tcp/udp) port 80 input accept\n", www3); printf("-%d- www (tcp/udp) port 80 output accept\n", www4); printf("-%d- pop3 (tcp/udp) port 110 input reject\n", pop1); printf("-%d- pop3 (tcp/udp) port 110 output reject\n", pop2); printf("-%d- pop3 (tcp/udp) port 110 input accept\n", pop3); printf("-%d- pop3 (tcp/udp) port 110 output accept\n", pop4); printf("-%d- ntp (tcp/udp) port 123 input reject\n", ntp1); printf("-%d- ntp (tcp/udp) port 123 output reject\n", ntp2); printf("-%d- ntp (tcp/udp) port 123 input accept\n", ntp3); printf("-%d- ntp (tcp/udp) port 123 output accept\n", ntp4); printf("-%d- netbios-ssn (tcp/udp) port 139 input reject\n", netbios1); printf("-%d- netbios-ssn (tcp/udp) port 139 output reject\n", netbios2); printf("-%d- netbios-ssn (tcp/udp) port 139 input accept\n", netbios3); printf("-%d- netbios-ssn (tcp/udp) port 139 output accept\n", netbios4); printf("-%d- https (tcp/udp) port 443 input reject\n", https1); printf("-%d- https (tcp/udp) port 443 output reject\n", https2); printf("-%d- https (tcp/udp) port 443 input accept\n", https3); printf("-%d- https (tcp/udp) port 443 output accept\n", https4); printf("-%d- microsoft-ds (tcp/udp) port 445 input reject\n", microsoft1); printf("-%d- microsoft-ds (tcp/udp) port 445 output reject\n", microsoft2); printf("-%d- microsoft-ds (tcp/udp) port 445 input accept\n", microsoft3); printf("-%d- microsoft-ds (tcp/udp) port 445 output accept\n", microsoft4); printf("-%d- ipp (tcp/udp) port 631 input reject\n", ipp1); printf("-%d- ipp (tcp/udp) port 631 output reject\n", ipp2); printf("-%d- ipp (tcp/udp) port 631 input accept\n", ipp3); printf("-%d- ipp (tcp/udp) port 631 output accept\n", ipp4); printf("-%d- squid (tcp/udp) port 3128 input reject\n", squid1); printf("-%d- squid (tcp/udp) port 3128 output reject\n", squid2); printf("-%d- squid (tcp/udp) port 3128 input accept\n", squid3); printf("-%d- squid (tcp/udp) port 3128 output accept\n", squid4); printf("-%d- mysql (tcp/udp) port 3306 input reject\n", sql1); printf("-%d- mysql (tcp/udp) port 3306 output reject\n", sql2); printf("-%d- mysql (tcp/udp) port 3306 input accept\n", sql3); printf("-%d- mysql (tcp/udp) port 3306 output accept\n", sql4); printf("-%d- webcache (tcp/udp) port 8080 input reject\n", proxy1); printf("-%d- webcache (tcp/udp) port 8080 output reject\n", proxy2); printf("-%d- webcache (tcp/udp) port 8080 input accept\n", proxy3); printf("-%d- webcache (tcp/udp) port 8080 output accept\n", proxy4); printf("-%d- tor (tcp/udp) port 9050 input reject\n", tor1); printf("-%d- tor (tcp/udp) port 9050 output reject\n", tor2); printf("-%d- tor (tcp/udp) port 9050 input accept\n", tor3); printf("-%d- tor (tcp/udp) port 9050 output accept\n", tor4); printf( "-%d- block ALL standard (tcp/udp) ports except port 53,80,443,9050\n", blockallports); printf("-%d- block (tcp/udp) ports 1-5688 except port 53,80,443,9050\n", blockallports2); printf( "-%d- block (tcp/udp) ports 1-10273 except port 53,80,443,9050\n", blockallports3); printf( "-%d- block (tcp/udp) ports 1-22273 except port 53,80,443,9050\n", blockallports4); printf( "-%d- block (tcp/udp) ports 1-40273 except port 53,80,443,9050\n", blockallports5); printf( "-%d- block (tcp/udp) ports 1-60179 except port 53,80,443,9050\n", blockallports6); printf("-%d- accept ALL established and related connections\n", relatedports); printf("-%d- drop ALL incoming connections\n", dropall); printf("-%d- show firewall rules\n", listrules); printf("-%d- delete ALL firewall rules\n", deleterules); printf("-%d- quit\n", bye); printf("your choice:"); do { scanf("%d", &menu); } while (getchar() != '\n'); switch (menu) { case ftp1: system( "/sbin/iptables -I INPUT -p tcp --dport 21 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 21 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 20 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 20 -j REJECT"); break; case ftp2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 21 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 21 -j REJECT && /sbin/iptables -I OUTPUT -p tcp --dport 20 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 20 -j REJECT"); break; case ftp3: system( "/sbin/iptables -I INPUT -p tcp --dport 21 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 21 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 20 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 20 -j ACCEPT"); break; case ftp4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 21 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 21 -j ACCEPT & /sbin/iptables -I OUTPUT -p tcp --dport 20 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 20 -j ACCEPT"); break; case ssh1: system( "/sbin/iptables -I INPUT -p tcp --dport 22 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 22 -j REJECT "); break; case ssh2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 22 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 22 -j REJECT"); break; case ssh3: system( "/sbin/iptables -I INPUT -p tcp --dport 22 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 22 -j ACCEPT"); break; case ssh4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 22 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 22 -j ACCEPT"); break; case smtp1: system( "/sbin/iptables -I INPUT -p tcp --dport 25 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 25 -j REJECT "); break; case smtp2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 25 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 25 -j REJECT"); break; case smtp3: system( "/sbin/iptables -I INPUT -p tcp --dport 25 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 25 -j ACCEPT"); break; case smtp4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 25 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 25 -j ACCEPT"); break; case domain1: system( "/sbin/iptables -I INPUT -p tcp --dport 53 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 53 -j REJECT "); break; case domain2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 53 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j REJECT"); break; case domain3: system( "/sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT"); break; case domain4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT"); break; case www1: system( "/sbin/iptables -I INPUT -p tcp --dport 80 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 80 -j REJECT "); break; case www2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 80 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j REJECT"); break; case www3: system( "/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT"); break; case www4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT"); break; case pop1: system( "/sbin/iptables -I INPUT -p tcp --dport 110 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 110 -j REJECT "); break; case pop2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 110 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 110 -j REJECT"); break; case pop3: system( "/sbin/iptables -I INPUT -p tcp --dport 110 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 110 -j ACCEPT"); break; case pop4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 110 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 110 -j ACCEPT"); break; case ntp1: system( "/sbin/iptables -I INPUT -p tcp --dport 123 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 123 -j REJECT "); break; case ntp2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 123 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 123 -j REJECT"); break; case ntp3: system( "/sbin/iptables -I INPUT -p tcp --dport 123 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 123 -j ACCEPT"); break; case ntp4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 123 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 123 -j ACCEPT"); break; case netbios1: system( "/sbin/iptables -I INPUT -p tcp --dport 139 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 139 -j REJECT "); break; case netbios2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 139 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 139 -j REJECT"); break; case netbios3: system( "/sbin/iptables -I INPUT -p tcp --dport 139 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 139 -j ACCEPT"); break; case netbios4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 139 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 139 -j ACCEPT"); break; case https1: system( "/sbin/iptables -I INPUT -p tcp --dport 443 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 443 -j REJECT "); break; case https2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 443 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j REJECT"); break; case https3: system( "/sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT"); break; case https4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT"); break; case microsoft1: system( "/sbin/iptables -I INPUT -p tcp --dport 445 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 445 -j REJECT "); break; case microsoft2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 445 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 445 -j REJECT"); break; case microsoft3: system( "/sbin/iptables -I INPUT -p tcp --dport 445 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 445 -j ACCEPT"); break; case microsoft4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 445 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 445 -j ACCEPT"); break; case ipp1: system( "/sbin/iptables -I INPUT -p tcp --dport 631 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 631 -j REJECT "); break; case ipp2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 631 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 631 -j REJECT"); break; case ipp3: system( "/sbin/iptables -I INPUT -p tcp --dport 631 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 631 -j ACCEPT"); break; case ipp4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 631 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 631 -j ACCEPT"); break; case squid1: system( "/sbin/iptables -I INPUT -p tcp --dport 3128 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 3128 -j REJECT "); break; case squid2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 3128 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 3128 -j REJECT"); break; case squid3: system( "/sbin/iptables -I INPUT -p tcp --dport 3128 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 3128 -j ACCEPT"); break; case squid4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 3128 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 3128 -j ACCEPT"); break; case sql1: system( "/sbin/iptables -I INPUT -p tcp --dport 3306 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 3306 -j REJECT "); break; case sql2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 3306 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 3306 -j REJECT"); break; case sql3: system( "/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 3306 -j ACCEPT"); break; case sql4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 3306 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 3306 -j ACCEPT"); break; case proxy1: system( "/sbin/iptables -I INPUT -p tcp --dport 8080 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 8080 -j REJECT "); break; case proxy2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 8080 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 8080 -j REJECT"); break; case proxy3: system( "/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 8080 -j ACCEPT"); break; case proxy4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 8080 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 8080 -j ACCEPT"); break; case tor1: system( "/sbin/iptables -I INPUT -p tcp --dport 9050 -j REJECT && /sbin/iptables -I INPUT -p udp --dport 9050 -j REJECT "); break; case tor2: system( "/sbin/iptables -I OUTPUT -p tcp --dport 9050 -j REJECT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j REJECT"); break; case tor3: system( "/sbin/iptables -I INPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 9050 -j ACCEPT"); break; case tor4: system( "/sbin/iptables -I OUTPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j ACCEPT"); break; case blockallports: system( "/sbin/iptables -A INPUT -p tcp --destination-port 1:1024 -j REJECT && /sbin/iptables -A INPUT -p udp --destination-port 1:1024 -j REJECT && /sbin/iptables -A OUTPUT -p tcp --destination-port 1:1024 -j REJECT && /sbin/iptables -A OUTPUT -p udp --destination-port 1:1024 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT"); break; case blockallports2: system( "/sbin/iptables -A INPUT -p tcp --destination-port 1:5688 -j REJECT && /sbin/iptables -A INPUT -p udp --destination-port 1:5688 -j REJECT && /sbin/iptables -A OUTPUT -p tcp --destination-port 1:5688 -j REJECT && /sbin/iptables -A OUTPUT -p udp --destination-port 1:5688 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j ACCEPT"); break; case blockallports3: system( "/sbin/iptables -A INPUT -p tcp --destination-port 1:10273 -j REJECT && /sbin/iptables -A INPUT -p udp --destination-port 1:10273 -j REJECT && /sbin/iptables -A OUTPUT -p tcp --destination-port 1:10273 -j REJECT && /sbin/iptables -A OUTPUT -p udp --destination-port 1:10273 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j ACCEPT"); break; case blockallports4: system( "/sbin/iptables -A INPUT -p tcp --destination-port 1:22273 -j REJECT && /sbin/iptables -A INPUT -p udp --destination-port 1:22273 -j REJECT && /sbin/iptables -A OUTPUT -p tcp --destination-port 1:22273 -j REJECT && /sbin/iptables -A OUTPUT -p udp --destination-port 1:22273 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j ACCEPT"); break; case blockallports5: system( "/sbin/iptables -A INPUT -p tcp --destination-port 1:40273 -j REJECT && /sbin/iptables -A INPUT -p udp --destination-port 1:40273 -j REJECT && /sbin/iptables -A OUTPUT -p tcp --destination-port 1:40273 -j REJECT && /sbin/iptables -A OUTPUT -p udp --destination-port 1:40273 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j ACCEPT"); break; case blockallports6: system( "/sbin/iptables -A INPUT -p tcp --destination-port 1:60179 -j REJECT && /sbin/iptables -A INPUT -p udp --destination-port 1:60179 -j REJECT && /sbin/iptables -A OUTPUT -p tcp --destination-port 1:60179 -j REJECT && /sbin/iptables -A OUTPUT -p udp --destination-port 1:60179 -j REJECT && /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 80 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 80 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 443 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 443 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 53 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 53 -j ACCEPT && /sbin/iptables -I INPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I INPUT -p udp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p tcp --dport 9050 -j ACCEPT && /sbin/iptables -I OUTPUT -p udp --dport 9050 -j ACCEPT"); break; case relatedports: system( "/sbin/iptables -F && /sbin/iptables -t filter -A INPUT -j DROP && /sbin/iptables -t filter -I INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT"); break; case dropall: system("/sbin/iptables -t filter -A INPUT -j DROP"); break; case listrules: system("/sbin/iptables -L"); sleep(20); break; case deleterules: system("/sbin/iptables -F"); break; } } while (menu != bye); printf("bye... mfwall2\n"); return EXIT_SUCCESS; }