From e4d3e845258775acf38a23dae495d6967c0b57da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=2E=20Fernando=20S=C3=A1nchez?= Date: Tue, 9 Oct 2018 16:30:18 +0200 Subject: [PATCH] Improve nodistractions script --- scripts/.bin/nodistractions.sh | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/scripts/.bin/nodistractions.sh b/scripts/.bin/nodistractions.sh index 64f7d2e..7f39de8 100755 --- a/scripts/.bin/nodistractions.sh +++ b/scripts/.bin/nodistractions.sh @@ -1,7 +1,14 @@ #!/bin/sh +# This script will block all traffic to ports 80 and 443. +# # If you want to allow some websites/IPs to still work -# after adding the filters, just add specific rules to +# after adding the filters. +# +# Set the $ALLOWED_DEST variable to the network/mask you want to accept +# +# +# Another option is to add specific rules to # iptables to allow it. For instance: # # sudo iptables --insert OUTPUT --protocol tcp --destination 138.4.0.0/16 --jump ACCEPT @@ -12,24 +19,35 @@ # Hence, you can either append the rule before running # the script, or insert the rule so it takes precedence. +ALLOWED_DEST=${ALLOWED_DEST:=138.4.0.0/16} export SUDO_ASKPASS=/usr/lib/ssh/ssh-askpass CMD="sudo -A iptables" RULE="OUTPUT --protocol tcp --jump DROP --dport" +ALLOW_RULE="OUTPUT --protocol tcp --jump ACCEPT --destination $ALLOWED_DEST" + stop_filter() { $CMD --delete $RULE 80 $CMD --delete $RULE 443 + $CMD --delete $ALLOW_RULE } filter() { stop_filter >&2 /dev/null # Avoid re-adding $CMD --append $RULE 80 $CMD --append $RULE 443 + $CMD --insert $ALLOW_RULE + } help() { + echo "Block all traffic to ports 80 and 443" + echo "" echo "Usage: $0 on|off" + echo "" + echo "Set the ALLOWED_DEST variable to whitelist some IPs/network" + echo "Currently whitelisted: $ALLOWED_DEST" } if [ "$#" -ne 1 ]; then