diff options
Diffstat (limited to 'test.sh')
| -rw-r--r-- | test.sh | 77 |
1 files changed, 58 insertions, 19 deletions
@@ -2,27 +2,17 @@ CONNTRACK=conntrack SRC=1.1.1.1 DST=2.2.2.2 -SPORT=1980 -DPORT=2005 +SPORT=2005 +DPORT=21 case $1 in dump) - # Setting dump mask - echo "dump mask set to TUPLE" - $CONNTRACK -A -m TUPLE + echo "Dumping conntrack table" $CONNTRACK -L - echo "Press any key to continue..." - read - echo "dump mask set to TUPLE,COUNTERS" - $CONNTRACK -A -m TUPLE,COUNTERS - $CONNTRACK -L - echo "Press any key to continue..." - read - echo "dump mask set to ALL" - $CONNTRACK -A -m ALL - $CONNTRACK -L - echo "Press any key to continue..." - read + ;; + flush) + echo "Flushing conntrack table" + $CONNTRACK -F ;; new) echo "creating a new conntrack" @@ -32,6 +22,18 @@ case $1 in --reply-port-src $DPORT --reply-port-dst $SPORT \ --state LISTEN -u SEEN_REPLY -t 50 ;; + new-simple) + echo "creating a new conntrack (simplified)" + $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \ + --state LISTEN -u SEEN_REPLY -t 50 + ;; + new-nat) + echo "creating a new conntrack (NAT)" + $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \ + --state LISTEN -u SEEN_REPLY,SRC_NAT -t 50 -a 8.8.8.8 + ;; get) echo "getting a conntrack" $CONNTRACK -G --orig-src $SRC --orig-dst $DST \ @@ -40,7 +42,7 @@ case $1 in ;; change) echo "change a conntrack" - $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + $CONNTRACK -U --orig-src $SRC --orig-dst $DST \ --reply-src $DST --reply-dst $SRC -p tcp \ --orig-port-src $SPORT --orig-port-dst $DPORT \ --reply-port-src $DPORT --reply-port-dst $SPORT \ @@ -64,7 +66,44 @@ case $1 in fi fi ;; + dump-expect) + $CONNTRACK -L expect + ;; + flush-expect) + $CONNTRACK -F expect + ;; + create-expect) + # requires modprobe ip_conntrack_ftp + $CONNTRACK -I expect --orig-src $SRC --orig-dst $DST \ + --exp-src 4.4.4.4 --exp-dst 5.5.5.5 \ + --mask-src 255.255.255.0 --mask-dst 255.255.255.255 \ + -p tcp --orig-port-src $SPORT --orig-port-dst $DPORT \ + -t 200 --mask-port-src 10 --mask-port-dst 300 + ;; + get-expect) + $CONNTRACK -G expect --orig-src 4.4.4.4 --orig-dst 5.5.5.5 \ + --p tcp --orig-port-src 0 --orig-port-dst 0 \ + --mask-port-src 10 --mask-port-dst 11 + ;; + delete-expect) + $CONNTRACK -D expect --orig-src 4.4.4.4 \ + --orig-dst 5.5.5.5 -p tcp --orig-port-src 0 \ + --orig-port-dst 0 --mask-port-src 10 --mask-port-dst 11 + ;; *) - echo "Usage: $0 [dump|new|change|delete|output]" + echo "Usage: $0 [dump" + echo " |new" + echo " |new-simple" + echo " |new-nat" + echo " |get" + echo " |change" + echo " |delete" + echo " |output" + echo " |flush" + echo " |dump-expect" + echo " |flush-expect" + echo " |create-expect" + echo " |get-expect" + echo " |delete-expect]" ;; esac |