From b2d5a17ae5ca2ffba2d21936083c847feb8ee90b Mon Sep 17 00:00:00 2001
From: bbruns <bbruns@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Wed, 6 Oct 2010 18:46:28 +0000
Subject: [PATCH] Adding test scripts for block

---
 tools/test-blocks | 83 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100755 tools/test-blocks

diff --git a/tools/test-blocks b/tools/test-blocks
new file mode 100755
index 0000000..6f59778
--- /dev/null
+++ b/tools/test-blocks
@@ -0,0 +1,83 @@
+#!/bin/bash
+BASEDIR=/etc/firewall-sosdg
+PATH=/usr/sbin:/usr/bin:/sbin:/bin
+
+if [ ! -r $BASEDIR/include/static ] || [ ! -r $BASEDIR/include/functions ]; then
+	echo "Error: Missing either include/static or include/functions. These are critical to operation"
+	echo "of this script.  Please make sure they are readable and exist!"
+	exit 1
+fi
+
+. $BASEDIR/include/static
+. $BASEDIR/include/functions
+
+if [ -r $BASEDIR/options ]; then
+	. $BASEDIR/options
+else
+	echo -e "${RED}Error: Can not load options file.  Did you forget to rename options.default?"
+	exit 1
+fi
+
+
+
+
+display_c YELLOW "This is a simple tool to display the iptables"
+display_c YELLOW "rules used for blocking in ${BLOCKEDIP}. It is"
+display_c YELLOW "a good way to verify the rules will work how"
+display_c YELLOW "you intend."
+
+if [ ! "$BLOCKEDIP" ]; then
+	display_c RED "Error: No blocked ips file found."
+	exit 1
+fi
+
+for i in `grep -v "\#" $BLOCKEDIP`; do
+		if [[ "$i" =~ ":" ]]; then
+			IFS_OLD=${IFS};IFS=:
+			ADVBLKIP=($BLOCK)
+			IFS=${IFS_OLD}
+			SRCIF=${ADVBLKIP[0]}
+			SRCIP=${ADVBLKIP[1]}
+			SRCPORT=${ADVBLKIP[2]}
+			DSTIF=${ADVBLKIP[3]}
+			DSTIP=${ADVBLKIP[4]}
+			DSTPORT=${ADVBLKIP[5]}
+			DIRECTION=${ADVBLKIP[6]}
+			PROTO=${ADVBLKIP[7]}
+			if [ "$SRCIF" ]; then
+				SRCIF="-i ${SRCIF} "
+			fi
+			if [ "$SRCIP" ]; then
+				SRCIP="-s ${SRCIP} "
+			fi
+			if [ "$SRCPORT" ]; then
+				SRCPORT="--sport ${SRCPORT/-/:} "
+			fi
+			if [ "$DSTIF" ]; then
+				DSTIF="-o ${DSTIF} "
+			fi
+			if [ "$DSTIP" ]; then
+				DSTIP="-d ${DSTIP} "
+			fi
+			if [ "$DSTPORT" ]; then
+				DSTPORT="--dport ${DSTPORT/-/:} "
+			fi
+			if [ "$PROTO" ]; then
+				case $PROTO in
+					TCP|tcp) PROTO="-p tcp";;
+					UDP|udp) PROTO="-p udp";;
+					*) PROTO="-p ${PROTO}";;
+				esac
+			fi
+			case $DIRECTION in
+				IN) DIRECTION="INPUT" ;;
+				OUT) DIRECTION="OUTPUT" ;;
+				FWD) DIRECTION="FORWARD" ;;
+				*) DIRECTION="INPUT" ;;
+			esac
+			echo "${IPTABLES} -A ${DIRECTION} ${SRCIF} ${SRCIP} ${SRCPORT} ${DSTIF} ${DSTIP} ${DSTPORT} ${PROTO} -j DROP"
+		else
+			echo "${IPTABLES} -A INPUT -s $i -j DROP"
+			echo "${IPTABLES} -A OUTPUT -d $i -j DROP"
+		fi
+done
\ No newline at end of file