diff options
Diffstat (limited to 'test.sh')
| -rw-r--r-- | test.sh | 67 |
1 files changed, 67 insertions, 0 deletions
@@ -0,0 +1,67 @@ +CONNTRACK=conntrack + +SRC=1.1.1.1 +DST=2.2.2.2 +SPORT=1980 +DPORT=2005 + +case $1 in + dump) + # Setting dump mask + echo "dump mask set to TUPLE" + $CONNTRACK -A -m TUPLE + $CONNTRACK -L + echo "Press any key to continue..." + read + echo "dump mask set to TUPLE,COUNTERS" + $CONNTRACK -A -m TUPLE,COUNTERS + $CONNTRACK -L + echo "Press any key to continue..." + read + echo "dump mask set to ALL" + $CONNTRACK -A -m ALL + $CONNTRACK -L + echo "Press any key to continue..." + read + ;; + new) + echo "creating a new conntrack" + $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + --reply-src $DST --reply-dst $SRC -p tcp \ + --orig-port-src $SPORT --orig-port-dst $DPORT \ + --reply-port-src $DPORT --reply-port-dst $SPORT \ + --state LISTEN -u SEEN_REPLY -t 50 + ;; + + change) + echo "change a conntrack" + $CONNTRACK -I --orig-src $SRC --orig-dst $DST \ + --reply-src $DST --reply-dst $SRC -p tcp \ + --orig-port-src $SPORT --orig-port-dst $DPORT \ + --reply-port-src $DPORT --reply-port-dst $SPORT \ + --state TIME_WAIT -u ASSURED -t 500 + ;; + delete) + # 66.111.58.52 dst=85.136.125.64 sport=22 dport=60239 + $CONNTRACK -D conntrack --orig-src 66.111.58.1 \ + --orig-dst 85.136.125.64 -p tcp --orig-port-src 22 \ + --orig-port-dst 60239 + ;; + output) + proc=$(cat /proc/net/ip_conntrack | wc -l) + netl=$($CONNTRACK -L | wc -l) + count=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count) + if [ $proc -ne $netl ]; then + echo "proc is $proc and netl is $netl and count is $count" + else + if [ $proc -ne $count ]; then + echo "proc is $proc and netl is $netl and count is $count" + else + echo "now $proc" + fi + fi + ;; + *) + echo "Usage: $0 [dump|new|change|delete|output]" + ;; +esac |