Fedora Linux Support Community & Resources Center
  #1  
Old 27th April 2017, 10:04 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 639
linuxfedorafirefox
How can I make this script ask me for rules from within itself?

Hi.

I decided to post this as a separated thread because I found that it will be of benefit for other scripts types by other users.

Problem as following: I have the following Internet Kill Switch script involving 4 rules:

Quote:
#! /bin/bash
rulesstart(){
echo "Toggle ON Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
echo
echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
echo "This script only allows VPN output! It does not provide DNS leak protection!"
echo
echo "Establishing firewalld rules is starting!"
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Establishing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is enabled! Only VPN output is allowed now!"
echo "Enjoy surfing Internet safely!"
}

rulesstop(){
echo "Toggle OFF Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
echo
echo "Removing firewalld rules is starting!"
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Removing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is disabled!"
}

rulesSTART(){
echo "Toggle ON Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection on Firewalld"
echo
echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
echo "This script only allows VPN output! It does not provide DNS leak protection!"
echo
echo "Establishing firewalld rules is starting!"
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Establishing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is enabled! Both VPN output & input are allowed now!"
echo "Enjoy surfing Internet safely!"
}

rulesSTOP(){
echo "Toggle OFF Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection on Firewalld"
echo
echo "Removing firewalld rules is starting!"
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 501 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Removing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is disabled!"
}

rules${1}
Currently I run it as:

$ script.sh rule

rule either start, stop, START, or STOP

I need to change this into the following:

I would like to make script ask me what I like to run, & remain waiting till I give it my selection, then perform what I direct it. My enterance should direct script to perform one of these 4 rules. I like to do this FROM WITHIN SAME SCRIPT NOT BY USING 2ND SCRIPT.

After search in Internet I discover this link:

http://ryanstutorials.net/bash-scrip...bash-input.php

I did not understand all the post. Currently I can do by creating 2nd script (let we call script-prompt) as following:

Quote:
#! /bin/bash
echo "Enter action you like to perform"
read var
script.sh $var
So, I have to run:

script-prompt.sh

it will ask me to enter my preference, & when I enter start, or stop, or START or STOP it will run script.sh with that rule.

Till now very good, so where problem? The problem is that --up option of openvpn did not support running 2nd script by a script signed by --up option. I mean when I open terminal & type:

script-prompt.sh

then enter my rule , then this will result in runing script.sh rule without problem. But if I run:

sudo openvpn & having --up activated to run script-prompt.sh then script-prompt.sh will work & ask me but when I enter my rule then it try to run script.sh it will failed because --up option of openvpn is support only one script that MUST NOT RUN 2ND SCRIPT.

For that I need to make script.sh ask me by itself & I enter rule then it select accordingly from within SAME script.sh

Any one can help please?
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #2  
Old 27th April 2017, 02:03 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 7,097
linuxfirefox
Re: How can I make this script ask me for rules from within itself?

Don't needlessly complicate your script by having two identical pairs of functions just because the user might type "START" or "start" "STOP" or "stop". Just figure out which was used in a case independent way and call the function:


Code:
#! /bin/bash
rulesstart(){
echo "Toggle ON Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
echo
echo "Warning: connection to VPN should be established before running  this script. Otherwise any Internet connection will be impossible!"
echo "This script only allows VPN output! It does not provide DNS leak protection!"
echo
echo "Establishing firewalld rules is starting!"
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Establishing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is enabled! Only VPN output is allowed now!"
echo "Enjoy surfing Internet safely!"
}

rulesstop(){
echo "Toggle OFF Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
echo
echo "Removing firewalld rules is starting!"
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Removing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is disabled!"
}


if [[ "$1" == 'start' || "$1" == "START" ]]; then
    rulestart
elif [[ "$1" == 'stop' || "$1" == "STOP" ]]; then
    rulestop
else
   echo "Invalid input $1  not equal to start or stop"
fi
Reply With Quote
  #3  
Old 27th April 2017, 02:54 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 639
linuxfedorafirefox
Re: How can I make this script ask me for rules from within itself?

Hi all. I got super excellent & brilliant solution. It differ from that given by marko. However, thank you marko.

This is my solution (depend on case shell command)

Warning! Script in this forum can not displayed correctly !! All lines appear to be alingn to extreme left what ever I try to put them in their correct position !! No in this will not work !! Please look to example in link of source at end of this post. Please if modulators assist me. When I opened editor script appear in correct way. But just when I save then all lines appear aligned to extreme left which is not real case.

Quote:
#! /bin/bash
echo
echo "Script for VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
echo "Enter type of action you like:"
echo
read var
case $var in
start ) echo "Toggle ON Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
echo
echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
echo "This script only allows VPN output! It does not provide DNS leak protection!"
echo
echo "Establishing firewalld rules is starting!"
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Establishing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is enabled! Only VPN output is allowed now!"
echo "Enjoy surfing Internet safely!"
;;
stop ) echo "Toggle OFF Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
echo
echo "Removing firewalld rules is starting!"
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Removing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is disabled!"
;;
START ) echo "Toggle ON Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
echo
echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
echo "This script only allows VPN output! It does not provide DNS leak protection!"
echo
echo "Establishing firewalld rules is starting!"
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Establishing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is enabled! Both VPN output & input are allowed now!"
echo "Enjoy surfing Internet safely!"
;;
STOP ) echo "Toggle OFF Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
echo
echo "Removing firewalld rules is starting!"
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
sudo -k
echo "Removing firewalld rules is completed!"
echo
echo "VPN Internet Kill Switch is disabled!"
;;
* ) echo "You did not enter a valid choice! Please re-try!"
esac
I change some echo output (add text output & empty spaces to make it more beautiful). Now I have much better than VPN company application !!

I depend on this source of information:
http://linuxcommand.org/wss0120.php

Only one thing: regarding line before last [ * ) echo "You did not enter a valid choice! Please re-try!" ] currently I need to run script from start if entered invalid choice. I would like to make script repeat itself by itself. Is this possible ?
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

Last edited by User808; 27th April 2017 at 03:14 PM.
Reply With Quote
  #4  
Old 27th April 2017, 03:53 PM
flyingdutchman Online
Registered User
 
Join Date: Jan 2015
Location: Al Ain, UAE
Posts: 674
macosfirefox
Re: How can I make this script ask me for rules from within itself?

Howdy,

There are several tips here on how to parse things:
http://www.aeronetworks.ca/2015/10/r...om-serial.html

In particular, look at the 'chat' example.
__________________
--
Have fun!
http://www.aeronetworks.ca
Reply With Quote
  #5  
Old 27th April 2017, 05:27 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 7,097
unknownfirefox
Re: How can I make this script ask me for rules from within itself?

My post was not intended to solve the problem. It was a general script suggestion to avoid repeating code.
Reply With Quote
  #6  
Old 27th April 2017, 05:40 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 7,097
unknownfirefox
Re: How can I make this script ask me for rules from within itself?

Quote:

Warning! Script in this forum can not displayed correctly !! All lines appear to be alingn to extreme left what ever I try to put them in their correct position !! No in this will not work !! Please look to example in link of source at end of this post. Please if modulators assist me. When I opened editor script appear in correct way. But just when I save then all lines appear aligned to extreme left which is not real case
Select the script code, and use code block by selecting that mode with the # control . Or wrap the block with CODE tags
Reply With Quote
  #7  
Old 27th April 2017, 05:49 PM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 639
linuxsafari
Re: How can I make this script ask me for rules from within itself?

Quote:
Originally Posted by marko View Post
My post was not intended to solve the problem. It was a general script suggestion to avoid repeating code.
No ! You are wrong ! There are no repeatition al all ! They are 4 sit of rules:

1st to switch on kill switch not suitable for torrent
2nd to switch off this type of kill switch.

3rd to power on kill switch that allow torrent (less secure)
4rth to power off last type of kill switch.

No repeatition at all & they are not identical at all. Examine them carefully & you will see.

Best.
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
  #8  
Old 28th April 2017, 03:28 AM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 7,097
linuxfedorafirefox
Re: How can I make this script ask me for rules from within itself?

Quote:
Originally Posted by User808 View Post
No ! You are wrong ! There are no repeatition al all ! They are 4 sit of rules:

1st to switch on kill switch not suitable for torrent
2nd to switch off this type of kill switch.

3rd to power on kill switch that allow torrent (less secure)
4rth to power off last type of kill switch.

No repeatition at all & they are not identical at all. Examine them carefully & you will see.

Best.
Okay, the text was so small on my phone, I suspect I'd still like to merge the four functions to two:

Code:
#!/bin/bash


rulestop()
{
    mode="$1"
    echo "Toggle OFF ${mode}directional VPN Internet Kill Switch + IPv6 Leak Protection on Firewalld"
    echo
    echo "Removing firewalld rules is starting!"
    sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
    sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
    sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
    sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
    if [ "$mode" == "Bi" ]; then
        sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 501 -j ACCEPT
    fi
    sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
    sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
    sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
    sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
    sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
    sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
    sudo -k
    echo "Removing firewalld rules is completed!"
    echo
    echo "VPN Internet Kill Switch is disabled!"
}

rulestart() {
    mode="$1"
    echo "Toggle ON ${mode}directional VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
    echo
    echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
    echo "This script only allows VPN output! It does not provide DNS leak protection!"
    echo
    echo "Establishing firewalld rules is starting!"
    sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
    sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
    sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
    sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
    if [ "$mode" == "Bi" ]; then
        sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
    fi
    sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
    sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
    sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
    sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
    sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
    sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
    sudo -k
    echo "Establishing firewalld rules is completed!"
    echo
    if [ "$mode" == "Bi" ]; then
        echo "VPN Internet Kill Switch is enabled! Both VPN output & input are allowed now!"
    else
        echo "VPN Internet Kill Switch is enabled! Only VPN output is allowed now!"
    fi
    echo "Enjoy surfing Internet safely!"
}


case $1 in
    "start")
        rulestart "Uni"
        ;;
    "START")
        rulestart "Bi"
        ;;
    "stop")
        rulestop "Uni"
        ;;
    "STOP")
        rulestop "Bi"
        ;;
    *)
        echo "usage error"
        ;;
esac

Last edited by marko; 28th April 2017 at 07:19 AM.
Reply With Quote
  #9  
Old 28th April 2017, 08:10 AM
srakitnican Offline
Registered User
 
Join Date: Oct 2011
Posts: 1,438
linuxchrome
Re: How can I make this script ask me for rules from within itself?

Check in script for argument, if argument is not there prompt the user. Script may be made more robust by checking argument against knows keywords.


Code:
...

prompt_user() {
  cat <<- EOF
  Usage: ${0##*/} [action], where action is one of the following
    START - starts rules
    STOP - stops rules
    ...
  Action may be given with an script argument. If argument is not present,
  script will prompt for one.
  EOF
  printf "choice> " ; read action
}

if [ -z "$1" ]; then
  prompt_user
  rules${action}
else
  rules${1}
fi

Last edited by srakitnican; 28th April 2017 at 06:23 PM. Reason: Fixed else as noticed by marko
Reply With Quote
  #10  
Old 28th April 2017, 06:01 PM
marko Offline
Registered User
 
Join Date: Jun 2004
Location: Laurel, MD USA
Posts: 7,097
unknownfirefox
Re: How can I make this script ask me for rules from within itself?

Code:
if [ -z "$1" ]; then
      prompt_user
      rules${action}
else
      action="$1"
      rules${action}
fi
I suspect you want to add that bolded assignment to action from $1 or just pass $1 straight with

Code:
 else
      rules${$1}
 fi
in the else case

Last edited by marko; 28th April 2017 at 06:07 PM.
Reply With Quote
  #11  
Old 29th April 2017, 06:00 AM
RupertPupkin Offline
Registered User
 
Join Date: Nov 2006
Location: Detroit
Posts: 6,607
linuxfedorafirefox
Re: How can I make this script ask me for rules from within itself?

For interactive scripts like this, I don't know why more people don't make use of the select feature in bash:
Code:
#!/bin/bash
declare -A rule=(["ON"]="add" ["OFF"]="remove")
declare -A direction=(["uni"]="Unidirectional" ["bi"]="Bidirectional")
toggle()
{
   echo
   echo "Toggle $1 ${direction[$2]} VPN Internet Kill Switch + IPv6 Leak Protection"
   echo
   if [ $1 == "ON" ]; then
      echo "Warning: connection to VPN should be established before running this script."\
           "Otherwise any Internet connection will be impossible!"
      echo "This script only allows VPN output! It does not provide DNS leak protection!"
      echo
      echo "Establishing firewalld rules is starting!"
   else
      echo "Removing firewalld rules is starting!"
   fi
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv6 filter INPUT 0 -j DROP
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
   if [ $2 == "bi" ]; then
      sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
   fi
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter INPUT 999 -j DROP
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv6 filter OUTPUT 0 -j DROP
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
   sudo firewall-cmd --direct --${rule[$1]}-rule ipv4 filter OUTPUT 999 -j DROP
   sudo -k
   if [ $1 == "ON" ]; then
      echo "Establishing firewalld rules is completed!"
      echo
      echo -n "VPN Internet Kill Switch is enabled! "
      if [ $2 == "uni" ]; then
         echo "Only VPN output is allowed now!"
      else
         echo "Both VPN output & input are allowed now!"
      fi
      echo "Enjoy surfing Internet safely!"
   else
      echo "Removing firewalld rules is completed!"
      echo
      echo -n "VPN Internet Kill Switch is disabled!"
   fi
}

main_menu()
{
    while :
    do
        R1="Toggle ON Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
        R2="Toggle OFF Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
        R3="Toggle ON Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
        R4="Toggle OFF Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
        R5="Quit"
        echo -e "\n****************"
        echo "Firewall App 1.0"
        echo "****************"
        PROMPT1="Main menu: select a number 1-5: "
        PS3="${PROMPT1}"
        select MAINMENU in "$R1" "$R2" "$R3" "$R4" "$R5"
        do
            case ${MAINMENU} in
            $R1)
                toggle "ON" "uni"
                break;;
            $R2)
                toggle "OFF" "uni"
                break;;
            $R3)
                toggle "ON" "bi"
                break;;
            $R4)
                toggle "OFF" "bi"
                break;;
            $R5)
                echo "Goodbye!"
                exit 0;;
            *)
                echo "You did not enter a valid choice! Please re-try!"
                continue;;
            esac
        done
    done
}
main_menu
When you run that script, it will present a menu like this:
Code:
****************
Firewall App 1.0
****************
1) Toggle ON Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection
2) Toggle OFF Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection
3) Toggle ON Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection
4) Toggle OFF Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection
5) Quit
Main menu: select a number 1-5:
__________________
OS: Fedora 26 x86_64 | Machine: HP Pavilion a6130n | CPU: AMD 64 X2 Dual-Core 5000+ 2.6GHz | RAM: 7GB PC5300 DDR2 | Disk: 400GB SATA | Video: ATI Radeon HD 4350 512MB | Sound: Realtek ALC888S | Ethernet: Realtek RTL8201N
Reply With Quote
  #12  
Old 1st May 2017, 09:53 AM
User808 Offline
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 639
linuxfedorafirefox
Re: How can I make this script ask me for rules from within itself?

The script completed, finalized & posted (correctly by use the # control) as a guide at following link:

http://www.forums.fedoraforum.org/sh...54#post1786454

Just copy/past script from above link, as it.
__________________
Fedora 26 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)
Reply With Quote
Reply

Tags
make, rules, script

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do Iptables rules correspond with Dynamic Firewall rules and vice versa? Cylinder57 Security and Privacy 1 18th April 2012 11:48 AM
How can I make an 'Application' from a script? GrayFox Using Fedora 2 16th June 2011 07:39 PM
make: *** No rule to make target `Rules.make'. Stop. idk666 Using Fedora 21 7th March 2007 12:08 AM
how do I make a shell script? I-1 Using Fedora 2 4th May 2005 08:43 PM


Current GMT-time: 00:30 (Sunday, 20-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat