Showing posts with label How to Secure IP Binding for Linux. Show all posts
Showing posts with label How to Secure IP Binding for Linux. Show all posts

Friday, May 3, 2013

How to Secure IP Binding for Linux

For more info and other scripts regarding IP binding on linux, please see:



This script allows Secure IP Binding for Linux:

#!/bin/bash

cd `dirname $0`
if $1 == '-l'
then
  curl -s "http://vpn.hidemyass.com/vpnconfig/countries.php"
else
  sudo iptables -F

  COUNTRY=`echo $1 | sed 's/ /+/g'`
  curl -s "http://vpn.hidemyass.com/vpnconfig/client_config.php?win=1&loc=$COUNTRY"
> client.cfg

# Allow traffic to any HMA server.
  for remote in `cat client.cfg | awk '/remote [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { print $2; }'`;
  do
    REMOTE_IP=`echo $remote | cut -d ':' -f 1`
    sudo iptables -A INPUT -s $REMOTE_IP -j ACCEPT
  done


  # Allow local traffic.
  sudo iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
  sudo iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT
  sudo iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT

  # Disallow everything else.
  sudo iptables -A INPUT ! -i tun+ -j DROP

# Allow traffic from any HMA server.
  for remote in `cat client.cfg | awk '/remote [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/ { print $2; }'`;
  do
    REMOTE_IP=`echo $remote | cut -d ':' -f 1`
    sudo iptables -A OUTPUT -d $REMOTE_IP -j ACCEPT
  done


  # Allow local traffic.
  sudo iptables -A OUTPUT -d 10.0.0.0/8 -j ACCEPT
  sudo iptables -A OUTPUT -d 172.16.0.0/12 -j ACCEPT
  sudo iptables -A OUTPUT -d 192.168.0.0/16 -j ACCEPT

  # Disallow everything else.
  sudo iptables -A OUTPUT ! -o tun+ -j DROP

  sudo openvpn --config client.cfg --auth-user-pass client.cred --daemon
fi

Note that this Script requires a username/password auth-user-pass file called "client.cred" in the working directory of the script.

It should be formatted thusly:
YourUserName
YourPassword

Type "man openvpn" for more information.