#!/bin/bash

# serve, a handy shortcut for dealing with iptables
# SYNOPSIS: opens or closes ports, shows open and used ports
# USAGE: serve [+-]<port|service>
# Copyright (C) 2006-2007  Daniel Kinzler, brightbyte.de
#
#     serve                    shows open and listening TCP ports
#     serve -mysql             denies incomming TCP to mysql (port 3306)
#     serve +8080              allows incomming TCP to port 8080
#
# NOTE: assumes that the default INPUT rule is DENY, and you don't have
#       anything too fancy in your iptables
# 
# == MIT License ==
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

if [ "$1" == "-h" ]; then
	echo "USAGE: serve [[+-]<port|service>]"
	echo "SYNOPSIS: opens or closes ports, shows open and used ports"
	echo "     serve                    shows open and listening TCP ports"
	echo "     serve -mysql             denies incomming TCP to mysql (port 3306)"
	echo "     serve +8080              allows incomming TCP to port 8080"
	echo "NOTE: assumes that the default INPUT rule is DENY, and you don't have"
	echo "      anything too fancy in your iptables"
	exit 0
fi

while [ ! -z "$1" ]; do
	n=${1#-}

        if [ "$n" == "$1" ]; then
                n=${1#\+}
		iptables -A INPUT -i eth+  -p tcp --dport "$n"  -j ACCEPT
	else
                iptables -D INPUT -i eth+  -p tcp --dport "$n"  -j ACCEPT
        fi 

        shift
done

iptables -v -L INPUT | egrep '^Chain|^ *pkts| ACCEPT'

echo '============================================================================='

netstat -tunlp