-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrc.local
executable file
·51 lines (46 loc) · 1.59 KB
/
rc.local
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
. /lib/lsb/init-functions
LOG=/tmp/rc.log
SUCCESS=false
COUNT=0
ADDR=$(ip addr show br0 | egrep -o "inet [0-9\.]+" | cut -d' ' -f2)
echo "Booting..." > $LOG
while [ $COUNT -lt 10 ]; do
echo "[count: $COUNT]: Trying to download payload from userdata..." >> $LOG
wget --header="X-Forwarded-For: $ADDR" http://169.254.169.254/latest/user-data -O /tmp/payload.b64 && SUCCESS=true
[ $SUCCESS = true ] && break
COUNT=`expr $COUNT + 1`
sleep 5
done
#echo "Sending Gratuitous ARP..." >> $LOG
#arpsend -U -i $ADDR br0 -c 1
if [ $SUCCESS = true ]; then
echo "Decrypting base64 payload" >> $LOG
openssl enc -d -base64 -in /tmp/payload.b64 -out /tmp/payload.zip
mkdir -p /tmp/payload
echo Unzipping payload file >> $LOG
unzip -o /tmp/payload.zip -d /tmp/payload/
fi
if [ -e /tmp/payload/autorun.sh ]; then
echo Running autorun.sh >> $LOG
cd /tmp/payload
sh /tmp/payload/autorun.sh
else
echo rc.local : No autorun script to run >> $LOG
fi
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i tun0 -d 192.168.0.0/32 -j DROP
iptables -A INPUT -i tun0 -j DROP
iptables -A INPUT -p TCP --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p UDP --dport 1194 -i eth0 -j ACCEPT
iptables -A INPUT -i eth0 -j DROP
iptables -A FORWARD -i tun0 -d 10.0.0.1 -p TCP --dport 80 -j ACCEPT
iptables -A FORWARD -i tun0 -d 10.0.0.1 -p TCP --dport 443 -j ACCEPT
iptables -A FORWARD -i tun0 -d 10.0.0.1 -p icmp --icmp-type echo-request -j ACCEPT
iptables -A FORWARD -i tun0 -d 10.0.0.1 -j DROP
exit 0