Add basic secure VPN setup and cifs mounts

seqs/ufw.sh

@@ -11,14 +11,10 @@ CONFIG_FILE_NAME="${toolName}.cfg"
 CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
 
 #step_config() {
-#  echo "Called once before executing steps."
+#  initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
-  ## e.g. to source a config file manually:
+#  if [ $? -eq 0 ] ; then
-  #. "$CONFIG_FILE"
+#    CONFIG=1
-  ## or to use sequencer api:
+#  fi
-  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
-  #if [ $? -eq 0 ] ; then
-  #  CONFIG=1
-  #fi
 #}
 
 step_1_info() { echo "Install $toolName and allow ssh access"; }
@@ -61,5 +57,37 @@ step_22() {
   exe ufw deny in from $1 to 239.0.0.0/8 comment 'Broadcast Fritzbox'
 }
 
-VERSION_SEQREV=11
+step_24_info() { echo "Allow cifs mounts [FILE SERVER IP|RANGE]"; }
+step_24_alias() { ALIAS="cifs"; }
+step_24() {
+  shift
+  local destIp=$1
+  endReturn -o $? "No IP provided"
+
+  exe ufw allow out on eth0 to $destIp port 139 proto tcp comment "samba/cifs"
+  # Allow cifs mounts from IP addresses for newer cifs versions
+  exe ufw allow out on eth0 to $destIp port 445 proto tcp comment "samba/cifs"
+}
+
+step_26_info() { echo "Basic secure VPN setup"; }
+step_26_alias() { ALIAS="vpn"; }
+step_26() {
+  exe ufw --force reset
+  exe ufw allow in on eth0 to any port 22 comment "ssh"
+  exe ufw default deny incoming
+  exe ufw default deny outgoing
+  exe ufw allow out on tun0
+
+  # Initial openvpn connection
+  exe ufw allow out on eth0 to any port 1194 proto udp comment "openvpn default"
+  # Allow access to socks proxy dante
+  exe ufw allow in on eth0 to any port 1080 comment "socks5 proxy danted"
+  # Allow access to http proxy privoxy
+  exe ufw allow in on eth0 to any port 8118 comment "http proxy privoxy"
+
+  exe ufw enable
+  exe ufw status verbose
+}
+
+VERSION_SEQREV=12
 . /usr/local/bin/sequencer.sh