efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

ufw - extend fritzbox denials

Browse Source
This commit is contained in:
Martin Winkler
2022-12-19 22:42:55 +01:00
parent 36f510b60a
commit 8caab25964
1 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
seqs/ufw.sh
View File

@@ -47,7 +47,7 @@ step_20() {
exe ufw allow 4190/tcp comment 'Managesieve' exe ufw allow 4190/tcp comment 'Managesieve'
} }
step_22_info() { echo "Deny multicast from gateway"; } step_22_info() { echo "Deny multicast from gateway and fritzbox webcheck"; }
step_22_options() { echo "[IP]"; } step_22_options() { echo "[IP]"; }
step_22_alias() { echo "multicast"; } step_22_alias() { echo "multicast"; }
step_22() { step_22() {
@@ -59,17 +59,24 @@ step_22() {
exe ufw deny in from "${1}" to 224.0.0.0/4 comment 'Broadcast Fritzbox' exe ufw deny in from "${1}" to 224.0.0.0/4 comment 'Broadcast Fritzbox'
exe ufw deny in from "${1}" to 239.0.0.0/8 comment 'Broadcast Fritzbox' exe ufw deny in from "${1}" to 239.0.0.0/8 comment 'Broadcast Fritzbox'
exe ufw deny in from "${1}" to any port 80 proto tcp commen 'Webcheck Fritzbox'
} }
step_24_info() { step_23_info() { echo "Deny IPv6 multicast"; }
step_23_alias() { echo "multicast6"; }
step_23() {
exe ufw deny in from any to ff02::/16 port 53805 proto udp comment 'Multicast link local'
}
step_26_info() {
echo "Allow cifs mounts on eth0" echo "Allow cifs mounts on eth0"
echoinfo " [PORT] (default 445)" echoinfo " [PORT] (default 445)"
echoinfo " 139 : Cifs version 1.0" echoinfo " 139 : Cifs version 1.0"
echoinfo " 445 : Cifs version 2.0+" echoinfo " 445 : Cifs version 2.0+"
} }
step_24_options() { echo "<FILE SERVER IP|RANGE> [PORT]"; } step_26_options() { echo "<FILE SERVER IP|RANGE> [PORT]"; }
step_24_alias() { echo "cifs"; } step_26_alias() { echo "cifs"; }
step_24() { step_26() {
shift shift
local destIp=${1:-} local destIp=${1:-}
local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$' local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
@@ -91,9 +98,9 @@ step_24() {
exe ufw allow out on eth0 to "${destIp}" port "${destPort}" proto tcp comment "samba/cifs" exe ufw allow out on eth0 to "${destIp}" port "${destPort}" proto tcp comment "samba/cifs"
} }
step_26_info() { echo "Basic secure VPN setup"; } step_28_info() { echo "Basic secure VPN setup"; }
step_26_alias() { echo "vpn"; } step_28_alias() { echo "vpn"; }
step_26() { step_28() {
exe ufw --force reset exe ufw --force reset
exe ufw allow in on eth0 to any port 22 comment "ssh" exe ufw allow in on eth0 to any port 22 comment "ssh"
exe ufw default deny incoming exe ufw default deny incoming