Sequence to install and do a basic setup for the firewall ufw

2021-01-14 21:14:58 +01:00
parent 9c9af7f7f4
commit c690c173eb
1 changed files with 65 additions and 0 deletions
--- a/seqs/ufw.sh
+++ b/seqs/ufw.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+toolName=ufw
+toolDeps=$toolName
+
+# Get script working directory
+# (when called from a different directory)
+WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
+CONFIG=0
+CONFIG_FILE_NAME="${toolName}.cfg"
+CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
+
+#step_config() {
+#  echo "Called once before executing steps."
+  ## e.g. to source a config file manually:
+  #. "$CONFIG_FILE"
+  ## or to use sequencer api:
+  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
+  #if [ $? -eq 0 ] ; then
+  #  CONFIG=1
+  #fi
+#}
+
+step_1_info() { echo "Install $toolName and allow ssh access"; }
+step_1_alias() { ALIAS="install"; }
+step_1() {
+  local aptOpt=
+  if [ $QUIET -ne 0 ];then
+    aptOpt="-y"
+  fi
+  exe apt install $toolDeps $aptOpt
+  exe ufw allow ssh
+}
+
+step_2_info() { echo "Enable $toolName"; }
+step_2() {
+  exe ufw enable
+}
+
+step_20_info() { echo "Enable mail server essentials"; }
+step_20_alias() { ALIAS="mailserver"; }
+step_20() {
+  exe ufw allow "Postfix"
+  exe ufw allow "Postfix SMTPS"
+  exe ufw allow "Dovecot Secure IMAP"
+  exe ufw allow "WWW Secure"
+  # Manage sieve
+  exe ufw allow 4190/tcp
+}
+
+step_22_info() { echo "Deny multicast from gateway [IP]"; }
+step_22_alias() { ALIAS="multicast"; }
+step_22() {
+  shift
+  if [ -z $1 ] ; then
+    echoerr " [E] No [IP} specified"
+    return 1
+  fi
+
+  exe ufw deny in from $1 to 224.0.0.0/4
+  exe ufw deny in from $1 to 239.0.0.0/8
+}
+
+VERSION_SEQREV=11
+. /usr/local/bin/sequencer.sh