Enhanced step for cifs

Reduced basic secure VPN setup
2021-03-29 00:09:16 +02:00
parent bb19a0f8ad
commit dfae33ff23
1 changed files with 23 additions and 6 deletions
--- a/seqs/ufw.sh
+++ b/seqs/ufw.sh
@@ -57,16 +57,33 @@ step_22() {
  exe ufw deny in from $1 to 239.0.0.0/8 comment 'Broadcast Fritzbox'
 }

-step_24_info() { echo "Allow cifs mounts [FILE SERVER IP|RANGE]"; }
+step_24_info() { 
+  echo "Allow cifs mounts on eth0 to <FILE SERVER IP|RANGE> [PORT]"
+  echoinfo " [PORT] (default 445)"
+  echoinfo "  139  : Cifs version 1.0"
+  echoinfo "  445  : Cifs version 2.0+"
+}
 step_24_alias() { ALIAS="cifs"; }
 step_24() {
  shift
  local destIp=$1
-  endReturn -o $? "No IP provided"
+  local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
+  endCheckEmpty destIp "No IP provided"
+  if [[ ! $1 =~ $ipregex ]]; then
+    echoseq " [E] No valid IP provided"
+    return 1
+  fi
+  local destPort=445
+  case "$2" in
+    139|445)
+      destPort=$2;;
+    "");; # Set default
+    *)
+      echoerr " [E] Invalid port."
+      return 1;;
+  esac

-  exe ufw allow out on eth0 to $destIp port 139 proto tcp comment "samba/cifs"
-  # Allow cifs mounts from IP addresses for newer cifs versions
-  exe ufw allow out on eth0 to $destIp port 445 proto tcp comment "samba/cifs"
+  exe ufw allow out on eth0 to $destIp port $destPort proto tcp comment "samba/cifs"
 }

 step_26_info() { echo "Basic secure VPN setup"; }
@@ -83,7 +100,7 @@ step_26() {
  # Allow access to socks proxy dante
  exe ufw allow in on eth0 to any port 1080 comment "socks5 proxy danted"
  # Allow access to http proxy privoxy
-  exe ufw allow in on eth0 to any port 8118 comment "http proxy privoxy"
+  #exe ufw allow in on eth0 to any port 8118 comment "http proxy privoxy"

  exe ufw enable
  exe ufw status verbose