Enhanced step for cifs

Reduced basic secure VPN setup
2021-03-29 00:09:16 +02:00
parent bb19a0f8ad
commit dfae33ff23
1 changed files with 23 additions and 6 deletions
--- a/seqs/ufw.sh
+++ b/seqs/ufw.sh
@@ -57,16 +57,33 @@ step_22() {
  exe ufw deny in from $1 to 239.0.0.0/8 comment 'Broadcast Fritzbox'
 }
-step_24_info() { echo "Allow cifs mounts [FILE SERVER IP|RANGE]"; }
+step_24_info() { 
  echo "Allow cifs mounts on eth0 to <FILE SERVER IP|RANGE> [PORT]"
  echoinfo " [PORT] (default 445)"
  echoinfo "  139  : Cifs version 1.0"
  echoinfo "  445  : Cifs version 2.0+"
 }
 step_24_alias() { ALIAS="cifs"; }
 step_24() {
  shift
  local destIp=$1
-  endReturn -o $? "No IP provided"
+  local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
  endCheckEmpty destIp "No IP provided"
  if [[ ! $1 =~ $ipregex ]]; then
    echoseq " [E] No valid IP provided"
    return 1
  fi
  local destPort=445
  case "$2" in
    139|445)
      destPort=$2;;
    "");; # Set default
    *)
      echoerr " [E] Invalid port."
      return 1;;
  esac
-  exe ufw allow out on eth0 to $destIp port 139 proto tcp comment "samba/cifs"
+  exe ufw allow out on eth0 to $destIp port $destPort proto tcp comment "samba/cifs"
  # Allow cifs mounts from IP addresses for newer cifs versions
  exe ufw allow out on eth0 to $destIp port 445 proto tcp comment "samba/cifs"
 }
 step_26_info() { echo "Basic secure VPN setup"; }
@@ -83,7 +100,7 @@ step_26() {
  # Allow access to socks proxy dante
  exe ufw allow in on eth0 to any port 1080 comment "socks5 proxy danted"
  # Allow access to http proxy privoxy
-  exe ufw allow in on eth0 to any port 8118 comment "http proxy privoxy"
+  #exe ufw allow in on eth0 to any port 8118 comment "http proxy privoxy"
  exe ufw enable
  exe ufw status verbose