efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

ufw - Adapt to new sequencer

Browse Source
This commit is contained in:
Martin Winkler
2022-08-16 17:15:30 +02:00
parent 3130670809
commit ec3c35483f
1 changed files with 30 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
seqs/ufw.sh
View File

@@ -3,28 +3,31 @@
toolName=ufw toolName=ufw
toolDeps=$toolName toolDeps=$toolName
# Get script working directory sq_aptOpt=
# (when called from a different directory) #sq_config=0
WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
CONFIG=0
CONFIG_FILE_NAME="${toolName}.cfg"
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
#step_config() { step_config() {
# initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE" #if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?} ; then
# if [ $? -eq 0 ] ; then # sq_config=1
# CONFIG=1 #else
# # End if no configuration file exists
# dry || return 1
#fi #fi
#} ## Apt cmdline option to suppress user interaction
interactive || sq_aptOpt="-y"
## Disable error checks if external scripts are used
## e.g. error on unbound variables
#disableErrorCheck
## Return of non zero value will abort the sequence
return 0
}
step_1_info() { echo "Install $toolName and allow ssh access"; } step_1_info() { echo "Install $toolName and allow ssh access"; }
step_1_alias() { echo "install"; } step_1_alias() { echo "install"; }
step_1() { step_1() {
local aptOpt= exe apt install $toolDeps ${sq_aptOpt}
if quiet;then
aptOpt="-y"
fi
exe apt install $toolDeps $aptOpt
exe ufw allow ssh exe ufw allow ssh
} }
@@ -48,13 +51,13 @@ step_22_info() { echoinfoArgs "[IP]"; echo "Deny multicast from gateway"; }
step_22_alias() { echo "multicast"; } step_22_alias() { echo "multicast"; }
step_22() { step_22() {
shift shift
if [ -z $1 ] ; then if [ -z "${1:-}" ] ; then
error -e "No [IP} specified" error -e "No [IP} specified"
return 1 return 1
fi fi
exe ufw deny in from $1 to 224.0.0.0/4 comment 'Broadcast Fritzbox' exe ufw deny in from "${1}" to 224.0.0.0/4 comment 'Broadcast Fritzbox'
exe ufw deny in from $1 to 239.0.0.0/8 comment 'Broadcast Fritzbox' exe ufw deny in from "${1}" to 239.0.0.0/8 comment 'Broadcast Fritzbox'
} }
step_24_info() { step_24_info() {
@@ -67,24 +70,24 @@ step_24_info() {
step_24_alias() { echo "cifs"; } step_24_alias() { echo "cifs"; }
step_24() { step_24() {
shift shift
local destIp=$1 local destIp=${1:-}
local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$' local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
endCheckEmpty destIp "No IP provided" endCheckEmpty destIp "No IP provided"
if [[ ! $1 =~ $ipregex ]]; then if [[ ! ${1:-} =~ $ipregex ]]; then
error "No valid IP provided" error "No valid IP provided"
return 1 return 1
fi fi
local destPort=445 local destPort=445
case "$2" in case "${2:-}" in
139|445) 139|445)
destPort=$2;; destPort="${2}";;
"");; # Set default "");; # Set default
*) *)
error -e "Invalid port." error -e "Invalid port."
return 1;; return 1;;
esac esac
exe ufw allow out on eth0 to $destIp port $destPort proto tcp comment "samba/cifs" exe ufw allow out on eth0 to "${destIp}" port "${destPort}" proto tcp comment "samba/cifs"
} }
step_26_info() { echo "Basic secure VPN setup"; } step_26_info() { echo "Basic secure VPN setup"; }
@@ -107,5 +110,7 @@ step_26() {
exe ufw status verbose exe ufw status verbose
} }
# shellcheck disable=SC2034 # Appears unused
readonly sqr_minVersion=16 readonly sqr_minVersion=16
# shellcheck disable=SC1091 # Don't follow this source
. /usr/local/bin/sequencer.sh . /usr/local/bin/sequencer.sh