efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Files
master
shell_sequencer/seqs/ufw.sh

112 lines
2.8 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
toolName=ufw
toolDeps=$toolName
# Get script working directory
# (when called from a different directory)
WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
CONFIG=0
CONFIG_FILE_NAME="${toolName}.cfg"
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
#step_config() {
# initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
# if [ $? -eq 0 ] ; then
# CONFIG=1
# fi
#}
step_1_info() { echo "Install $toolName and allow ssh access"; }
step_1_alias() { ALIAS="install"; }
step_1() {
local aptOpt=
if [ $QUIET -ne 0 ];then
aptOpt="-y"
fi
exe apt install $toolDeps $aptOpt
exe ufw allow ssh
}
step_2_info() { echo "Enable $toolName"; }
step_2() {
exe ufw enable
}
step_20_info() { echo "Enable mail server essentials"; }
step_20_alias() { ALIAS="mailserver"; }
step_20() {
exe ufw allow "Postfix"
exe ufw allow "Postfix SMTPS"
exe ufw allow "Dovecot Secure IMAP"
exe ufw allow "WWW Secure"
# Manage sieve
exe ufw allow 4190/tcp comment 'Managesieve'
}
step_22_info() { echoinfoArgs "[IP]"; echo "Deny multicast from gateway"; }
step_22_alias() { ALIAS="multicast"; }
step_22() {
shift
if [ -z $1 ] ; then
echoerr " [E] No [IP} specified"
return 1
fi
exe ufw deny in from $1 to 224.0.0.0/4 comment 'Broadcast Fritzbox'
exe ufw deny in from $1 to 239.0.0.0/8 comment 'Broadcast Fritzbox'
}
step_24_info() {
echoinfoArgs "<FILE SERVER IP|RANGE> [PORT]"
echo "Allow cifs mounts on eth0"
echoinfo " [PORT] (default 445)"
echoinfo " 139 : Cifs version 1.0"
echoinfo " 445 : Cifs version 2.0+"
}
step_24_alias() { ALIAS="cifs"; }
step_24() {
shift
local destIp=$1
local ipregex='^[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\.[0-2]*[0-9]{1,2}\/*[0-9]*$'
endCheckEmpty destIp "No IP provided"
if [[ ! $1 =~ $ipregex ]]; then
echoseq " [E] No valid IP provided"
return 1
fi
local destPort=445
case "$2" in
139|445)
destPort=$2;;
"");; # Set default
*)
echoerr " [E] Invalid port."
return 1;;
esac
exe ufw allow out on eth0 to $destIp port $destPort proto tcp comment "samba/cifs"
}
step_26_info() { echo "Basic secure VPN setup"; }
step_26_alias() { ALIAS="vpn"; }
step_26() {
exe ufw --force reset
exe ufw allow in on eth0 to any port 22 comment "ssh"
exe ufw default deny incoming
exe ufw default deny outgoing
exe ufw allow out on tun0
# Initial openvpn connection
exe ufw allow out on eth0 to any port 1194 proto udp comment "openvpn default"
# Allow access to socks proxy dante
exe ufw allow in on eth0 to any port 1080 comment "socks5 proxy danted"
# Allow access to http proxy privoxy
#exe ufw allow in on eth0 to any port 8118 comment "http proxy privoxy"
exe ufw enable
exe ufw status verbose
}
VERSION_SEQREV=14
. /usr/local/bin/sequencer.sh
Reference in New Issue View Git Blame Copy Permalink