scripts/script_firewall.sh at main · f1forhelp/scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
#!/bin/bash

# ---- Available Options ----
fresh_install() {
    install_ufw
    disable_default_incoming_and_outgoing
    allow_default_outgoing
    allow_ssh
    reload_ufw
    ufw_status
}

allow_default_incoming() {
    logk "i" "Allowing default incoming"
    sudo ufw default allow incoming
}

allow_default_outgoing() {
    logk "i" "Allowing default outgoing"
    sudo ufw default allow outgoing
}

allow_default_incoming_and_outgoing() {
    allow_default_incoming
    allow_default_outgoing
}

allow_ssh(){
    loge ""
    logk "i" "Enter the port number for ssh or press enter to use default (22)"
    read -r ssh_port
    if [ -z "$ssh_port" ]; then
        ssh_port=22
    fi
    logk "i" "Allowing ssh on port $ssh_port"
    sudo ufw allow $ssh_port/tcp
    reload_ufw
}

allow_postgresql(){
    loge ""
    logk "i" "Enter the port number for postgresql or press enter to use default (5432)"
    read -r postgresql_port
    if [ -z "$postgresql_port" ]; then
        postgresql_port=5432
    fi
    logk "i" "Allowing postgresql on port $postgresql_port"
    sudo ufw allow $postgresql_port/tcp
}

allow_swarm() {
    logk "i" "Enter the private ip of swarm node/worker"
    read -r swarm_ip

    # Cluster management communications
    sudo ufw allow from $swarm_ip to any port 2377 proto tcp

    # Communication among nodes (TCP & UDP)
    sudo ufw allow from $swarm_ip to any port 7946 proto tcp
    sudo ufw allow from $swarm_ip to any port 7946 proto udp

    # Overlay network traffic
    sudo ufw allow from $swarm_ip to any port 4789 proto udp

    # Optional: Docker daemon API (if using TLS)
    # sudo ufw allow from $swarm_ip to any port 2376 proto tcp
}

disable_default_incoming() {
    logk "i" "Disabling default incoming"
    sudo ufw default deny incoming
}

disable_default_outgoing() {
    logk "i" "Disabling default outgoing"
    sudo ufw default deny outgoing
}

disable_default_incoming_and_outgoing() {
    disable_default_incoming
    disable_default_outgoing
}

disable_ssh() {
    loge ""
    logk "i" "Enter the port number for ssh or press enter to use default (22)"
    read -r ssh_port
    if [ -z "$ssh_port" ]; then
        ssh_port=22
    fi
    logk "i" "Disabling ssh on port $ssh_port"
    sudo ufw delete allow $ssh_port/tcp
}

disable_postgresql() {
    loge ""
    logk "i" "Enter the port number for postgresql or press enter to use default (5432)"
    read -r postgresql_port
    if [ -z "$postgresql_port" ]; then
        postgresql_port=5432
    fi
    logk "i" "Disabling postgresql on port $postgresql_port"
    sudo ufw delete allow $postgresql_port/tcp
}

allow_tailscale() {
    logk "i" "Allowing tailscale"
    sudo ufw allow in on tailscale0
    sudo ufw allow 41641/udp
}

disable_tailscale() {
    logk "i" "Disabling tailscale"
    sudo ufw delete allow in on tailscale0
    sudo ufw delete allow 41641/udp
}

reload_ufw() {
    logk "i" "Reloading ufw"
    sudo ufw reload
}

ufw_status() {
    logk "i" "Ufw status"
    sudo ufw status
    sudo systemctl status ufw
}


# ---- Functions ----
install_ufw() {
    logk "i" "Installing ufw..."
    sudo apt-get install -y ufw
    enable_ufw
}

enable_ufw() {
    logk "i" "Enabling ufw..."
    sudo ufw enable
    # sudo systemctl enable ufw
    # sudo systemctl start ufw
    sudo systemctl enable --now ufw
    ufw_status
}

script_firewall() {
    logk "i" "Select the option for ufw"
    loge "1. Fresh System install"
    loge "2. Allow default incoming"
    loge "3. Allow default outgoing"
    loge "4. Allow default incoming and outgoing"
    loge "5. Allow ssh"
    loge "6. Allow postgresql"
    loge "7. Allow swarm"
    loge "8. Disable default incoming"
    loge "9. Disable default outgoing"
    loge "10. Disable default incoming and outgoing"
    loge "11. Disable ssh"
    loge "12. Disable postgresql"
    loge "13. Allow tailscale"
    loge "14. Disable tailscale"
    loge "15. Reload ufw"
    loge "16. Ufw status"
    loge "17. Exit"

    read -p "Enter the option: " option
    case $option in
        1) fresh_install ;;
        2) allow_default_incoming ;;
        3) allow_default_outgoing ;;
        4) allow_default_incoming_and_outgoing ;;
        5) allow_ssh ;;
        6) allow_postgresql ;;
        7) allow_swarm ;;
        8) disable_default_incoming ;;
        9) disable_default_outgoing ;;
        10) disable_default_incoming_and_outgoing ;;
        11) disable_ssh ;;
        12) disable_postgresql ;;
        13) allow_tailscale ;;
        14) disable_tailscale ;;
        15) reload_ufw ;;
        16) ufw_status ;;
        17) exit ;;
    esac

}