forked from dalijolijo/BSD-Masternode-Setup
-
Notifications
You must be signed in to change notification settings - Fork 0
/
firewall_config.sh
executable file
·180 lines (165 loc) · 6.16 KB
/
firewall_config.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/bash
# Copyright (c) 2018 The BitSend BSD Core Developers (dalijolijo)
#set -x
#
# Setup Firewall, install further packages...
#
printf "\nSetup Firewall"
printf "\n--------------\n"
# Configuration for Fedora
if [[ $OS =~ "Fedora" ]] || [[ $OS =~ "fedora" ]] || [[ $OS =~ "CentOS" ]] || [[ $OS =~ "centos" ]]; then
FIREWALLD=0
# Check if firewalld is installed
which firewalld >/dev/null
if [ $? -eq 0 ]; then
printf "Found firewall 'firewalld' on your system.\n"
printf "Automated firewall setup will open the following ports: 22"
for PORT in "$@"
do
printf ", $PORT"
done
printf "\nDo you want to start automated firewall setup?\n"
printf "Enter [Y]es or [N]o and Hit [ENTER]: "
read FIRECONF
if [[ $FIRECONF =~ "Y" ]] || [[ $FIRECONF =~ "y" ]]; then
# Firewall settings
printf "\nSetup firewall...\n"
firewall-cmd --permanent --zone=public --add-port=22/tcp
for PORT in "$@"
do
firewall-cmd --permanent --zone=public --add-port=${PORT}/tcp
done
firewall-cmd --reload
fi
FIREWALLD=1
fi
if [ $FIREWALLD -ne 1 ]; then
# Check if ufw is installed
which ufw >/dev/null
if [ $? -ne 0 ]; then
if [[ $OS =~ "CentOS" ]] || [[ $OS =~ "centos" ]]; then
printf "${RED}Missing firewall (firewalld) on your system.${NO_COL}\n"
printf "Automated firewall setup will open the following ports: 22"
for PORT in "$@"
do
printf ", $PORT"
done
printf "\nDo you want to install firewall (firewalld) and execute automated firewall setup?\n"
printf "Enter [Y]es or [N]o and Hit [ENTER]: "
read FIRECONF
if [[ $FIRECONF =~ "Y" ]] || [[ $FIRECONF =~ "y" ]]; then
#Installation of ufw, if not installed yet
which ufw >/dev/null
if [ $? -ne 0 ];then
sudo yum install -y firewalld firewall-config
systemctl start firewalld.service
systemctl enable firewalld.service
fi
# Firewall settings
printf "\nSetup firewall...\n"
firewall-cmd --permanent --zone=public --add-port=22/tcp
for PORT in "$@"
do
firewall-cmd --permanent --zone=public --add-port=${PORT}/tcp
done
firewall-cmd --reload
fi
else
printf "${RED}Missing firewall (ufw) on your system.${NO_COL}\n"
printf "Automated firewall setup will open the following ports: 22"
for PORT in "$@"
do
printf ", $PORT"
done
printf "\nDo you want to install firewall (ufw) and execute automated firewall setup?\n"
printf "Enter [Y]es or [N]o and Hit [ENTER]: "
read FIRECONF
fi
else
printf "Found firewall 'ufw' on your system.\n"
printf "Automated firewall setup will open the following ports: 22"
for PORT in "$@"
do
printf ", $PORT"
done
printf "\nDo you want to start automated firewall setup?\n"
printf "Enter [Y]es or [N]o and Hit [ENTER]: "
read FIRECONF
fi
if [[ $FIRECONF =~ "Y" ]] || [[ $FIRECONF =~ "y" ]]; then
#Installation of ufw, if not installed yet
which ufw >/dev/null
if [ $? -ne 0 ];then
sudo yum install -y ufw
fi
# Firewall settings
printf "\nSetup firewall...\n"
ufw logging on
ufw allow 22/tcp
ufw limit 22/tcp
for PORT in "$@"
do
ufw allow ${PORT}/tcp
done
# if other services run on other ports, they will be blocked!
#ufw default deny incoming
ufw default allow outgoing
yes | ufw enable
ufw reload
fi
fi
# Configuration for Ubuntu/Debian/Mint
elif [[ $OS =~ "Ubuntu" ]] || [[ $OS =~ "ubuntu" ]] || [[ $OS =~ "Debian" ]] || [[ $OS =~ "debian" ]] || [[ $OS =~ "Mint" ]] || [[ $OS =~ "mint" ]]; then
# Check if firewall ufw is installed
which ufw >/dev/null
if [ $? -ne 0 ];then
printf "${RED}Missing firewall (ufw) on your system.${NO_COL}\n"
printf "Automated firewall setup will open the following ports: 22"
for PORT in "$@"
do
printf ", $PORT"
done
printf "\nDo you want to install firewall (ufw) and execute automated firewall setup?\n"
printf "Enter [Y]es or [N]o and Hit [ENTER]: "
read FIRECONF
else
printf "Found firewall 'ufw' on your system.\n"
printf "Automated firewall setup will open the following ports: 22"
for PORT in "$@"
do
printf ", $PORT"
done
printf "\nDo you want to start automated firewall setup?\n"
printf "Enter [Y]es or [N]o and Hit [ENTER]: "
read FIRECONF
fi
if [[ $FIRECONF =~ "Y" ]] || [[ $FIRECONF =~ "y" ]]; then
# Installation of ufw, if not installed yet
which ufw >/dev/null
if [ $? -ne 0 ];then
apt-get update
sudo apt-get install -y ufw
fi
# Firewall settings
printf "\nSetup firewall...\n"
ufw logging on
ufw allow 22/tcp
ufw limit 22/tcp
for PORT in "$@"
do
ufw allow ${PORT}/tcp
done
# if other services run on other ports, they will be blocked!
#ufw default deny incoming
ufw default allow outgoing
yes | ufw enable
ufw reload
fi
else
printf "Automated firewall setup for $OS ($VER) not supported!\n"
printf "Please open the following firewall ports manually: 22"
for PORT in "$@"
do
printf ", $PORT"
done
fi