Good : full update
This commit is contained in:
83
modules/firewall.sh
Normal file
83
modules/firewall.sh
Normal file
@ -0,0 +1,83 @@
|
||||
#!/bin/bash
|
||||
# =============================================================================
|
||||
# Firewall configuration module
|
||||
# =============================================================================
|
||||
|
||||
# Set script directory
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
||||
|
||||
# Source common functions and variables
|
||||
source "./common.sh"
|
||||
|
||||
# Function to configure UFW
|
||||
configure_ufw() {
|
||||
log_message "INFO" "Configuring UFW firewall"
|
||||
|
||||
# Check if UFW is installed
|
||||
if ! command_exists ufw; then
|
||||
log_message "INFO" "Installing UFW"
|
||||
apt-get install -y ufw
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
log_message "ERROR" "Failed to install UFW"
|
||||
return 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Reset UFW to default settings
|
||||
log_message "INFO" "Resetting UFW to default settings"
|
||||
ufw --force reset
|
||||
|
||||
# Set default policies
|
||||
log_message "INFO" "IPv4 : Setting default UFW policies"
|
||||
ufw default deny incoming
|
||||
ufw default allow outgoing
|
||||
|
||||
# Allow SSH on custom port
|
||||
log_message "INFO" "IPv4 : Allowing SSH on port 22"
|
||||
ufw allow 22/tcp
|
||||
|
||||
# Allow HTTP/HTTPS for web services if needed
|
||||
log_message "INFO" "IPv4 : Allowing HTTP/HTTPS ports"
|
||||
ufw allow 80/tcp
|
||||
ufw allow 443/tcp
|
||||
|
||||
# Allow SNMP for monitoring
|
||||
log_message "INFO" "IPv4 : Allowing SNMP port for monitoring"
|
||||
ufw allow 161/udp
|
||||
|
||||
# Allow NRPE for monitoring
|
||||
log_message "INFO" "IPv4 : Allowing NRPE port for monitoring"
|
||||
ufw allow 5666/tcp
|
||||
|
||||
# Allow IPv6 if needed
|
||||
log_message "INFO" "IPv6 : Setting default UFW policies"
|
||||
ufw allow in on lo
|
||||
ufw allow out on lo
|
||||
ufw deny in from ::/0
|
||||
ufw allow out to ::/0
|
||||
|
||||
# Enable log
|
||||
log_message "INFO" "Enabling logging for UFW"
|
||||
ufw logging on
|
||||
|
||||
# Enable UFW
|
||||
log_message "INFO" "Enabling UFW"
|
||||
echo "y" | ufw enable
|
||||
|
||||
if [ $? -eq 0 ]; then
|
||||
log_message "SUCCESS" "UFW enabled successfully"
|
||||
else
|
||||
log_message "ERROR" "Failed to enable UFW"
|
||||
return 1
|
||||
fi
|
||||
|
||||
# Show UFW status
|
||||
log_message "INFO" "UFW status:"
|
||||
ufw status verbose
|
||||
}
|
||||
|
||||
# Main execution for firewall
|
||||
configure_ufw
|
||||
|
||||
log_message "SUCCESS" "Firewall configuration completed"
|
||||
Reference in New Issue
Block a user