#!/bin/bash # ============================================================================= # Firewall configuration module # ============================================================================= # Set script directory SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # Source common functions and variables source "./common.sh" # Function to configure UFW configure_ufw() { log_message "INFO" "Configuring UFW firewall" # Check if UFW is installed if ! command_exists ufw; then log_message "INFO" "Installing UFW" apt-get install -y ufw if [ $? -ne 0 ]; then log_message "ERROR" "Failed to install UFW" return 1 fi fi # Reset UFW to default settings log_message "INFO" "Resetting UFW to default settings" ufw --force reset # Set default policies log_message "INFO" "IPv4 : Setting default UFW policies" ufw default deny incoming ufw default allow outgoing # Allow SSH on custom port log_message "INFO" "IPv4 : Allowing SSH on port 22" ufw allow 22/tcp # Allow HTTP/HTTPS for web services if needed log_message "INFO" "IPv4 : Allowing HTTP/HTTPS ports" #ufw allow 80/tcp #ufw allow 443/tcp # Allow SNMP for monitoring log_message "INFO" "IPv4 : Allowing SNMP port for monitoring" ufw allow 161/udp # Allow NRPE for monitoring log_message "INFO" "IPv4 : Allowing NRPE port for monitoring" ufw allow 5666/tcp # Allow IPv6 if needed log_message "INFO" "IPv6 : Setting default UFW policies" ufw allow in on lo ufw allow out on lo ufw deny in from ::/0 ufw allow out to ::/0 # Enable log log_message "INFO" "Enabling logging for UFW" ufw logging on # Enable UFW log_message "INFO" "Enabling UFW" echo "y" | ufw enable if [ $? -eq 0 ]; then log_message "SUCCESS" "UFW enabled successfully" else log_message "ERROR" "Failed to enable UFW" return 1 fi # Show UFW status log_message "INFO" "UFW status:" ufw status verbose } # log_message "SCRIPT" "fivewall.sh" # Main execution for firewall configure_ufw log_message "SUCCESS" "Firewall configuration completed"