A free, open, self-hosted app platform (GNU AGPLv3): one-click app deploys, Traefik reverse proxy with automatic SSL, rootless Docker support, gluetun VPN routing, and a web dashboard to manage it all. Free & open forever to self-host; optional paid hosted services fund it. See PROMISE.md. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
88 lines
3.3 KiB
Bash
Executable File
88 lines
3.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
firewallInitialSetup()
|
|
{
|
|
# Allow specific port through the firewall
|
|
if [[ "$firewallallowport" == [yY] ]]; then
|
|
echo ""
|
|
echo "---- Allow specific port through the firewall :"
|
|
echo ""
|
|
while true; do
|
|
isQuestion "Please enter the port you would like to open (enter 'x' to exit): "
|
|
read -p "" firewallallowport_port
|
|
if [[ "$firewallallowport_port" == [xX] ]]; then
|
|
isNotice "Exiting..."
|
|
break
|
|
fi
|
|
if [[ "$firewallallowport_port" =~ ^[0-9]+$ && $firewallallowport_port -ge 1 && $firewallallowport_port -le 65535 ]]; then
|
|
local result=$(sudo ufw allow "$firewallallowport_port")
|
|
checkSuccess "Opening port $firewallallowport_port in the UFW Firewall"
|
|
break
|
|
fi
|
|
isNotice "Please provide a valid port number between 1 and 65535 or enter 'x' to exit."
|
|
done
|
|
fi
|
|
|
|
# Block specific port through the firewall
|
|
if [[ "$firewallblockport" == [yY] ]]; then
|
|
echo ""
|
|
echo "---- Block specific port through the firewall :"
|
|
echo ""
|
|
while true; do
|
|
isQuestion "Please enter the port you would like to block (enter 'x' to exit): "
|
|
read -p "" firewallblockport_port
|
|
if [[ "$firewallblockport_port" == [xX] ]]; then
|
|
isNotice "Exiting..."
|
|
break
|
|
fi
|
|
if [[ "$firewallblockport_port" =~ ^[0-9]+$ && $firewallblockport_port -ge 1 && $firewallblockport_port -le 65535 ]]; then
|
|
local result=$(sudo ufw deny "$firewallblockport_port")
|
|
checkSuccess "Blocking port $firewallblockport_port in the UFW Firewall"
|
|
break
|
|
fi
|
|
isNotice "Please provide a valid port number between 1 and 65535 or enter 'x' to exit."
|
|
done
|
|
fi
|
|
|
|
# Block port 22 (SSH)
|
|
if [[ "$firewallblock22" == [yY] ]]; then
|
|
echo ""
|
|
echo "---- Block port 22 (SSH) :"
|
|
echo ""
|
|
local result=$(sudo ufw deny 22)
|
|
checkSuccess "Disabling Port 22 through the firewall"
|
|
local result=$(sudo ufw deny ssh)
|
|
checkSuccess "Disabling SSH through the firewall"
|
|
fi
|
|
|
|
# Allow port 22 (SSH)
|
|
if [[ "$firewallallow22" == [yY] ]]; then
|
|
echo ""
|
|
echo "---- Allow port 22 (SSH) :"
|
|
echo ""
|
|
local result=$(sudo ufw allow 22)
|
|
checkSuccess "Allowing Port 22 through the firewall"
|
|
local result=$(sudo ufw allow ssh)
|
|
checkSuccess "Allowing SSH through the firewall"
|
|
fi
|
|
|
|
# Update logging type for UFW based on Config
|
|
if [[ "$firewallchangelogging" == [yY] ]]; then
|
|
echo ""
|
|
echo "---- Update logging type for UFW based on Config :"
|
|
echo ""
|
|
# Check if CFG_UFW_LOGGING is a valid UFW logging type
|
|
case "$CFG_UFW_LOGGING" in
|
|
on|off|low|medium|high|full)
|
|
# Valid logging type
|
|
local result=$(yes | sudo ufw logging $CFG_UFW_LOGGING)
|
|
checkSuccess "Updating UFW Firewall Logging to $CFG_UFW_LOGGING"
|
|
;;
|
|
*)
|
|
# Invalid logging type
|
|
isError "Invalid UFW logging type. Please set CFG_UFW_LOGGING to on, off, low, medium, high, or full."
|
|
;;
|
|
esac
|
|
fi
|
|
}
|