From b90dbce551d5269307a0e0f4b79da1daf4d39cef Mon Sep 17 00:00:00 2001 From: Kshitij Date: Mon, 8 Sep 2025 05:30:09 +0530 Subject: [PATCH] Completed revamped the firewall script. - Taking input params while executing the script instead of choosing an option. - Created separate functions for each profile. - Calling profile functions in switch-case now. --- firewall.sh | 150 ++++++++++++++++++++++++++++++++++------------------ 1 file changed, 99 insertions(+), 51 deletions(-) diff --git a/firewall.sh b/firewall.sh index d7ee3d5..014ffd8 100755 --- a/firewall.sh +++ b/firewall.sh @@ -1,56 +1,104 @@ #!/bin/bash -echo -e "--- MAIN MENU ---\n1. Home profile\n2. Public profile\n3. PANIC MODE\n4. Exit" -read -p "Choose an option: " optn +INPUT_PARAM=$1 line="--------------------------------------------" -case $optn in - 1) # Home profile - for i in {0..5} - do - yes | sudo ufw delete 1 - done - sudo ufw default deny incoming - sudo ufw default allow outgoing - sudo ufw status verbose - sudo ufw allow in from any to any port 1714:1764 proto tcp # KDE TCP - sudo ufw allow in from any to any port 1714:1764 proto udp # KDE UDP - sudo ufw allow in from 192.168.219.0/24 to any port 22000 # Syncthing TCP - sudo ufw allow in from 192.168.219.0/24 to any port 21027 proto udp # Syncthing UDP - sudo ufw reload - echo "$line" - sudo ufw status verbose - echo "$line" - ;; - 2) # Public profile - for i in {0..5} - do - yes | sudo ufw delete 1 - done - sudo ufw default deny incoming - sudo ufw default allow outgoing - sudo ufw reload - echo "$line" - sudo ufw status verbose - echo "$line" - ;; - 3) # Panic mode - for i in {0..7} - do - yes | sudo ufw delete 1 - done - sudo ufw default deny incoming - sudo ufw default deny outgoing - sudo ufw reload - echo "$line" - sudo ufw status verbose - echo "$line" - ;; - 4) # Exit - echo '## END OF SCRIPT' - exit 0 - ;; - *) # Default - echo 'Please choose a valid option (1-4).' - ;; +# param check +if [ -z "$1" ]; then + echo -e "No parameter passed.\nAvailable parameters are:\n\thome -> Switches to home profile\n\tpublic -> Switches to public profile\n\tpanic -> Switches to PANIC profile (blocks all incoming, outgoing and routed connections)" + exit 1 +fi + +existing_check() { + + if [ $(sudo ufw status | wc -l) -gt 1 ] && sudo ufw status | grep -q "ALLOW"; then + echo 'Existing rules found. Deleting...' + while true; do + yes | sudo ufw delete 1 + if [ $(sudo ufw status | wc -l) -eq 1 ]; then + echo 'Deleted all existing allowed connections.' + break + fi + done + return 0 + else + return 0 + fi + + return 1 + +} + +home() { + echo -e "Applying home profile...\n$line" + + existing_check + status=$? + if [ $status -eq 0 ]; then + sudo ufw default deny incoming + sudo ufw default allow outgoing + sudo ufw status verbose + sudo ufw allow in from any to any port 1714:1764 proto tcp # KDE TCP + sudo ufw allow in from any to any port 1714:1764 proto udp # KDE UDP + sudo ufw allow in from 192.168.255.0/24 to any port 22000 # Syncthing TCP + sudo ufw allow in from 192.168.255.0/24 to any port 21027 proto udp # Syncthing UDP + sudo ufw reload + echo "$line" + sudo ufw status verbose + echo "$line" + echo -e "Home profile applied." + else + echo 'Something went wrong' + exit 1 + fi +} + +public() { + echo -e "Applying public profile...\n$line" + + existing_check + status=$? + if [ $status -eq 0 ]; then + sudo ufw default deny incoming + sudo ufw default allow outgoing + sudo ufw reload + echo "$line" + sudo ufw status verbose + echo "$line" + echo 'Applied public profile.' + else + echo 'Something went wrong' + exit 1 + fi +} + +panic() { + echo -e "Appling PANIC profile...\n$line" + + existing_check + status=$? + if [ $status -eq 0 ]; then + sudo ufw default deny incoming + sudo ufw default deny outgoing + sudo ufw reload + echo "$line" + sudo ufw status verbose + echo "$line" + echo 'PANIC profile applied.' + else + echo 'Something went wrong' + exit 1 + fi +} + +case ${INPUT_PARAM,,} in + home) + home + ;; + public) + public + ;; + panic) + panic + ;; esac