Completed revamped the firewall script.

- Taking input params while executing the script instead of choosing an option. - Created separate functions for each profile. - Calling profile functions in switch-case now.
2025-09-08 05:30:09 +05:30
parent e6ddddd369
commit b90dbce551
1 changed files with 99 additions and 51 deletions
@@ -1,56 +1,104 @@
 #!/bin/bash
-echo -e "--- MAIN MENU ---\n1. Home profile\n2. Public profile\n3. PANIC MODE\n4. Exit"
+INPUT_PARAM=$1
 read -p "Choose an option: " optn
 line="--------------------------------------------"
-case $optn in
+# param check
-	1) # Home profile
+if [ -z "$1" ]; then
-		for i in {0..5}
+  echo -e "No parameter passed.\nAvailable parameters are:\n\thome -> Switches to home profile\n\tpublic -> Switches to public profile\n\tpanic -> Switches to PANIC profile (blocks all incoming, outgoing and routed connections)"
-		do
+  exit 1
-			yes | sudo ufw delete 1
+fi
-		done
+
-		sudo ufw default deny incoming
+existing_check() {
-		sudo ufw default allow outgoing
+
-		sudo ufw status verbose
+  if [ $(sudo ufw status | wc -l) -gt 1 ] && sudo ufw status | grep -q "ALLOW"; then
-		sudo ufw allow in from any to any port 1714:1764 proto tcp # KDE TCP
+     echo 'Existing rules found. Deleting...'
-		sudo ufw allow in from any to any port 1714:1764 proto udp # KDE UDP
+     while true; do
-		sudo ufw allow in from 192.168.219.0/24 to any port 22000 # Syncthing TCP
+       yes | sudo ufw delete 1
-		sudo ufw allow in from 192.168.219.0/24 to any port 21027 proto udp # Syncthing UDP
+       if [ $(sudo ufw status | wc -l) -eq 1 ]; then
-		sudo ufw reload
+         echo 'Deleted all existing allowed connections.'
-		echo "$line"
+         break
-		sudo ufw status verbose
+       fi
-		echo "$line"
+     done
-		;;
+     return 0
-	2) # Public profile
+   else
-		for i in {0..5}
+     return 0
-		do
+   fi
-			yes | sudo ufw delete 1
+
-		done
+  return 1
-		sudo ufw default deny incoming
+
-		sudo ufw default allow outgoing
+}
-		sudo ufw reload
+
-		echo "$line"
+home() {
-		sudo ufw status verbose
+  echo -e "Applying home profile...\n$line"
-		echo "$line"
+
-		;;
+  existing_check
-	3) # Panic mode
+  status=$?
-		for i in {0..7}
+  if [ $status -eq 0 ]; then
-		do
+	  sudo ufw default deny incoming
-			yes | sudo ufw delete 1
+	  sudo ufw default allow outgoing
-		done
+	  sudo ufw status verbose
-		sudo ufw default deny incoming
+	  sudo ufw allow in from any to any port 1714:1764 proto tcp # KDE TCP
-		sudo ufw default deny outgoing
+	  sudo ufw allow in from any to any port 1714:1764 proto udp # KDE UDP
-		sudo ufw reload
+	  sudo ufw allow in from 192.168.255.0/24 to any port 22000 # Syncthing TCP
-		echo "$line"
+	  sudo ufw allow in from 192.168.255.0/24 to any port 21027 proto udp # Syncthing UDP
-		sudo ufw status verbose
+	  sudo ufw reload
-		echo "$line"
+	  echo "$line"
-		;;
+	  sudo ufw status verbose
-	4) # Exit
+	  echo "$line"
-		echo '## END OF SCRIPT'
+    echo -e "Home profile applied."
-		exit 0
+  else
-		;;
+    echo 'Something went wrong'
-	*) # Default
+    exit 1
-		echo 'Please choose a valid option (1-4).'
+  fi
-		;;
+}
 public() {
   echo -e "Applying public profile...\n$line"
  existing_check
  status=$?
  if [ $status -eq 0 ]; then
  	sudo ufw default deny incoming
  	sudo ufw default allow outgoing
  	sudo ufw reload
  	echo "$line"
  	sudo ufw status verbose
  	echo "$line"
    echo 'Applied public profile.'
  else
    echo 'Something went wrong'
    exit 1
  fi
 }
 panic() {
  echo -e "Appling PANIC profile...\n$line"
  existing_check
  status=$?
  if [ $status -eq 0 ]; then
  	sudo ufw default deny incoming
  	sudo ufw default deny outgoing
  	sudo ufw reload
  	echo "$line"
  	sudo ufw status verbose
  	echo "$line"
    echo 'PANIC profile applied.'
  else
    echo 'Something went wrong'
    exit 1
  fi
 }
 case ${INPUT_PARAM,,} in
  home)
    home
    ;;
  public)
    public
    ;;
  panic)
    panic
    ;;
 esac