Completed revamped the firewall script.
- Taking input params while executing the script instead of choosing an option. - Created separate functions for each profile. - Calling profile functions in switch-case now.
This commit is contained in:
+73
-25
@@ -1,56 +1,104 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo -e "--- MAIN MENU ---\n1. Home profile\n2. Public profile\n3. PANIC MODE\n4. Exit"
|
||||
read -p "Choose an option: " optn
|
||||
INPUT_PARAM=$1
|
||||
line="--------------------------------------------"
|
||||
|
||||
case $optn in
|
||||
1) # Home profile
|
||||
for i in {0..5}
|
||||
do
|
||||
# param check
|
||||
if [ -z "$1" ]; then
|
||||
echo -e "No parameter passed.\nAvailable parameters are:\n\thome -> Switches to home profile\n\tpublic -> Switches to public profile\n\tpanic -> Switches to PANIC profile (blocks all incoming, outgoing and routed connections)"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
existing_check() {
|
||||
|
||||
if [ $(sudo ufw status | wc -l) -gt 1 ] && sudo ufw status | grep -q "ALLOW"; then
|
||||
echo 'Existing rules found. Deleting...'
|
||||
while true; do
|
||||
yes | sudo ufw delete 1
|
||||
if [ $(sudo ufw status | wc -l) -eq 1 ]; then
|
||||
echo 'Deleted all existing allowed connections.'
|
||||
break
|
||||
fi
|
||||
done
|
||||
return 0
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
|
||||
return 1
|
||||
|
||||
}
|
||||
|
||||
home() {
|
||||
echo -e "Applying home profile...\n$line"
|
||||
|
||||
existing_check
|
||||
status=$?
|
||||
if [ $status -eq 0 ]; then
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default allow outgoing
|
||||
sudo ufw status verbose
|
||||
sudo ufw allow in from any to any port 1714:1764 proto tcp # KDE TCP
|
||||
sudo ufw allow in from any to any port 1714:1764 proto udp # KDE UDP
|
||||
sudo ufw allow in from 192.168.219.0/24 to any port 22000 # Syncthing TCP
|
||||
sudo ufw allow in from 192.168.219.0/24 to any port 21027 proto udp # Syncthing UDP
|
||||
sudo ufw allow in from 192.168.255.0/24 to any port 22000 # Syncthing TCP
|
||||
sudo ufw allow in from 192.168.255.0/24 to any port 21027 proto udp # Syncthing UDP
|
||||
sudo ufw reload
|
||||
echo "$line"
|
||||
sudo ufw status verbose
|
||||
echo "$line"
|
||||
;;
|
||||
2) # Public profile
|
||||
for i in {0..5}
|
||||
do
|
||||
yes | sudo ufw delete 1
|
||||
done
|
||||
echo -e "Home profile applied."
|
||||
else
|
||||
echo 'Something went wrong'
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
public() {
|
||||
echo -e "Applying public profile...\n$line"
|
||||
|
||||
existing_check
|
||||
status=$?
|
||||
if [ $status -eq 0 ]; then
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default allow outgoing
|
||||
sudo ufw reload
|
||||
echo "$line"
|
||||
sudo ufw status verbose
|
||||
echo "$line"
|
||||
;;
|
||||
3) # Panic mode
|
||||
for i in {0..7}
|
||||
do
|
||||
yes | sudo ufw delete 1
|
||||
done
|
||||
echo 'Applied public profile.'
|
||||
else
|
||||
echo 'Something went wrong'
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
panic() {
|
||||
echo -e "Appling PANIC profile...\n$line"
|
||||
|
||||
existing_check
|
||||
status=$?
|
||||
if [ $status -eq 0 ]; then
|
||||
sudo ufw default deny incoming
|
||||
sudo ufw default deny outgoing
|
||||
sudo ufw reload
|
||||
echo "$line"
|
||||
sudo ufw status verbose
|
||||
echo "$line"
|
||||
echo 'PANIC profile applied.'
|
||||
else
|
||||
echo 'Something went wrong'
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
case ${INPUT_PARAM,,} in
|
||||
home)
|
||||
home
|
||||
;;
|
||||
4) # Exit
|
||||
echo '## END OF SCRIPT'
|
||||
exit 0
|
||||
public)
|
||||
public
|
||||
;;
|
||||
*) # Default
|
||||
echo 'Please choose a valid option (1-4).'
|
||||
panic)
|
||||
panic
|
||||
;;
|
||||
esac
|
||||
|
||||
Reference in New Issue
Block a user