Merge pull request #123 from kobewijnants/fork

Fix ufw firewall script
This commit is contained in:
Chris Titus 2024-08-08 16:15:59 -05:00 committed by GitHub
commit d632edcf02
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1,11 +1,13 @@
#!/bin/sh -e #!/bin/sh -e
. ./common-script.sh
installPkg() { installPkg() {
echo "Install UFW if not already installed..." echo "Install UFW if not already installed..."
if ! command_exists ufw; then if ! command_exists ufw; then
case ${PACKAGER} in case ${PACKAGER} in
pacman) pacman)
sudo "${PACKAGER}" -S --noconfirm ufw sudo "${PACKAGER}" -Sy --noconfirm ufw
;; ;;
*) *)
sudo "${PACKAGER}" install -y ufw sudo "${PACKAGER}" install -y ufw
@ -14,26 +16,33 @@ installPkg() {
else else
echo "UFW is already installed." echo "UFW is already installed."
fi fi
}
configureUFW() {
echo -e "${GREEN}Using Chris Titus Recommended Firewall Rules${RC}" echo -e "${GREEN}Using Chris Titus Recommended Firewall Rules${RC}"
sudo ufw limit 22/tcp
echo "Disabling UFW"
sudo ufw disable
echo "Limiting port 22/tcp (UFW)" echo "Limiting port 22/tcp (UFW)"
sudo ufw limit 22/tcp
sudo ufw allow 80/tcp
echo "Allowing port 80/tcp (UFW)" echo "Allowing port 80/tcp (UFW)"
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
echo "Allowing port 443/tcp (UFW)" echo "Allowing port 443/tcp (UFW)"
sudo ufw allow 443/tcp
sudo ufw default deny incoming
echo "Denying Incoming Packets by Default(UFW)" echo "Denying Incoming Packets by Default(UFW)"
sudo ufw default deny incoming
sudo ufw default allow outgoing
echo "Allowing Outcoming Packets by Default(UFW)" echo "Allowing Outcoming Packets by Default(UFW)"
sudo ufw default allow outgoing
sudo ufw enable sudo ufw enable
echo -e "${GREEN}Enabled Firewall with Baselines!${RC}" echo -e "${GREEN}Enabled Firewall with Baselines!${RC}"
} }
checkEnv checkEnv
installPkg installPkg
configureUFW