mirror of
https://github.com/ChrisTitusTech/linutil.git
synced 2024-11-06 05:29:42 +00:00
50 lines
1.3 KiB
Bash
50 lines
1.3 KiB
Bash
#!/bin/sh -e
|
|
|
|
. ../common-script.sh
|
|
|
|
installPkg() {
|
|
echo "Install UFW if not already installed..."
|
|
if ! command_exists ufw; then
|
|
case ${PACKAGER} in
|
|
pacman)
|
|
$ESCALATION_TOOL "${PACKAGER}" -S --needed --noconfirm ufw
|
|
;;
|
|
*)
|
|
$ESCALATION_TOOL "${PACKAGER}" install -y ufw
|
|
;;
|
|
esac
|
|
else
|
|
echo "UFW is already installed."
|
|
fi
|
|
}
|
|
|
|
configureUFW() {
|
|
printf "%b\n" "${GREEN}Using Chris Titus Recommended Firewall Rules${RC}"
|
|
|
|
printf "%b\n" "${YELLOW}Disabling UFW${RC}"
|
|
$ESCALATION_TOOL ufw disable
|
|
|
|
printf "%b\n" "${YELLOW}Limiting port 22/tcp (UFW)${RC}"
|
|
$ESCALATION_TOOL ufw limit 22/tcp
|
|
|
|
printf "%b\n" "${YELLOW}Allowing port 80/tcp (UFW)${RC}"
|
|
$ESCALATION_TOOL ufw allow 80/tcp
|
|
|
|
printf "%b\n" "${YELLO}Allowing port 443/tcp (UFW)${RC}"
|
|
$ESCALATION_TOOL ufw allow 443/tcp
|
|
|
|
printf "%b\n" "${YELLOW}Denying Incoming Packets by Default(UFW)${RC}"
|
|
$ESCALATION_TOOL ufw default deny incoming
|
|
|
|
printf "%b\n" "${YELLOW}Allowing Outcoming Packets by Default(UFW)${RC}"
|
|
$ESCALATION_TOOL ufw default allow outgoing
|
|
|
|
$ESCALATION_TOOL ufw enable
|
|
printf "%b\n" "${GREEN}Enabled Firewall with Baselines!${RC}"
|
|
}
|
|
|
|
checkEnv
|
|
checkEscalationTool
|
|
installPkg
|
|
configureUFW
|