verita84/firewall
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

idsa

Browse Source
This commit is contained in:
Your Name 2024-09-04 09:37:04 -06:00
parent 653a5d3532
commit 1ed5f67063
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
firewall2.sh
View File

@ -2,9 +2,10 @@
MY_IP=$(curl ifconfig.me)
SERVER_IP='192.168.0.55'
NGINX_ACCESS="/var/log/nginx/access.log"
WIREGUARD=(57692 853)
WIREGUARD=(51820)
#WIREGUARD=(57692)
WEB=(80 443)
ADGUARD=(3000 8082 67)
ADGUARD=(3000 8082 853 )
UPTIME=(4001)
DNS=(53 67 68)
CUPS=(631 5353)
@ -20,6 +21,8 @@ ADMIN=(22)
NFT='/usr/sbin/nft'
NFT_TCP="$NFT add rule ip filter input tcp dport"
NFT_UDP="$NFT add rule ip filter input udp dport"
NFT6_UDP="$NFT add rule ip6 filter input udp dport"
NFT6_TCP="$NFT add rule ip6 filter input tcp dport"
NFT_DROP='counter drop'
NFT_ACCEPT='counter accept'
NFT='/usr/sbin/nft'
@ -243,6 +246,7 @@ uptimeKuma() {
admin() {
for i in "${ADMIN[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
done
}
@ -252,12 +256,15 @@ wireguard() {
for i in "${WIREGUARD[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_UDP $i $NFT_ACCEPT
done
}
web() {
for i in "${WEB[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
done
}
@ -265,16 +272,18 @@ dns(){
for i in "${DNS[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_UDP $i $NFT_ACCEPT
done
}
adguard() {
for i in "${ADGUARD[@]}"; do
$NFT add rule ip filter input ip saddr $SERVER_IP tcp dport $i accept
$NFT add rule ip filter input ip saddr $SERVER_IP udp dport $i accept
# $NFT_TCP $i $NFT_ACCEPT
# $NFT_UDP $i $NFT_ACCEPT
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
done
}
@ -282,6 +291,8 @@ cups() {
for i in "${CUPS[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_UDP $i $NFT_ACCEPT
done
}
@ -308,6 +319,8 @@ syncthing() {
for i in "${SYNCTHING[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_UDP $i $NFT_ACCEPT
done
}
@ -315,6 +328,8 @@ jellyfin() {
for i in "${JELLYFIN[@]}"; do
$NFT_TCP $i $NFT_ACCEPT
$NFT_UDP $i $NFT_ACCEPT
$NFT6_TCP $i $NFT_ACCEPT
$NFT6_UDP $i $NFT_ACCEPT
done
}
@ -356,7 +371,7 @@ start() {
syncthing
blockCountry
jellyfin
wireguard-networking
#wireguard-networking
uptimeKuma
docker restart uptime-kuma
$NFT insert rule filter input iif docker0 $NFT_ACCEPT