d
This commit is contained in:
Your Name
parent
aac8cdfcf1
commit
2eb139285d
181
firewall.sh
181
firewall.sh
@ -124,100 +124,123 @@ basic-security() {
|
||||
|
||||
}
|
||||
|
||||
admin() {
|
||||
for i in "${ADMIN[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
wireguard() {
|
||||
sysctl -w net.ipv4.conf.all.forwarding=1
|
||||
for i in "${WIREGUARD[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
web() {
|
||||
for i in "${WEB[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
adguard() {
|
||||
for i in "${ADGUARD[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
cups() {
|
||||
for i in "${CUPS[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
bitcoin() {
|
||||
for i in "${BITCOIN[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
lnd() {
|
||||
for i in "${LND[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
syncthing() {
|
||||
for i in "${SYNCTHING[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
jellyfin() {
|
||||
for i in "${JELLYFIN[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
nfs() {
|
||||
for i in "${NFS[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
trust() {
|
||||
for i in "${MACHINES[@]}"; do
|
||||
$IPTABLES_TCP -s $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP -s $i $IPTABLES_ACCEPT
|
||||
done
|
||||
}
|
||||
|
||||
start() {
|
||||
|
||||
basic-security
|
||||
#Trust Servers
|
||||
#for i in "${MACHINES[@]}"; do
|
||||
# $IPTABLES_TCP -s $i $IPTABLES_ACCEPT
|
||||
# $IPTABLES_UDP -s $i $IPTABLES_ACCEPT
|
||||
#done
|
||||
|
||||
if [[ $HOSTNAME == *"nas"* ]]; then
|
||||
ddos-protection
|
||||
|
||||
for i in "${ADMIN[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#WireGuard
|
||||
sysctl -w net.ipv4.conf.all.forwarding=1
|
||||
for i in "${WIREGUARD[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
wireguard
|
||||
web
|
||||
admin
|
||||
adguard
|
||||
cups
|
||||
bitcoin
|
||||
syncthing
|
||||
lnd
|
||||
jellyfin
|
||||
|
||||
#Uptime
|
||||
podman restart uptime-kuma
|
||||
|
||||
#Web
|
||||
for i in "${WEB[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#AdGuard
|
||||
for i in "${ADGUARD[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#CUPS
|
||||
for i in "${CUPS[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#Bitcoin
|
||||
for i in "${BITCOIN[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#LND
|
||||
for i in "${LND[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#SyncThing
|
||||
for i in "${SYNCTHING[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#NFS
|
||||
for i in "${NFS[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
#Jellyfin
|
||||
for i in "${JELLYFIN[@]}"; do
|
||||
$IPTABLES_TCP --dport $i $IPTABLES_ACCEPT
|
||||
$IPTABLES_UDP --dport $i $IPTABLES_ACCEPT
|
||||
done
|
||||
|
||||
else {
|
||||
/usr/bin/systemctl restart libvirtd
|
||||
}
|
||||
else
|
||||
{
|
||||
syncthing
|
||||
/usr/bin/systemctl restart libvirtd
|
||||
}
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
stop() {
|
||||
iptables -F
|
||||
iptables -P INPUT ACCEPT
|
||||
iptables -P FORWARD ACCEPT
|
||||
iptables -P OUTPUT ACCEPT
|
||||
iptables -t nat -F
|
||||
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED $IPTABLES_ACCEPT
|
||||
iptables -A INPUT -i lo $IPTABLES_ACCEPT
|
||||
/usr/sbin/iptables -F
|
||||
/usr/sbin/iptables -P INPUT ACCEPT
|
||||
/usr/sbin/iptables -P FORWARD ACCEPT
|
||||
/usr/sbin/iptables -P OUTPUT ACCEPT
|
||||
/usr/sbin/iptables -t nat -F
|
||||
/usr/sbin/iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED $IPTABLES_ACCEPT
|
||||
/usr/sbin/iptables -A INPUT -i lo $IPTABLES_ACCEPT
|
||||
|
||||
iptables -F
|
||||
ip6tables -P INPUT ACCEPT
|
||||
ip6tables -P FORWARD ACCEPT
|
||||
ip6tables -P OUTPUT ACCEPT
|
||||
ip6tables -t nat -F
|
||||
ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED $IPTABLES_ACCEPT
|
||||
ip6tables -A INPUT -i lo $IPTABLES_ACCEPT
|
||||
/usr/sbin/iptables -F
|
||||
/usr/sbin/ip6tables -P INPUT ACCEPT
|
||||
/usr/sbin/ip6tables -P FORWARD ACCEPT
|
||||
/usr/sbin/ip6tables -P OUTPUT ACCEPT
|
||||
/usr/sbin/ip6tables -t nat -F
|
||||
/usr/sbin/ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED $IPTABLES_ACCEPT
|
||||
/usr/sbin/ip6tables -A INPUT -i lo $IPTABLES_ACCEPT
|
||||
}
|
||||
|
||||
if [ "$1" = "start" ]; then
|
||||
|
||||
Loading…
Reference in New Issue
Block a user