ricardo.leite
/
firewall
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
Scripts de firewall iptables compatíveis com docker e com fail2log.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
31 KiB
 
Tree: 566e855313
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '566e855313'
${ noResults }
firewall/install.sh

54 lines
1.4 KiB
Raw Blame History

#!/bin/bash
# Author: Ricardo Leite Gaonçalves - 2021/7
# http://www.davinti.com.br
#
if [ "$USER" != "root" ] ; then
printf "Are you root? \nsudo ./install.sh\n"
exit 1
fi
#if [ "X$(which dialog)" == "X" ]; then
# apt -y install dialog
#fi
if [ "X$(which fail2ban-client)" == "X" ]; then
apt -y install fail2ban
fi
if [ ! -d /etc/network/firewall ] ; then
mkdir -p /etc/network/firewall
fi
trusted=/etc/network/firewall/trustedips.conf
trusted6=/etc/network/firewall/trustedips6.conf
if [ ! -f $trusted ]; then
# Include all local ipv4 ips (but commented), and open localhost ipv4.
ip a | grep " inet " | sed -e 's|^.*inet |#|g' -e 's|\/.*$||g' -e 's|^#127.0.0.1$|127.0.0.1|g' >> $trusted
fi
if [ ! -f $trusted6 ]; then
# Include all local ipv6 ips (but commented) and open the localhost ipv6.
ip a | grep " inet6 " | sed -e 's|^.*inet6 |#|g' -e 's|\/.*$||g' -e 's|^#::1$|::1|g' >> $trusted6
fi
cp -v firewall.service /etc/systemd/system/
cp -v firewall-init.service /etc/systemd/system/
systemctl enable firewall.service
systemctl enable firewall-init.service
if [ ! -f /etc/network/firewall/rules.sh -o "$1" == "-f" ] ; then
cp -v rules.sh /etc/network/firewall/
fi
if [ ! -f /etc/network/firewall/init.sh -o "$1" == "-f" ] ; then
cp -v init.sh /etc/network/firewall/
fi
echo ""
echo !!! Please revise trusted IPs in:
echo $trusted
echo $trusted6
echo ""