mirror of
https://github.com/vitodeploy/vito.git
synced 2025-07-02 14:36:17 +00:00
Refactor firewall and add edit rule (#488)
This commit is contained in:
@ -1,11 +0,0 @@
|
||||
if ! sudo ufw {{ $type }} from {{ $source }}{{ $mask }} to any proto {{ $protocol }} port {{ $port }}; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
if ! sudo ufw reload; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
if ! sudo service ufw restart; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
@ -0,0 +1,37 @@
|
||||
@include('ssh.services.firewall.ufw.backup-rules')
|
||||
|
||||
if ! sudo ufw --force reset; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
|
||||
if ! sudo ufw default deny incoming; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
if ! sudo ufw default allow outgoing; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
@foreach($rules as $rule)
|
||||
@php
|
||||
$source = isset($rule->source) && $rule->source !== null
|
||||
? $rule->source . (isset($rule->mask) && $rule->mask !== null ? '/' . $rule->mask : '')
|
||||
: 'any';
|
||||
@endphp
|
||||
|
||||
if ! sudo ufw {{ $rule->type }} from {{ $source }} to any proto {{ $rule->protocol }} port {{ $rule->port }}; then
|
||||
@include('ssh.services.firewall.ufw.restore-rules')
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
@endforeach
|
||||
|
||||
if ! sudo ufw --force enable; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
if ! sudo ufw reload; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
@include('ssh.services.firewall.ufw.clear-backups')
|
@ -0,0 +1,6 @@
|
||||
sudo cp /etc/ufw/before.rules /tmp/ufw.before.backup
|
||||
sudo cp /etc/ufw/after.rules /tmp/ufw.after.backup
|
||||
sudo cp /etc/ufw/user.rules /tmp/ufw.user.backup
|
||||
sudo cp /etc/ufw/before6.rules /tmp/ufw.before6.backup
|
||||
sudo cp /etc/ufw/after6.rules /tmp/ufw.after6.backup
|
||||
sudo cp /etc/ufw/user6.rules /tmp/ufw.user6.backup
|
@ -0,0 +1,6 @@
|
||||
sudo rm -f /tmp/ufw.before.backup
|
||||
sudo rm -f /tmp/ufw.after.backup
|
||||
sudo rm -f /tmp/ufw.user.backup
|
||||
sudo rm -f /tmp/ufw.before6.backup
|
||||
sudo rm -f /tmp/ufw.after6.backup
|
||||
sudo rm -f /tmp/ufw.user6.backup
|
@ -1,11 +0,0 @@
|
||||
if ! sudo ufw delete {{ $type }} from {{ $source }}{{ $mask }} to any proto {{ $protocol }} port {{ $port }}; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
if ! sudo ufw reload; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
||||
|
||||
if ! sudo service ufw restart; then
|
||||
echo 'VITO_SSH_ERROR' && exit 1
|
||||
fi
|
@ -0,0 +1,10 @@
|
||||
sudo ufw --force disable
|
||||
|
||||
sudo cp /tmp/ufw.before.backup /etc/ufw/before.rules
|
||||
sudo cp /tmp/ufw.after.backup /etc/ufw/after.rules
|
||||
sudo cp /tmp/ufw.user.backup /etc/ufw/user.rules
|
||||
sudo cp /tmp/ufw.before6.backup /etc/ufw/before6.rules
|
||||
sudo cp /tmp/ufw.after6.backup /etc/ufw/after6.rules
|
||||
sudo cp /tmp/ufw.user6.backup /etc/ufw/user6.rules
|
||||
|
||||
sudo ufw --force enable
|
Reference in New Issue
Block a user