Refactor firewall and add edit rule (#488)

This commit is contained in:
Richard Anderson
2025-02-16 19:31:58 +00:00
committed by GitHub
parent e2b9d18a71
commit 8c7c3d2192
23 changed files with 443 additions and 210 deletions

View File

@ -1,11 +0,0 @@
if ! sudo ufw {{ $type }} from {{ $source }}{{ $mask }} to any proto {{ $protocol }} port {{ $port }}; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo ufw reload; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo service ufw restart; then
echo 'VITO_SSH_ERROR' && exit 1
fi

View File

@ -0,0 +1,37 @@
@include('ssh.services.firewall.ufw.backup-rules')
if ! sudo ufw --force reset; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo ufw default deny incoming; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo ufw default allow outgoing; then
echo 'VITO_SSH_ERROR' && exit 1
fi
@foreach($rules as $rule)
@php
$source = isset($rule->source) && $rule->source !== null
? $rule->source . (isset($rule->mask) && $rule->mask !== null ? '/' . $rule->mask : '')
: 'any';
@endphp
if ! sudo ufw {{ $rule->type }} from {{ $source }} to any proto {{ $rule->protocol }} port {{ $rule->port }}; then
@include('ssh.services.firewall.ufw.restore-rules')
echo 'VITO_SSH_ERROR' && exit 1
fi
@endforeach
if ! sudo ufw --force enable; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo ufw reload; then
echo 'VITO_SSH_ERROR' && exit 1
fi
@include('ssh.services.firewall.ufw.clear-backups')

View File

@ -0,0 +1,6 @@
sudo cp /etc/ufw/before.rules /tmp/ufw.before.backup
sudo cp /etc/ufw/after.rules /tmp/ufw.after.backup
sudo cp /etc/ufw/user.rules /tmp/ufw.user.backup
sudo cp /etc/ufw/before6.rules /tmp/ufw.before6.backup
sudo cp /etc/ufw/after6.rules /tmp/ufw.after6.backup
sudo cp /etc/ufw/user6.rules /tmp/ufw.user6.backup

View File

@ -0,0 +1,6 @@
sudo rm -f /tmp/ufw.before.backup
sudo rm -f /tmp/ufw.after.backup
sudo rm -f /tmp/ufw.user.backup
sudo rm -f /tmp/ufw.before6.backup
sudo rm -f /tmp/ufw.after6.backup
sudo rm -f /tmp/ufw.user6.backup

View File

@ -1,11 +0,0 @@
if ! sudo ufw delete {{ $type }} from {{ $source }}{{ $mask }} to any proto {{ $protocol }} port {{ $port }}; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo ufw reload; then
echo 'VITO_SSH_ERROR' && exit 1
fi
if ! sudo service ufw restart; then
echo 'VITO_SSH_ERROR' && exit 1
fi

View File

@ -0,0 +1,10 @@
sudo ufw --force disable
sudo cp /tmp/ufw.before.backup /etc/ufw/before.rules
sudo cp /tmp/ufw.after.backup /etc/ufw/after.rules
sudo cp /tmp/ufw.user.backup /etc/ufw/user.rules
sudo cp /tmp/ufw.before6.backup /etc/ufw/before6.rules
sudo cp /tmp/ufw.after6.backup /etc/ufw/after6.rules
sudo cp /tmp/ufw.user6.backup /etc/ufw/user6.rules
sudo ufw --force enable