forked from chirpstack/chirpstack-docker
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathset_firewall.sh
More file actions
122 lines (89 loc) · 1.97 KB
/
set_firewall.sh
File metadata and controls
122 lines (89 loc) · 1.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
# https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server
install_ufw(){
sudo apt-get update
sudo apt-get install ufw -y
}
set_ufw_machine() {
SERVER=$1
sudo ufw disable
sudo ufw status
sudo ufw default deny incoming
# SSH
sudo ufw allow from $SERVER
sudo ufw allow ssh
# Docker container bridges
sudo ufw allow from 172.17.0.0/16
# Local IPv6 address
sudo ufw allow from fe80::1
# HTTP port
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Gateway bridge (will be removed soon)
sudo ufw allow 1700/udp
# Gateway manager
sudo ufw allow 2222/tcp
# Plain MQTT
#sudo ufw allow 1883/tcp
# MQTT over TLS/SSL
sudo ufw allow 8883/tcp
# Plain WebSockets configuration
#sudo ufw allow 9001/tcp
# WebSockets over TLS/SSL
sudo ufw allow 9883/tcp
sudo ufw enable
sudo ufw status numbered
}
list() {
echo "Machines: ${MACHINES[@]}"
}
commands() {
if [ $# -lt 1 ] ; then usage ; exit 1 ; fi
local COMMAND=$1
case "$COMMAND" in
list)
if [ $# -ne 1 ] ; then usage ; exit 1 ; fi
list
;;
set_ufw_machine)
if [ $# -ne 2 ] ; then usage ; exit 1 ; fi
HOST="$2"
set_ufw_machine ${HOST}
;;
h|help)
usage
;;
*)
usage
exit 1
;;
esac
exit 0
}
# commands $*
usage() {
echo "Usage: $0 [cmd] [parameter]"
echo " list : list machines and containers."
echo " set_ufw_machine MACHINE : set ufw on the machine."
}
name_to_ipaddress(){
ping -q -c 1 -t 1 $1 | grep PING | sed -e "s/).*//" | sed -e "s/.*(//"
}
IP_SERVER_1=$(name_to_ipaddress server-1)
IP_SERVER_2=$(name_to_ipaddress server-2)
set_ufw_server_1() {
set_ufw_machine IP_SERVER_2
}
set_ufw_server_2() {
set_ufw_machine IP_SERVER_1
}
if [[ $(hostname) == "server-1" ]]
then
echo set_ufw_server_1
elif [[ $(hostname) == "server-2" ]]
then
echo set_ufw_server_2
else
echo "Not a server"
exit 1
fi