Əsas Firewall Quraşdırması
UFW (Uncomplicated Firewall) istifadə edərək əsas təhlükəsizlik divarı quraşdıran və konfiqurasiya edən script. SSH, HTTP, HTTPS portlarını açır.
Yayımlanma: 20.02.2024
Yenilənmə: 01.12.2024
Kod
#!/bin/bash
# Basic Firewall Setup with UFW
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
echo "Setting up firewall with UFW..."
echo ""
if ! command -v ufw &> /dev/null; then
echo "Installing UFW..."
apt-get update && apt-get install -y ufw
fi
echo "Resetting UFW to defaults..."
ufw --force reset
echo "Setting default policies..."
ufw default deny incoming
ufw default allow outgoing
echo "✓ Default policies set"
echo ""
read -p "SSH Port (default 22): " SSH_PORT
SSH_PORT=${SSH_PORT:-22}
echo "Allowing SSH on port $SSH_PORT..."
ufw allow $SSH_PORT/tcp comment "SSH"
read -p "Allow HTTP (80)? (y/n): " ALLOW_HTTP
if [ "$ALLOW_HTTP" = "y" ]; then
ufw allow 80/tcp comment "HTTP"
echo "✓ HTTP allowed"
fi
read -p "Allow HTTPS (443)? (y/n): " ALLOW_HTTPS
if [ "$ALLOW_HTTPS" = "y" ]; then
ufw allow 443/tcp comment "HTTPS"
echo "✓ HTTPS allowed"
fi
read -p "Any additional ports to open? (comma-separated, or press Enter to skip): " ADDITIONAL_PORTS
if [ ! -z "$ADDITIONAL_PORTS" ]; then
IFS="," read -ra PORTS <<< "$ADDITIONAL_PORTS"
for port in "${PORTS[@]}"; do
ufw allow $port/tcp
echo "✓ Port $port allowed"
done
fi
echo ""
echo "Enabling UFW..."
ufw --force enable
echo ""
echo "======================================"
echo "FIREWALL STATUS"
echo "======================================"
ufw status verbose
echo ""
echo "======================================"
echo "FIREWALL RULES"
echo "======================================"
ufw status numbered
echo ""
echo "✓ Firewall setup completed!"
echo ""
echo "To add more rules later:"
echo " ufw allow <port>/tcp"
echo "To remove a rule:"
echo " ufw delete <rule number>"İstifadə
sudo chmod +x firewall_setup.sh
sudo ./firewall_setup.sh
# Add rules manually
sudo ufw allow 8080/tcp
sudo ufw delete allow 8080/tcp
# Check status
sudo ufw status