From 5225b0c1d4464e33eab84682037d0672936c5f2d Mon Sep 17 00:00:00 2001
From: tommytran732 <57488583+tommytran732@users.noreply.github.com>
Date: Fri, 13 Aug 2021 05:33:12 -0400
Subject: [PATCH] Add TCPShield Script
---
README.md | 12 +++++++-
tcpshield.sh | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 92 insertions(+), 1 deletion(-)
create mode 100644 tcpshield.sh
diff --git a/README.md b/README.md
index c574b54..93fbabd 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,17 @@
# Cloudflare IPWhitelist
Whitelist CloudFlare's IPs on port your selection of ports
This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu.
-`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Cloudflare-IPWhitelist/master/cloudflare.sh)`
+`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Firewall-IPWhitelist/master/cloudflare.sh)`
+
+# Cloudflare IPWhitelist for VMmanager
+Whitelist CloudFlare's IPs on port your selection of ports
+This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu.
+`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Firewall-IPWhitelist/master/cloudflare-vmmanager.sh)`
+
+# TCPShield-IPWhitelist
+Whitelist TCPShield's IPs on your selection of ports
+This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu.
+`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Firewall-IPWhitelist/master/tcpshield.sh)`
# Notes
Before you run the script, makes sure you have not opened those ports to all IPs as it will make this script useless.
diff --git a/tcpshield.sh b/tcpshield.sh
new file mode 100644
index 0000000..eec16d7
--- /dev/null
+++ b/tcpshield.sh
@@ -0,0 +1,81 @@
+#!/bin/bash
+
+output(){
+ echo -e '\e[36m'$1'\e[0m';
+}
+
+get_ports(){
+ read -a ports
+
+ if [[ $ports = "" ]]; then
+ output "You cannot put in an empty list of ports! Try again:"
+ get_ports
+ fi
+}
+
+output "TCPShield IPWhitelist Script"
+output "Copyright © 2020 Thien Tran ."
+output "Support: https://thientran.io/discord"
+output ""
+
+output "Enter the list of ports you want opened, separated by a space."
+output "For example, if you want to open port 25565-25570, type: "
+output "25565 25566 25567 25568 25569 25570"
+
+get_ports
+
+if [ -r /etc/os-release ]; then
+ lsb_dist="$(. /etc/os-release && echo "$ID")"
+fi
+
+if [ -r /etc/os-release ]; then
+ lsb_dist="$(. /etc/os-release && echo "$ID")"
+ dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
+else
+ output "Unsupported Distribution! Only RHEL, CentOS, Fedora, Ubuntu, and Debian are supported!"
+ exit 1
+fi
+
+if [ "$lsb_dist" = "rhel" ]; then
+ output "OS: Red Hat Enterprise Linux $dist_version detected."
+else
+ output "OS: $lsb_dist $dist_version detected."
+fi
+
+if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
+ apt -y install ufw wget
+ # Opening Port 22 just in case so that we do not lose the internet connection when the rules are applied.
+ ufw allow 22
+ wget https://tcpshield.com/v4
+
+ for ips in `cat v4`;
+ do
+ for port in "${ports[@]}";
+ do
+ ufw allow from $ips to any proto tcp port $port
+ done
+ done
+ yes | ufw enable
+elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "opensuse" ]; then
+ if [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ]; then
+ yum -y install firewalld wget
+ elif [ "$lsb_dist" = "opensuse" ]; then
+ zypper in firewalld wget -y
+ fi
+ wget https://tcpshield.com/v4
+ for ips in `cat v4`;
+ do
+ for port in "${ports[@]}";
+ do
+ firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"$ips"' port port='"$port"' protocol="tcp" accept'
+ done
+ done
+ firewall-cmd --reload
+else
+ output "Unsupported distribution. This script only supports Fedora, RHEL, CentOS, Ubuntu, and Debian."
+ exit 1
+fi
+
+rm v4
+
+output "Configuration finished!"