funkemunky/Firewall-IPWhitelist
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TCPShield Script

Browse Source
This commit is contained in:
tommytran732
2021-08-13 05:33:12 -04:00
parent 5f7189a988
commit 5225b0c1d4
2 changed files with 92 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+11 -1
View File
@@ -1,7 +1,17 @@
# Cloudflare IPWhitelist # Cloudflare IPWhitelist
Whitelist CloudFlare's IPs on port your selection of ports <br /> Whitelist CloudFlare's IPs on port your selection of ports <br />
This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu. <br> This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu. <br>
`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Cloudflare-IPWhitelist/master/cloudflare.sh)` `bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Firewall-IPWhitelist/master/cloudflare.sh)`
# Cloudflare IPWhitelist for VMmanager
Whitelist CloudFlare's IPs on port your selection of ports <br />
This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu. <br>
`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Firewall-IPWhitelist/master/cloudflare-vmmanager.sh)`
# TCPShield-IPWhitelist
Whitelist TCPShield's IPs on your selection of ports <br />
This script supports Fedora, RHEL, CentOS, Debian,and Ubuntu. <br>
`bash <(curl -sSL https://raw.githubusercontent.com/tommytran732/Firewall-IPWhitelist/master/tcpshield.sh)`
# Notes # Notes
Before you run the script, makes sure you have not opened those ports to all IPs as it will make this script useless. <br /> Before you run the script, makes sure you have not opened those ports to all IPs as it will make this script useless. <br />
tcpshield.sh
+81
View File
@@ -0,0 +1,81 @@
#!/bin/bash
output(){
echo -e '\e[36m'$1'\e[0m';
}
get_ports(){
read -a ports
if [[ $ports = "" ]]; then
output "You cannot put in an empty list of ports! Try again:"
get_ports
fi
}
output "TCPShield IPWhitelist Script"
output "Copyright © 2020 Thien Tran <contact@thientran.io>."
output "Support: https://thientran.io/discord"
output ""
output "Enter the list of ports you want opened, separated by a space."
output "For example, if you want to open port 25565-25570, type: "
output "25565 25566 25567 25568 25569 25570"
get_ports
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
fi
if [ -r /etc/os-release ]; then
lsb_dist="$(. /etc/os-release && echo "$ID")"
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
else
output "Unsupported Distribution! Only RHEL, CentOS, Fedora, Ubuntu, and Debian are supported!"
exit 1
fi
if [ "$lsb_dist" = "rhel" ]; then
output "OS: Red Hat Enterprise Linux $dist_version detected."
else
output "OS: $lsb_dist $dist_version detected."
fi
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
apt -y install ufw wget
# Opening Port 22 just in case so that we do not lose the internet connection when the rules are applied.
ufw allow 22
wget https://tcpshield.com/v4
for ips in `cat v4`;
do
for port in "${ports[@]}";
do
ufw allow from $ips to any proto tcp port $port
done
done
yes | ufw enable
elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ] || [ "$lsb_dist" = "opensuse" ]; then
if [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" = "centos" ]; then
yum -y install firewalld wget
elif [ "$lsb_dist" = "opensuse" ]; then
zypper in firewalld wget -y
fi
wget https://tcpshield.com/v4
for ips in `cat v4`;
do
for port in "${ports[@]}";
do
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"$ips"' port port='"$port"' protocol="tcp" accept'
done
done
firewall-cmd --reload
else
output "Unsupported distribution. This script only supports Fedora, RHEL, CentOS, Ubuntu, and Debian."
exit 1
fi
rm v4
output "Configuration finished!"