Add support for an array of ports
This commit is contained in:
TommyTran732
+37
-8
@@ -4,15 +4,38 @@ output(){
|
||||
echo -e '\e[36m'$1'\e[0m';
|
||||
}
|
||||
|
||||
get_ports(){
|
||||
read -a ports
|
||||
|
||||
if [[ $ports = "" ]]; then
|
||||
output "You cannot put in an empty list of ports! Try again:"
|
||||
get_ports
|
||||
fi
|
||||
}
|
||||
|
||||
output "Cloudflare IPWhitelist Script"
|
||||
output "Copyright © 2020 Thien Tran <contact@thientran.io>."
|
||||
output "Support: https://thientran.io/discord"
|
||||
output ""
|
||||
|
||||
output "Enter the list of ports you want opened, separated by a space."
|
||||
output "For example, if you want to open port 80, 443 and 8443, type: "
|
||||
output "80 443 8443"
|
||||
|
||||
get_ports
|
||||
|
||||
if [ -r /etc/os-release ]; then
|
||||
lsb_dist="$(. /etc/os-release && echo "$ID")"
|
||||
fi
|
||||
|
||||
if [ -r /etc/os-release ]; then
|
||||
lsb_dist="$(. /etc/os-release && echo "$ID")"
|
||||
dist_version="$(. /etc/os-release && echo "$VERSION_ID")"
|
||||
else
|
||||
output "Unsupported Distribution! Only RHEL, CentOS, Fedora, Ubuntu, and Debian are supported!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
||||
apt -y install ufw wget
|
||||
# Opening Port 22 just in case so that we do not lose the internet connection when the rules are applied.
|
||||
@@ -22,14 +45,16 @@ if [ "$lsb_dist" = "ubuntu" ] || [ "$lsb_dist" = "debian" ]; then
|
||||
|
||||
for ips in `cat ips-v4`;
|
||||
do
|
||||
ufw allow from $ips to any proto tcp port 80
|
||||
ufw allow from $ips to any proto tcp port 443
|
||||
for port in "${ports[@]}";
|
||||
ufw allow from $ips to any proto tcp port $port
|
||||
done
|
||||
done
|
||||
|
||||
for ips in `cat ips-v6`;
|
||||
do
|
||||
ufw allow from $ips to any proto tcp port 80
|
||||
ufw allow from $ips to any proto tcp port 443
|
||||
for port in "${ports[@]}";
|
||||
ufw allow from $ips to any proto tcp port $port
|
||||
done
|
||||
done
|
||||
|
||||
yes | ufw enable
|
||||
@@ -39,14 +64,18 @@ elif [ "$lsb_dist" = "fedora" ] || [ "$lsb_dist" = "rhel" ] || [ "$lsb_dist" =
|
||||
wget https://www.cloudflare.com/ips-v6
|
||||
for ips in `cat ips-v4`;
|
||||
do
|
||||
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"$ips"' port port="80" protocol="tcp" accept'
|
||||
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"$ips"' port port="443" protocol="tcp" accept'
|
||||
for port in "${ports[@]}";
|
||||
do
|
||||
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address='"$ips"' port port='"$port"' protocol="tcp" accept'
|
||||
done
|
||||
done
|
||||
|
||||
for ips in `cat ips-v6`;
|
||||
do
|
||||
firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address='"$ips"' port port="80" protocol="tcp" accept'
|
||||
firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address='"$ips"' port port="443" protocol="tcp" accept'
|
||||
for port in "${ports[@]}";
|
||||
do
|
||||
firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address='"$ips"' port port='"$port"' protocol="tcp" accept'
|
||||
done
|
||||
done
|
||||
firewall-cmd --reload
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user