ufw default allow outgoing
';
+ $locals = ['127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'];
+ $lhosts = [];
+ foreach ($locals as $k => $local) {
+ $lhosts[] = '$l' . $k;
+ $fw .= 'l' . $k . '=' . self::digOrIP($local) . "\n";
+ }
+
+
+ foreach ($ip as $k => $i) {
+ $lhosts[] = '$i' . $k;
+ $fw .= 'i' . $k . '=' . self::digOrIP($i) . "\n";
+ }
+ $fw .= "\n";
+
+ $fw .= 'local=(' . implode(' ', $lhosts) . ')' . "\n\n";
+
+
$bhosts = [];
foreach ($blacklist as $k => $b) {
$bhosts[] = '$b' . $k;
}
$fw .= "\n";
- foreach ($ip as $k => $i) {
- $hosts[] = '$i' . $k;
- $fw .= 'i' . $k . '=' . self::digOrIP($i) . "\n";
- }
- $fw .= "\n";
-
$fw .= 'auth=(' . implode(' ', $hosts) . ')' . "\n\n";
$fw .= 'for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do' . "\n";
$fw .= "\t" . 'ufw allow from $ip' . "\n";
$fw .= "\t" . 'ufw allow to $ip' . "\n";
- $fw .= "\t" . 'ufw allow out from $ip' . "\n";
- $fw .= "\t" . 'ufw allow out to $ip' . "\n";
$fw .= 'done' . "\n\n";
if (isset($backup) && count($backup)) {
$fw .= 'for ip in "${backup[@]}"
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8)
ufw allow 80
ufw allow 443
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
#SSH
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8)
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
#SSH
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s2 $s2_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8)
c0=`dig +short s1.adangelis.com | tail -1`
c1=`dig +short www.fondation-sycomore.com | tail -1`
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
for ip in "${backup[@]}"
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8)
ufw allow 53
ufw allow 80
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
#SSH
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8)
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
for ip in "${backup[@]}"
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s6_2=`dig +short mail2.cubedesigners.com | tail -1`
s7=`dig +short kingkong.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7)
ufw allow 51820
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
for ip in "${backup[@]}"
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8)
ufw allow 53
ufw allow 80
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
for ip in "${backup[@]}"
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s7=`dig +short kingkong.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s7 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s7 $s8)
ufw allow 53
ufw allow 80
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
for ip in "${backup[@]}"
ufw default allow outgoing
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2)
+
b0=24.104.34.225
b1=62.99.220.220
b2=50.62.177.177
s6_2=`dig +short mail2.cubedesigners.com | tail -1`
s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
-i0=127.0.0.0/8
-i1=10.0.0.0/8
-i2=172.16.0.0/12
-i3=192.168.0.0/16
-i4=`dig +short tortuga.enhydra.fr | tail -1`
-
-auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s8 $i0 $i1 $i2 $i3 $i4)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s8)
ufw allow 80
ufw allow 443
for ip in "${blacklist[@]}"
do
- ufw deny in from $ip
- ufw deny in to $ip
+ ufw deny from $ip
+ ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+ ufw allow from $ip
done
for ip in "${auth[@]}"
do
ufw allow from $ip
ufw allow to $ip
- ufw allow out from $ip
- ufw allow out to $ip
done
for ip in "${backup[@]}"
projects / fluidbook-toolbox.git / commitdiff