class HostingLoadBalancer
{
protected static $_servers = [
- ['name' => 's1', 'host' => 's1.lb.fluidbook.com', 'weight' => 7],
+ ['name' => 's1', 'host' => 's1.lb.fluidbook.com', 'weight' => 2],
['name' => 's2', 'host' => 's2.lb.fluidbook.com', 'weight' => 2],
['name' => 's3', 'host' => 's3.lb.fluidbook.com', 'weight' => 2],
];
}
$variables = ['$name' => $name . $dockerSuffix,
- '$portadminer' => rand(10000, 60000),
- '$portmatomo' => rand(10000, 60000),
'$matomodbpassword' => Str::random(16),
- '$port' => rand(10000, 60000),
'$sshport' => rand(10000, 60000),
'$domain' => $request->get('domain', ''),
'$dbpassword' => Str::random(16),
'$locale' => 'fr_FR',
'$localeshort' => 'fr',
'$sshpassword' => Str::random(16),
- '$fixrights' => '',
'$public' => $request->get('public') ? '/public' : '/'
];
$variables['$phpversion'] = $request->get('phpversion', '8.1');
if ($variables['$phpversion'] !== 'none') {
$compose[] = 'php';
- if (version_compare($variables['$phpversion'], '7.3', '<=')) {
+ if (version_compare($variables['$phpversion'], '5.6', '<=')) {
$variables['$phpfpmimage'] = 'php-' . $variables['$phpversion'] . '-fpm';
}
$fixRights[] = 'chown 0:0 ./config/cron/crontab';
$fw = '#!/bin/bash' . "\n\n";
$fw .= 'export DEBIAN_FRONTEND=noninteractive' . "\n";
- $fw .= 'apt install --no-install-recommends -y bind9 dnsutils' . "\n";
- $fw .= 'service bind9 restart' . "\n\n";
+ $fw .= 'apt install --no-install-recommends -y dnsutils' . "\n";
$fw .= '# Reset all rules
ufw --force reset
rm /lib/ufw/user.rules.*
';
file_put_contents(Files::mkdir(resource_path('servers/' . $server['name'])) . 'firewall', $fw);
-
-
}
$update = '@echo off
}
file_put_contents(resource_path('servers') . '/' . 'update.bat', str_replace("\n", "\r\n", $update));
-
-
}
protected static function digOrIP($address)
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+c0=`dig +short s1.adangelis.com | tail -1`
+c1=`dig +short www.fondation-sycomore.com | tail -1`
+backup=($c0 $c1)
+ufw allow 53
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+ ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 53
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+ ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 51820
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+ ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 53
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+ ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 53
+ufw allow 80
+ufw allow 443
+ufw allow 25
+ufw allow 143
+ufw allow 465
+ufw allow 487
+ufw allow 993
+ufw allow 4190
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+ ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short alphaville.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short brazil.cubedesigners.com | tail -1`
+s2=`dig +short dracula.cubedesigners.com | tail -1`
+s2_0=`dig +short devdock.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short elephantman.cubedesigners.com | tail -1`
+s5=`dig +short godzilla.cubedesigners.com | tail -1`
+s5_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s5_1=`dig +short hosting.cubedesigners.com | tail -1`
+s5_2=`dig +short hosting2.fluidbook.com | tail -1`
+s5_3=`dig +short hosting.fluidbook.com | tail -1`
+s6=`dig +short her2.cubedesigners.com | tail -1`
+s6_0=`dig +short her.cubedesigners.com | tail -1`
+s6_1=`dig +short mail.cubedesigners.com | tail -1`
+s6_2=`dig +short mail2.cubedesigners.com | tail -1`
+s7=`dig +short kingkong.cubedesigners.com | tail -1`
+s8=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+i0=127.0.0.0/8
+i1=10.0.0.0/8
+i2=172.16.0.0/12
+i3=192.168.0.0/16
+i4=`dig +short paris.cubedesigners.com | tail -1`
+i5=`dig +short montpellier.cubedesigners.com | tail -1`
+i6=`dig +short tortuga.enhydra.fr | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s3 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $i0 $i1 $i2 $i3 $i4 $i5 $i6)
+
+ufw allow 80
+ufw allow 443
+
+for ip in "${blacklist[@]}"
+do
+ ufw deny in from $ip
+ ufw deny in to $ip
+done
+
+for ip in "${auth[@]}"
+do
+ ufw allow from $ip
+ ufw allow to $ip
+ ufw allow out from $ip
+ ufw allow out to $ip
+done
+
+for ip in "${backup[@]}"
+do
+ ufw allow in from $ip port 22
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+# Finally enable firewall
+ufw --force enable
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm /etc/ufw/after.rules.*
+rm /etc/ufw/after6.rules.*
+rm /etc/ufw/before.rules.*
+rm /etc/ufw/before6.rules.*
+rm /lib/ufw/user6.rules.*
+rm /lib/ufw/user.rules.*
--- /dev/null
+@echo off
+cd /D D:\Works\Scripts
+scp -P 58745 -r toolbox@toolbox.fluidbook.com:/application/resources/servers/ ./
+cd /D D:\Works\Scripts\servers
+
+scp -P 22 ./alphaville/firewall root@alphaville.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@alphaville.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./brazil/firewall root@brazil.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@brazil.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./dracula/firewall root@dracula.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@dracula.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./dobermann/firewall root@dobermann.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@dobermann.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22822 ./elephantman/firewall root@elephantman.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22822 root@elephantman.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./godzilla/firewall root@godzilla.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@godzilla.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./her2/firewall root@her2.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@her2.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22 ./kingkong/firewall root@kingkong.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@kingkong.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
+scp -P 22822 ./fastandfurious/firewall root@fastandfurious.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22822 root@fastandfurious.cubedesigners.com 'chmod 755 /usr/local/bin/fw;/usr/local/bin/fw'
+
- ./matomo/matomo:/var/www/html
- ./matomo/bin:/var/www/html/bin
restart: unless-stopped
- ports:
- - $portmatomo:80
networks:
- $name
- ./matomo/redis:/data
networks:
- $name
-
projects / fluidbook-toolbox.git / commitdiff