$clients = Text::explodeNewLines($this->clients);
$ip = Text::explodeNewLines($this->ip);
$forceContainers = Text::explodeNewLines($this->docker);
- $excludeContainers = array_merge(['portainer'], Text::explodeNewLines($this->docker_restricted));
+ $excludeContainers = array_merge(['portainer', 'monit'], Text::explodeNewLines($this->docker_restricted));
$excludeContainers = array_diff($excludeContainers, $forceContainers);
$sshports = [22, 22022, 22822, 22222];
ufw default allow outgoing
';
+ $dhosts = [];
+
$locals = ['127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'];
$lhosts = [];
foreach ($locals as $k => $local) {
foreach ($ip as $k => $i) {
$lhosts[] = '$i' . $k;
+ $dhosts[] = '$i' . $k;
$fw .= 'i' . $k . '=' . self::digOrIP($i) . "\n";
}
$fw .= "\n";
continue;
}
$hosts[] = '$s' . $k;
+ $dhosts[] = '$s' . $k;
$fw .= 's' . $k . '=' . self::digOrIP($s['name'] . '.cubedesigners.com') . "\n";
$others = Text::explodeNewLines($s['others']);
foreach ($others as $kk => $o) {
$hosts[] = '$s' . $k . '_' . $kk;
+ $dhosts[] = '$s' . $k . '_' . $kk;
$fw .= 's' . $k . '_' . $kk . '=' . self::digOrIP($o) . "\n";
}
}
$fw .= 'auth=(' . implode(' ', $hosts) . ')' . "\n\n";
+ $fw .= 'docker_allowed=(' . implode(' ', $dhosts) . ')' . "\n\n";
if ($server['backup']) {
$backup = [];
$fw .= 'backup=(' . implode(' ', $backup) . ')' . "\n";
}
-
$openPorts = Text::trimExplode(',', $server['ports']);
if ($server['dns']) {
skip_containers=(';
foreach ($excludeContainers as $excludeContainer) {
- $fw.='"'.$excludeContainer.'" ';
+ $fw .= '"' . $excludeContainer . '" ';
}
$fw .= ')
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5 $s6)
+docker_allowed=($i0 $i1 $i2 $i3 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5 $s6)
+
for ip in "${blacklist[@]}"
do
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s0 $s0_0 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5 $s6)
+docker_allowed=($i0 $i1 $i2 $i3 $s0 $s0_0 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5 $s6)
+
for ip in "${blacklist[@]}"
do
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s0 $s0_0 $s1 $s3 $s4 $s5 $s6)
+docker_allowed=($i0 $i1 $i2 $i3 $s0 $s0_0 $s1 $s3 $s4 $s5 $s6)
+
for ip in "${blacklist[@]}"
do
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s4 $s5 $s6)
+docker_allowed=($i0 $i1 $i2 $i3 $s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s4 $s5 $s6)
+
c0=`dig +short www.fondation-sycomore.com | tail -1`
backup=($c0)
ufw allow 53
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s6)
+docker_allowed=($i0 $i1 $i2 $i3 $s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s6)
+
for ip in "${blacklist[@]}"
do
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5)
+docker_allowed=($i0 $i1 $i2 $i3 $s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5)
+
ufw allow 51820
for ip in "${blacklist[@]}"
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s5 $s6)
+docker_allowed=($i0 $i1 $i2 $i3 $s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s5 $s6)
+
for ip in "${blacklist[@]}"
do
ufw deny out 22222
-skip_containers=("portainer" )
+skip_containers=("portainer" "monit" )
-sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo wget -O /usr/local/bin/ufw-docker https://raw.githubusercontent.com/EnhydraV/ufw-docker/refs/heads/master/ufw-docker
sudo chmod +x /usr/local/bin/ufw-docker
# Finally enable firewall
ufw --force enable
if ! $skip; then
ufw-docker allow "$container"
+ else
+ for ip in "${docker_allowed[@]}"
+ do
+ ufw-docker allow-from "$container" $ip
+ done
fi
done
projects / fluidbook-toolbox.git / commitdiff