From 5e85806902e4175b94b4ca274cc61e69b0f3dc43 Mon Sep 17 00:00:00 2001
From: Vincent Vanwaelscappel <vincent@cubedesigners.com>
Date: Wed, 5 Mar 2025 16:23:30 +0100
Subject: [PATCH] wip #7023 @5

---
 app/Models/TeamServers.php                |  35 ++++++-
 resources/servers/amadeus/firewall        |  59 ++++++++----
 resources/servers/benhur/firewall         | 111 ++++++++++++++++++++++
 resources/servers/cloudatlas/firewall     |  54 +++++++----
 resources/servers/dobermann/firewall      |  52 +++++++---
 resources/servers/elephantman/firewall    |  50 +++++++---
 resources/servers/fastandfurious/firewall |  52 +++++++---
 resources/servers/kingkong/firewall       |  52 +++++++---
 resources/servers/update.bat              |   7 +-
 9 files changed, 373 insertions(+), 99 deletions(-)
 create mode 100644 resources/servers/benhur/firewall

diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php
index 31afec7e5..c8d4dbaa0 100644
--- a/app/Models/TeamServers.php
+++ b/app/Models/TeamServers.php
@@ -37,6 +37,9 @@ class TeamServers extends CubistMagicAbstractModel
         $blacklist = Text::explodeNewLines($this->blacklist);
         $clients = Text::explodeNewLines($this->clients);
         $ip = Text::explodeNewLines($this->ip);
+        $forceContainers = Text::explodeNewLines($this->docker);
+        $excludeContainers = array_merge(['portainer'], Text::explodeNewLines($this->docker_restricted));
+        $excludeContainers = array_diff($excludeContainers, $forceContainers);
 
         $sshports = [22, 22022, 22822, 22222];
 
@@ -44,7 +47,7 @@ class TeamServers extends CubistMagicAbstractModel
             $fw = '#!/bin/bash' . "\n\n";
 
             $fw .= 'export DEBIAN_FRONTEND=noninteractive' . "\n";
-            $fw .= 'apt install --no-install-recommends -y dnsutils' . "\n";
+            $fw .= 'apt install --no-install-recommends -y dnsutils ufw' . "\n";
 
             $fw .= '# Reset all rules
 ufw --force reset
@@ -164,9 +167,37 @@ done' . "\n\n";
                 $fw .= 'ufw deny out ' . $sshport . "\n";
             }
 
-            $fw .= '# Finally enable firewall
+            $fw .= '
+
+skip_containers=(';
+            foreach ($excludeContainers as $excludeContainer) {
+                $fw.='"'.$excludeContainer.'" ';
+            }
+
+            $fw .= ')
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
+# Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/amadeus/firewall b/resources/servers/amadeus/firewall
index f0c6b4313..c94e5cf2d 100644
--- a/resources/servers/amadeus/firewall
+++ b/resources/servers/amadeus/firewall
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DEBIAN_FRONTEND=noninteractive
-apt install --no-install-recommends -y dnsutils
+apt install --no-install-recommends -y dnsutils ufw
 # Reset all rules
 ufw --force reset
 # Disable firewall
@@ -26,25 +26,23 @@ b2=50.62.177.177
 b3=195.70.4.231
 blacklist=($b0 $b1 $b2 $b3)
 
-s1=`dig +short alphaville.cubedesigners.com | tail -1`
-s1_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short benhur.cubedesigners.com | tail -1`
 s2=`dig +short cloudatlas.cubedesigners.com | tail -1`
-s2_0=`dig +short git.cubedesigners.com | tail -1`
-s2_1=`dig +short mail.cubedesigners.com | tail -1`
-s2_2=`dig +short mail2.cubedesigners.com | tail -1`
-s3=`dig +short dracula.cubedesigners.com | tail -1`
-s3_0=`dig +short devdock.cubedesigners.com | tail -1`
-s4=`dig +short dobermann.cubedesigners.com | tail -1`
-s5=`dig +short kingkong.cubedesigners.com | tail -1`
-s6=`dig +short elephantman.cubedesigners.com | tail -1`
-s7=`dig +short fastandfurious.cubedesigners.com | tail -1`
-
-auth=($s1 $s1_0 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s6 $s7)
-
-ufw allow 58745
-ufw allow 53
-ufw allow 80
-ufw allow 443
+s2_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s2_1=`dig +short hosting.fluidbook.com | tail -1`
+s2_2=`dig +short hosting.cubedesigners.com | tail -1`
+s2_3=`dig +short hosting2.fluidbook.com | tail -1`
+s2_4=`dig +short hosting2.cubedesigners.com | tail -1`
+s2_5=`dig +short git.cubedesigners.com | tail -1`
+s2_6=`dig +short mail.cubedesigners.com | tail -1`
+s2_7=`dig +short mattermost.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short kingkong.cubedesigners.com | tail -1`
+s5=`dig +short elephantman.cubedesigners.com | tail -1`
+s6=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+auth=($s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5 $s6)
+
 
 for ip in "${blacklist[@]}"
 do
@@ -72,9 +70,32 @@ ufw deny out 22
 ufw deny out 22022
 ufw deny out 22822
 ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
 # Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/benhur/firewall b/resources/servers/benhur/firewall
new file mode 100644
index 000000000..c97c03fa0
--- /dev/null
+++ b/resources/servers/benhur/firewall
@@ -0,0 +1,111 @@
+#!/bin/bash
+
+export DEBIAN_FRONTEND=noninteractive
+apt install --no-install-recommends -y dnsutils ufw
+# Reset all rules
+ufw --force reset
+# Disable firewall
+ufw disable
+
+ufw default allow outgoing
+
+l0=127.0.0.0/8
+l1=10.0.0.0/8
+l2=172.16.0.0/12
+l3=192.168.0.0/16
+i0=`dig +short paris.cubedesigners.com | tail -1`
+i1=`dig +short montpellier.cubedesigners.com | tail -1`
+i2=`dig +short tortuga.enhydra.fr | tail -1`
+i3=`dig +short cocodrilo.enhydra.fr | tail -1`
+
+local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3)
+
+b0=24.104.34.225
+b1=62.99.220.220
+b2=50.62.177.177
+b3=195.70.4.231
+blacklist=($b0 $b1 $b2 $b3)
+
+s0=`dig +short amadeus.cubedesigners.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s2=`dig +short cloudatlas.cubedesigners.com | tail -1`
+s2_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s2_1=`dig +short hosting.fluidbook.com | tail -1`
+s2_2=`dig +short hosting.cubedesigners.com | tail -1`
+s2_3=`dig +short hosting2.fluidbook.com | tail -1`
+s2_4=`dig +short hosting2.cubedesigners.com | tail -1`
+s2_5=`dig +short git.cubedesigners.com | tail -1`
+s2_6=`dig +short mail.cubedesigners.com | tail -1`
+s2_7=`dig +short mattermost.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short kingkong.cubedesigners.com | tail -1`
+s5=`dig +short elephantman.cubedesigners.com | tail -1`
+s6=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+auth=($s0 $s0_0 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5 $s6)
+
+
+for ip in "${blacklist[@]}"
+do
+        ufw deny from $ip
+        ufw deny to $ip
+done
+
+for ip in "${local[@]}"
+do
+        ufw allow from $ip
+done
+
+for ip in "${auth[@]}"
+do
+	ufw allow from $ip
+	ufw allow to $ip
+	ufw allow out to $ip port 22
+	ufw allow out to $ip port 22022
+	ufw allow out to $ip port 22822
+	ufw allow out to $ip port 22222
+done
+
+#SSH
+ufw deny out 22
+ufw deny out 22022
+ufw deny out 22822
+ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
+# Finally enable firewall
+ufw --force enable
+
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
+# Enable loging
+ufw logging on
+
+# Display status
+ufw status verbose
+
+rm -f /etc/ufw/after.rules.*
+rm -f /etc/ufw/after6.rules.*
+rm -f /etc/ufw/before.rules.*
+rm -f /etc/ufw/before6.rules.*
+rm -f /lib/ufw/user6.rules.*
+rm -f /lib/ufw/user.rules.*
diff --git a/resources/servers/cloudatlas/firewall b/resources/servers/cloudatlas/firewall
index 4a88ba1be..f4ebfc97d 100644
--- a/resources/servers/cloudatlas/firewall
+++ b/resources/servers/cloudatlas/firewall
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DEBIAN_FRONTEND=noninteractive
-apt install --no-install-recommends -y dnsutils
+apt install --no-install-recommends -y dnsutils ufw
 # Reset all rules
 ufw --force reset
 # Disable firewall
@@ -27,26 +27,15 @@ b3=195.70.4.231
 blacklist=($b0 $b1 $b2 $b3)
 
 s0=`dig +short amadeus.cubedesigners.com | tail -1`
-s1=`dig +short alphaville.cubedesigners.com | tail -1`
-s1_0=`dig +short toolbox.fluidbook.com | tail -1`
-s3=`dig +short dracula.cubedesigners.com | tail -1`
-s3_0=`dig +short devdock.cubedesigners.com | tail -1`
-s4=`dig +short dobermann.cubedesigners.com | tail -1`
-s5=`dig +short kingkong.cubedesigners.com | tail -1`
-s6=`dig +short elephantman.cubedesigners.com | tail -1`
-s7=`dig +short fastandfurious.cubedesigners.com | tail -1`
-
-auth=($s0 $s1 $s1_0 $s3 $s3_0 $s4 $s5 $s6 $s7)
-
-ufw allow 53
-ufw allow 80
-ufw allow 443
-ufw allow 25
-ufw allow 143
-ufw allow 465
-ufw allow 587
-ufw allow 993
-ufw allow 4190
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short benhur.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short kingkong.cubedesigners.com | tail -1`
+s5=`dig +short elephantman.cubedesigners.com | tail -1`
+s6=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+auth=($s0 $s0_0 $s1 $s3 $s4 $s5 $s6)
+
 
 for ip in "${blacklist[@]}"
 do
@@ -74,9 +63,32 @@ ufw deny out 22
 ufw deny out 22022
 ufw deny out 22822
 ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
 # Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/dobermann/firewall b/resources/servers/dobermann/firewall
index 69d244129..891e8fc9e 100644
--- a/resources/servers/dobermann/firewall
+++ b/resources/servers/dobermann/firewall
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DEBIAN_FRONTEND=noninteractive
-apt install --no-install-recommends -y dnsutils
+apt install --no-install-recommends -y dnsutils ufw
 # Reset all rules
 ufw --force reset
 # Disable firewall
@@ -27,19 +27,22 @@ b3=195.70.4.231
 blacklist=($b0 $b1 $b2 $b3)
 
 s0=`dig +short amadeus.cubedesigners.com | tail -1`
-s1=`dig +short alphaville.cubedesigners.com | tail -1`
-s1_0=`dig +short toolbox.fluidbook.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short benhur.cubedesigners.com | tail -1`
 s2=`dig +short cloudatlas.cubedesigners.com | tail -1`
-s2_0=`dig +short git.cubedesigners.com | tail -1`
-s2_1=`dig +short mail.cubedesigners.com | tail -1`
-s2_2=`dig +short mail2.cubedesigners.com | tail -1`
-s3=`dig +short dracula.cubedesigners.com | tail -1`
-s3_0=`dig +short devdock.cubedesigners.com | tail -1`
-s5=`dig +short kingkong.cubedesigners.com | tail -1`
-s6=`dig +short elephantman.cubedesigners.com | tail -1`
-s7=`dig +short fastandfurious.cubedesigners.com | tail -1`
-
-auth=($s0 $s1 $s1_0 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s5 $s6 $s7)
+s2_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s2_1=`dig +short hosting.fluidbook.com | tail -1`
+s2_2=`dig +short hosting.cubedesigners.com | tail -1`
+s2_3=`dig +short hosting2.fluidbook.com | tail -1`
+s2_4=`dig +short hosting2.cubedesigners.com | tail -1`
+s2_5=`dig +short git.cubedesigners.com | tail -1`
+s2_6=`dig +short mail.cubedesigners.com | tail -1`
+s2_7=`dig +short mattermost.cubedesigners.com | tail -1`
+s4=`dig +short kingkong.cubedesigners.com | tail -1`
+s5=`dig +short elephantman.cubedesigners.com | tail -1`
+s6=`dig +short fastandfurious.cubedesigners.com | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s4 $s5 $s6)
 
 c0=`dig +short www.fondation-sycomore.com | tail -1`
 backup=($c0)
@@ -78,9 +81,32 @@ ufw deny out 22
 ufw deny out 22022
 ufw deny out 22822
 ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
 # Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/elephantman/firewall b/resources/servers/elephantman/firewall
index 4f6c57141..14cd439db 100644
--- a/resources/servers/elephantman/firewall
+++ b/resources/servers/elephantman/firewall
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DEBIAN_FRONTEND=noninteractive
-apt install --no-install-recommends -y dnsutils
+apt install --no-install-recommends -y dnsutils ufw
 # Reset all rules
 ufw --force reset
 # Disable firewall
@@ -27,19 +27,22 @@ b3=195.70.4.231
 blacklist=($b0 $b1 $b2 $b3)
 
 s0=`dig +short amadeus.cubedesigners.com | tail -1`
-s1=`dig +short alphaville.cubedesigners.com | tail -1`
-s1_0=`dig +short toolbox.fluidbook.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short benhur.cubedesigners.com | tail -1`
 s2=`dig +short cloudatlas.cubedesigners.com | tail -1`
-s2_0=`dig +short git.cubedesigners.com | tail -1`
-s2_1=`dig +short mail.cubedesigners.com | tail -1`
-s2_2=`dig +short mail2.cubedesigners.com | tail -1`
-s3=`dig +short dracula.cubedesigners.com | tail -1`
-s3_0=`dig +short devdock.cubedesigners.com | tail -1`
-s4=`dig +short dobermann.cubedesigners.com | tail -1`
-s5=`dig +short kingkong.cubedesigners.com | tail -1`
-s7=`dig +short fastandfurious.cubedesigners.com | tail -1`
+s2_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s2_1=`dig +short hosting.fluidbook.com | tail -1`
+s2_2=`dig +short hosting.cubedesigners.com | tail -1`
+s2_3=`dig +short hosting2.fluidbook.com | tail -1`
+s2_4=`dig +short hosting2.cubedesigners.com | tail -1`
+s2_5=`dig +short git.cubedesigners.com | tail -1`
+s2_6=`dig +short mail.cubedesigners.com | tail -1`
+s2_7=`dig +short mattermost.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short kingkong.cubedesigners.com | tail -1`
+s6=`dig +short fastandfurious.cubedesigners.com | tail -1`
 
-auth=($s0 $s1 $s1_0 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s7)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s6)
 
 
 for ip in "${blacklist[@]}"
@@ -73,9 +76,32 @@ ufw deny out 22
 ufw deny out 22022
 ufw deny out 22822
 ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
 # Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/fastandfurious/firewall b/resources/servers/fastandfurious/firewall
index 39f5b1695..bd363943f 100644
--- a/resources/servers/fastandfurious/firewall
+++ b/resources/servers/fastandfurious/firewall
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DEBIAN_FRONTEND=noninteractive
-apt install --no-install-recommends -y dnsutils
+apt install --no-install-recommends -y dnsutils ufw
 # Reset all rules
 ufw --force reset
 # Disable firewall
@@ -27,19 +27,22 @@ b3=195.70.4.231
 blacklist=($b0 $b1 $b2 $b3)
 
 s0=`dig +short amadeus.cubedesigners.com | tail -1`
-s1=`dig +short alphaville.cubedesigners.com | tail -1`
-s1_0=`dig +short toolbox.fluidbook.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short benhur.cubedesigners.com | tail -1`
 s2=`dig +short cloudatlas.cubedesigners.com | tail -1`
-s2_0=`dig +short git.cubedesigners.com | tail -1`
-s2_1=`dig +short mail.cubedesigners.com | tail -1`
-s2_2=`dig +short mail2.cubedesigners.com | tail -1`
-s3=`dig +short dracula.cubedesigners.com | tail -1`
-s3_0=`dig +short devdock.cubedesigners.com | tail -1`
-s4=`dig +short dobermann.cubedesigners.com | tail -1`
-s5=`dig +short kingkong.cubedesigners.com | tail -1`
-s6=`dig +short elephantman.cubedesigners.com | tail -1`
-
-auth=($s0 $s1 $s1_0 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s6)
+s2_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s2_1=`dig +short hosting.fluidbook.com | tail -1`
+s2_2=`dig +short hosting.cubedesigners.com | tail -1`
+s2_3=`dig +short hosting2.fluidbook.com | tail -1`
+s2_4=`dig +short hosting2.cubedesigners.com | tail -1`
+s2_5=`dig +short git.cubedesigners.com | tail -1`
+s2_6=`dig +short mail.cubedesigners.com | tail -1`
+s2_7=`dig +short mattermost.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s4=`dig +short kingkong.cubedesigners.com | tail -1`
+s5=`dig +short elephantman.cubedesigners.com | tail -1`
+
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s4 $s5)
 
 ufw allow 51820
 
@@ -74,9 +77,32 @@ ufw deny out 22
 ufw deny out 22022
 ufw deny out 22822
 ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
 # Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/kingkong/firewall b/resources/servers/kingkong/firewall
index 5a59326d9..91715c81e 100644
--- a/resources/servers/kingkong/firewall
+++ b/resources/servers/kingkong/firewall
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 export DEBIAN_FRONTEND=noninteractive
-apt install --no-install-recommends -y dnsutils
+apt install --no-install-recommends -y dnsutils ufw
 # Reset all rules
 ufw --force reset
 # Disable firewall
@@ -27,22 +27,23 @@ b3=195.70.4.231
 blacklist=($b0 $b1 $b2 $b3)
 
 s0=`dig +short amadeus.cubedesigners.com | tail -1`
-s1=`dig +short alphaville.cubedesigners.com | tail -1`
-s1_0=`dig +short toolbox.fluidbook.com | tail -1`
+s0_0=`dig +short toolbox.fluidbook.com | tail -1`
+s1=`dig +short benhur.cubedesigners.com | tail -1`
 s2=`dig +short cloudatlas.cubedesigners.com | tail -1`
-s2_0=`dig +short git.cubedesigners.com | tail -1`
-s2_1=`dig +short mail.cubedesigners.com | tail -1`
-s2_2=`dig +short mail2.cubedesigners.com | tail -1`
-s3=`dig +short dracula.cubedesigners.com | tail -1`
-s3_0=`dig +short devdock.cubedesigners.com | tail -1`
-s4=`dig +short dobermann.cubedesigners.com | tail -1`
-s6=`dig +short elephantman.cubedesigners.com | tail -1`
-s7=`dig +short fastandfurious.cubedesigners.com | tail -1`
+s2_0=`dig +short hostingdev.cubedesigners.com | tail -1`
+s2_1=`dig +short hosting.fluidbook.com | tail -1`
+s2_2=`dig +short hosting.cubedesigners.com | tail -1`
+s2_3=`dig +short hosting2.fluidbook.com | tail -1`
+s2_4=`dig +short hosting2.cubedesigners.com | tail -1`
+s2_5=`dig +short git.cubedesigners.com | tail -1`
+s2_6=`dig +short mail.cubedesigners.com | tail -1`
+s2_7=`dig +short mattermost.cubedesigners.com | tail -1`
+s3=`dig +short dobermann.cubedesigners.com | tail -1`
+s5=`dig +short elephantman.cubedesigners.com | tail -1`
+s6=`dig +short fastandfurious.cubedesigners.com | tail -1`
 
-auth=($s0 $s1 $s1_0 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s6 $s7)
+auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s2_3 $s2_4 $s2_5 $s2_6 $s2_7 $s3 $s5 $s6)
 
-ufw allow 80
-ufw allow 443
 
 for ip in "${blacklist[@]}"
 do
@@ -75,9 +76,32 @@ ufw deny out 22
 ufw deny out 22022
 ufw deny out 22822
 ufw deny out 22222
+
+
+skip_containers=("portainer" )
+
+sudo wget -O /usr/local/bin/ufw-docker https://github.com/chaifeng/ufw-docker/raw/master/ufw-docker
+sudo chmod +x /usr/local/bin/ufw-docker
 # Finally enable firewall
 ufw --force enable
 
+# Enable
+ufw-docker install
+docker ps --filter publish=1-65535 --filter status=running --format "table {{.Names}}" | tail -n +2 | while read container; do
+	# Check if the current line is in the skip_lines array
+    skip=false
+    for skip_container in "${skip_containers[@]}"; do
+        if [[ "$container" == "$skip_container" ]]; then
+            skip=true
+            break
+        fi
+    done
+
+    if ! $skip; then
+        ufw-docker allow "$container"
+    fi
+done
+
 # Enable loging
 ufw logging on
 
diff --git a/resources/servers/update.bat b/resources/servers/update.bat
index 9369a87e9..384014e90 100644
--- a/resources/servers/update.bat
+++ b/resources/servers/update.bat
@@ -6,15 +6,12 @@ cd /D D:\Works\FluidbookToolbox\resources\servers
 scp -P 22 ./amadeus/firewall root@amadeus.cubedesigners.com:/usr/local/bin/fw
 ssh -p 22 root@amadeus.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw'
 
-scp -P 22 ./alphaville/firewall root@alphaville.cubedesigners.com:/usr/local/bin/fw
-ssh -p 22 root@alphaville.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw'
+scp -P 22 ./benhur/firewall root@benhur.cubedesigners.com:/usr/local/bin/fw
+ssh -p 22 root@benhur.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw'
 
 scp -P 22 ./cloudatlas/firewall root@cloudatlas.cubedesigners.com:/usr/local/bin/fw
 ssh -p 22 root@cloudatlas.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw'
 
-scp -P 22 ./dracula/firewall root@dracula.cubedesigners.com:/usr/local/bin/fw
-ssh -p 22 root@dracula.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw'
-
 scp -P 22 ./dobermann/firewall root@dobermann.cubedesigners.com:/usr/local/bin/fw
 ssh -p 22 root@dobermann.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw'
 
-- 
2.39.5