From 63529ad1e23018f51f815a1df07f480cc6fe9b8d Mon Sep 17 00:00:00 2001 From: Vincent Vanwaelscappel Date: Wed, 3 Jul 2024 13:56:56 +0200 Subject: [PATCH] wip #6986 @1 --- app/Fluidbook/Farm.php | 1 - app/Models/TeamServers.php | 3 +- resources/servers/alphaville/firewall | 41 ++++----- resources/servers/brazil/firewall | 93 ------------------- resources/servers/cloudatlas/firewall | 32 +++---- resources/servers/dobermann/firewall | 47 +++++----- resources/servers/dracula/firewall | 36 ++++---- resources/servers/elephantman/firewall | 40 ++++----- resources/servers/fastandfurious/firewall | 40 ++++----- resources/servers/godzilla/firewall | 32 +++---- resources/servers/her2/firewall | 104 ---------------------- resources/servers/kingkong/firewall | 40 ++++----- resources/servers/update.bat | 6 -- 13 files changed, 140 insertions(+), 375 deletions(-) delete mode 100644 resources/servers/brazil/firewall delete mode 100644 resources/servers/her2/firewall diff --git a/app/Fluidbook/Farm.php b/app/Fluidbook/Farm.php index 3e4eea05d..13821ab83 100644 --- a/app/Fluidbook/Farm.php +++ b/app/Fluidbook/Farm.php @@ -21,7 +21,6 @@ class Farm protected static $_farmServers = [ ['name' => 'alphaville', 'host' => 'fluidbook-processfarm', 'port' => 9000, 'weight' => 12, 'region' => Region::EUROPE, 'local' => false], - ['name' => 'brazil', 'host' => 'brazil.cubedesigners.com', 'weight' => 6, 'region' => Region::USA, 'local' => false], ['name' => 'cloudatlas', 'host' => 'cloudatlas.cubedesigners.com', 'weight' => 4, 'region' => Region::EUROPE, 'local' => false], ['name' => 'dracula', 'host' => 'dracula.cubedesigners.com', 'weight' => 1, 'region' => Region::EUROPE, 'local' => true], ['name' => 'dobermann', 'host' => 'dobermann.cubedesigners.com', 'weight' => 6, 'region' => Region::EUROPE, 'local' => false], diff --git a/app/Models/TeamServers.php b/app/Models/TeamServers.php index 5f8b86ed1..31afec7e5 100644 --- a/app/Models/TeamServers.php +++ b/app/Models/TeamServers.php @@ -28,7 +28,7 @@ class TeamServers extends CubistMagicAbstractModel $this->addField('blacklist', Textarea::class, __('Liste noire')); } - public function postSave() + public function onSaved(): bool { Files::emptyDir(resource_path('servers/')); @@ -194,6 +194,7 @@ cd /D D:\Works\FluidbookToolbox\resources\servers' . "\n\n"; } file_put_contents(resource_path('servers') . '/' . 'update.bat', str_replace("\n", "\r\n", $update)); + return parent::onSaved(); } protected static function digOrIP($address) diff --git a/resources/servers/alphaville/firewall b/resources/servers/alphaville/firewall index da8e2c73a..52e14e7c3 100644 --- a/resources/servers/alphaville/firewall +++ b/resources/servers/alphaville/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -25,29 +26,25 @@ b2=50.62.177.177 b3=195.70.4.231 blacklist=($b0 $b1 $b2 $b3) -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` -auth=($s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $s9) +auth=($s1 $s1_0 $s1_1 $s1_2 $s2 $s2_0 $s3 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s5 $s6 $s7) +ufw allow 58745 ufw allow 80 ufw allow 443 diff --git a/resources/servers/brazil/firewall b/resources/servers/brazil/firewall deleted file mode 100644 index 823ecb21d..000000000 --- a/resources/servers/brazil/firewall +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/bash - -export DEBIAN_FRONTEND=noninteractive -apt install --no-install-recommends -y dnsutils -# Reset all rules -ufw --force reset -# Disable firewall -ufw disable - -ufw default allow outgoing - -l0=127.0.0.0/8 -l1=10.0.0.0/8 -l2=172.16.0.0/12 -l3=192.168.0.0/16 -i0=`dig +short paris.cubedesigners.com | tail -1` -i1=`dig +short montpellier.cubedesigners.com | tail -1` -i2=`dig +short tortuga.enhydra.fr | tail -1` - -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) - -b0=24.104.34.225 -b1=62.99.220.220 -b2=50.62.177.177 -b3=195.70.4.231 -blacklist=($b0 $b1 $b2 $b3) - -s0=`dig +short alphaville.cubedesigners.com | tail -1` -s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $s9) - - -for ip in "${blacklist[@]}" -do - ufw deny from $ip - ufw deny to $ip -done - -for ip in "${local[@]}" -do - ufw allow from $ip -done - -for ip in "${auth[@]}" -do - ufw allow from $ip - ufw allow to $ip - ufw allow out to $ip port 22 - ufw allow out to $ip port 22022 - ufw allow out to $ip port 22822 - ufw allow out to $ip port 22222 -done - -#SSH -ufw deny out 22 -ufw deny out 22022 -ufw deny out 22822 -ufw deny out 22222 -# Finally enable firewall -ufw --force enable - -# Enable loging -ufw logging on - -# Display status -ufw status verbose - -rm -f /etc/ufw/after.rules.* -rm -f /etc/ufw/after6.rules.* -rm -f /etc/ufw/before.rules.* -rm -f /etc/ufw/before6.rules.* -rm -f /lib/ufw/user6.rules.* -rm -f /lib/ufw/user.rules.* diff --git a/resources/servers/cloudatlas/firewall b/resources/servers/cloudatlas/firewall index c83bf10bc..6337fb7e9 100644 --- a/resources/servers/cloudatlas/firewall +++ b/resources/servers/cloudatlas/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,24 +28,19 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` -auth=($s0 $s0_0 $s1 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $s9) +auth=($s0 $s0_0 $s2 $s2_0 $s3 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s5 $s6 $s7) ufw allow 53 ufw allow 80 diff --git a/resources/servers/dobermann/firewall b/resources/servers/dobermann/firewall index a6f9ac43a..3f98455c9 100644 --- a/resources/servers/dobermann/firewall +++ b/resources/servers/dobermann/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,31 +28,25 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $s9) - -c0=`dig +short s1.adangelis.com | tail -1` -c1=`dig +short www.fondation-sycomore.com | tail -1` -backup=($c0 $c1) +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` + +auth=($s0 $s0_0 $s1 $s1_0 $s1_1 $s1_2 $s2 $s2_0 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s5 $s6 $s7) + +c0=`dig +short www.fondation-sycomore.com | tail -1` +backup=($c0) ufw allow 53 ufw allow 80 ufw allow 443 diff --git a/resources/servers/dracula/firewall b/resources/servers/dracula/firewall index bf4f68e5c..0c2f2b613 100644 --- a/resources/servers/dracula/firewall +++ b/resources/servers/dracula/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,26 +28,21 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $s9) +auth=($s0 $s0_0 $s1 $s1_0 $s1_1 $s1_2 $s3 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s5 $s6 $s7) ufw allow 53 ufw allow 80 diff --git a/resources/servers/elephantman/firewall b/resources/servers/elephantman/firewall index bffc6288b..c79731787 100644 --- a/resources/servers/elephantman/firewall +++ b/resources/servers/elephantman/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,27 +28,22 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s9) +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` + +auth=($s0 $s0_0 $s1 $s1_0 $s1_1 $s1_2 $s2 $s2_0 $s3 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s5 $s7) for ip in "${blacklist[@]}" diff --git a/resources/servers/fastandfurious/firewall b/resources/servers/fastandfurious/firewall index de2571723..96a97166e 100644 --- a/resources/servers/fastandfurious/firewall +++ b/resources/servers/fastandfurious/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,27 +28,22 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8) +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` + +auth=($s0 $s0_0 $s1 $s1_0 $s1_1 $s1_2 $s2 $s2_0 $s3 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s5 $s6) ufw allow 51820 diff --git a/resources/servers/godzilla/firewall b/resources/servers/godzilla/firewall index 03a4b94a2..671a0a0ac 100644 --- a/resources/servers/godzilla/firewall +++ b/resources/servers/godzilla/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,23 +28,18 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s6 $s6_0 $s6_1 $s6_2 $s7 $s8 $s9) +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s5=`dig +short kingkong.cubedesigners.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` + +auth=($s0 $s0_0 $s1 $s1_0 $s1_1 $s1_2 $s2 $s2_0 $s3 $s5 $s6 $s7) ufw allow 53 ufw allow 80 diff --git a/resources/servers/her2/firewall b/resources/servers/her2/firewall deleted file mode 100644 index 7d876238e..000000000 --- a/resources/servers/her2/firewall +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/bash - -export DEBIAN_FRONTEND=noninteractive -apt install --no-install-recommends -y dnsutils -# Reset all rules -ufw --force reset -# Disable firewall -ufw disable - -ufw default allow outgoing - -l0=127.0.0.0/8 -l1=10.0.0.0/8 -l2=172.16.0.0/12 -l3=192.168.0.0/16 -i0=`dig +short paris.cubedesigners.com | tail -1` -i1=`dig +short montpellier.cubedesigners.com | tail -1` -i2=`dig +short tortuga.enhydra.fr | tail -1` - -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) - -b0=24.104.34.225 -b1=62.99.220.220 -b2=50.62.177.177 -b3=195.70.4.231 -blacklist=($b0 $b1 $b2 $b3) - -s0=`dig +short alphaville.cubedesigners.com | tail -1` -s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s7=`dig +short kingkong.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s7 $s8 $s9) - -ufw allow 53 -ufw allow 80 -ufw allow 443 -ufw allow 25 -ufw allow 143 -ufw allow 465 -ufw allow 587 -ufw allow 993 -ufw allow 4190 - -for ip in "${blacklist[@]}" -do - ufw deny from $ip - ufw deny to $ip -done - -for ip in "${local[@]}" -do - ufw allow from $ip -done - -for ip in "${auth[@]}" -do - ufw allow from $ip - ufw allow to $ip - ufw allow out to $ip port 22 - ufw allow out to $ip port 22022 - ufw allow out to $ip port 22822 - ufw allow out to $ip port 22222 -done - -for ip in "${backup[@]}" -do - ufw allow in from $ip port 22 -done - -#SSH -ufw deny out 22 -ufw deny out 22022 -ufw deny out 22822 -ufw deny out 22222 -# Finally enable firewall -ufw --force enable - -# Enable loging -ufw logging on - -# Display status -ufw status verbose - -rm -f /etc/ufw/after.rules.* -rm -f /etc/ufw/after6.rules.* -rm -f /etc/ufw/before.rules.* -rm -f /etc/ufw/before6.rules.* -rm -f /lib/ufw/user6.rules.* -rm -f /lib/ufw/user.rules.* diff --git a/resources/servers/kingkong/firewall b/resources/servers/kingkong/firewall index a15bc8f12..761986f49 100644 --- a/resources/servers/kingkong/firewall +++ b/resources/servers/kingkong/firewall @@ -16,8 +16,9 @@ l3=192.168.0.0/16 i0=`dig +short paris.cubedesigners.com | tail -1` i1=`dig +short montpellier.cubedesigners.com | tail -1` i2=`dig +short tortuga.enhydra.fr | tail -1` +i3=`dig +short cocodrilo.enhydra.fr | tail -1` -local=($l0 $l1 $l2 $l3 $i0 $i1 $i2) +local=($l0 $l1 $l2 $l3 $i0 $i1 $i2 $i3) b0=24.104.34.225 b1=62.99.220.220 @@ -27,27 +28,22 @@ blacklist=($b0 $b1 $b2 $b3) s0=`dig +short alphaville.cubedesigners.com | tail -1` s0_0=`dig +short toolbox.fluidbook.com | tail -1` -s1=`dig +short brazil.cubedesigners.com | tail -1` -s2=`dig +short cloudatlas.cubedesigners.com | tail -1` -s2_0=`dig +short git.cubedesigners.com | tail -1` -s2_1=`dig +short mail.cubedesigners.com | tail -1` -s2_2=`dig +short mail2.cubedesigners.com | tail -1` -s3=`dig +short dracula.cubedesigners.com | tail -1` -s3_0=`dig +short devdock.cubedesigners.com | tail -1` -s4=`dig +short dobermann.cubedesigners.com | tail -1` -s5=`dig +short godzilla.cubedesigners.com | tail -1` -s5_0=`dig +short hostingdev.cubedesigners.com | tail -1` -s5_1=`dig +short hosting.cubedesigners.com | tail -1` -s5_2=`dig +short hosting2.fluidbook.com | tail -1` -s5_3=`dig +short hosting.fluidbook.com | tail -1` -s6=`dig +short her2.cubedesigners.com | tail -1` -s6_0=`dig +short her.cubedesigners.com | tail -1` -s6_1=`dig +short mail.cubedesigners.com | tail -1` -s6_2=`dig +short mail2.cubedesigners.com | tail -1` -s8=`dig +short elephantman.cubedesigners.com | tail -1` -s9=`dig +short fastandfurious.cubedesigners.com | tail -1` - -auth=($s0 $s0_0 $s1 $s2 $s2_0 $s2_1 $s2_2 $s3 $s3_0 $s4 $s5 $s5_0 $s5_1 $s5_2 $s5_3 $s6 $s6_0 $s6_1 $s6_2 $s8 $s9) +s1=`dig +short cloudatlas.cubedesigners.com | tail -1` +s1_0=`dig +short git.cubedesigners.com | tail -1` +s1_1=`dig +short mail.cubedesigners.com | tail -1` +s1_2=`dig +short mail2.cubedesigners.com | tail -1` +s2=`dig +short dracula.cubedesigners.com | tail -1` +s2_0=`dig +short devdock.cubedesigners.com | tail -1` +s3=`dig +short dobermann.cubedesigners.com | tail -1` +s4=`dig +short godzilla.cubedesigners.com | tail -1` +s4_0=`dig +short hostingdev.cubedesigners.com | tail -1` +s4_1=`dig +short hosting.cubedesigners.com | tail -1` +s4_2=`dig +short hosting2.fluidbook.com | tail -1` +s4_3=`dig +short hosting.fluidbook.com | tail -1` +s6=`dig +short elephantman.cubedesigners.com | tail -1` +s7=`dig +short fastandfurious.cubedesigners.com | tail -1` + +auth=($s0 $s0_0 $s1 $s1_0 $s1_1 $s1_2 $s2 $s2_0 $s3 $s4 $s4_0 $s4_1 $s4_2 $s4_3 $s6 $s7) ufw allow 80 ufw allow 443 diff --git a/resources/servers/update.bat b/resources/servers/update.bat index 5a99cdc9b..59e74f22e 100644 --- a/resources/servers/update.bat +++ b/resources/servers/update.bat @@ -6,9 +6,6 @@ cd /D D:\Works\FluidbookToolbox\resources\servers scp -P 22 ./alphaville/firewall root@alphaville.cubedesigners.com:/usr/local/bin/fw ssh -p 22 root@alphaville.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw' -scp -P 22 ./brazil/firewall root@brazil.cubedesigners.com:/usr/local/bin/fw -ssh -p 22 root@brazil.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw' - scp -P 22 ./cloudatlas/firewall root@cloudatlas.cubedesigners.com:/usr/local/bin/fw ssh -p 22 root@cloudatlas.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw' @@ -21,9 +18,6 @@ ssh -p 22 root@dobermann.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /u scp -P 22 ./godzilla/firewall root@godzilla.cubedesigners.com:/usr/local/bin/fw ssh -p 22 root@godzilla.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw' -scp -P 22 ./her2/firewall root@her2.cubedesigners.com:/usr/local/bin/fw -ssh -p 22 root@her2.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw' - scp -P 22 ./kingkong/firewall root@kingkong.cubedesigners.com:/usr/local/bin/fw ssh -p 22 root@kingkong.cubedesigners.com 'chmod 755 /usr/local/bin/fw;rm -f /usr/local/bin/firewall;/usr/local/bin/fw' -- 2.39.5