49 lines
2.4 KiB
Bash
49 lines
2.4 KiB
Bash
#!/bin/bash
|
|
set -o errexit -o pipefail -o noclobber -o nounset -o errtrace -o functrace
|
|
|
|
# Run after first reboot when firewalld and fail2ban are installed
|
|
systemctl enable --now firewalld
|
|
|
|
firewall-cmd --zone=internal --add-source=192.168.0.0/16 --add-source=172.16.0.0/12 --add-source=10.0.0.0/8 --permanent
|
|
firewall-cmd --zone=internal --add-service=ssh --permanent
|
|
firewall-cmd --zone=internal --add-service=dns --permanent
|
|
firewall-cmd --zone=internal --add-service=samba --permanent
|
|
firewall-cmd --zone=internal --add-port=5335/tcp --permanent
|
|
firewall-cmd --zone=internal --add-port=5335/udp --permanent
|
|
firewall-cmd --zone=internal --add-port=3129/tcp --permanent
|
|
firewall-cmd --zone=internal --add-port=3129/udp --permanent
|
|
firewall-cmd --zone=internal --add-port=9090/tcp --permanent
|
|
firewall-cmd --zone=internal --add-port=9090/udp --permanent
|
|
firewall-cmd --zone=internal --add-port=2222/tcp --permanent
|
|
|
|
firewall-cmd --add-service=http --permanent
|
|
firewall-cmd --add-service=https --permanent
|
|
firewall-cmd --add-port=8080/tcp --permanent
|
|
firewall-cmd --add-port=8080/udp --permanent
|
|
firewall-cmd --add-port=4443/tcp --permanent
|
|
firewall-cmd --add-port=4443/udp --permanent
|
|
firewall-cmd --add-port=6881/tcp --permanent
|
|
firewall-cmd --zone=internal --add-service=http --permanent
|
|
firewall-cmd --zone=internal --add-service=https --permanent
|
|
firewall-cmd --zone=internal --add-port=8080/tcp --permanent
|
|
firewall-cmd --zone=internal --add-port=8080/udp --permanent
|
|
firewall-cmd --zone=internal --add-port=4443/tcp --permanent
|
|
firewall-cmd --zone=internal --add-port=4443/udp --permanent
|
|
firewall-cmd --zone=internal --add-port=6881/tcp --permanent
|
|
|
|
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
|
|
firewall-cmd --add-forward-port=port=80:proto=udp:toport=8080 --permanent
|
|
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=4443 --permanent
|
|
firewall-cmd --add-forward-port=port=443:proto=udp:toport=4443 --permanent
|
|
firewall-cmd --zone=internal --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
|
|
firewall-cmd --zone=internal --add-forward-port=port=80:proto=udp:toport=8080 --permanent
|
|
firewall-cmd --zone=internal --add-forward-port=port=443:proto=tcp:toport=4443 --permanent
|
|
firewall-cmd --zone=internal --add-forward-port=port=443:proto=udp:toport=4443 --permanent
|
|
|
|
firewall-cmd --reload
|
|
|
|
mv /root/jail.local /etc/fail2ban/jail.local
|
|
restorecon -v /etc/fail2ban/jail.local
|
|
|
|
systemctl enable --now fail2ban
|