45 lines
1.2 KiB
Bash
45 lines
1.2 KiB
Bash
|
#!/bin/bash
|
||
|
|
||
|
# root check
|
||
|
if [[ "$UID" -ne 0 ]]; then
|
||
|
echo "This script needs root permissions."
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# Make /etc/jfw directory with "rules" file
|
||
|
# (which is really the iptables script)
|
||
|
if [[ -f /etc/jfw/jfw.rules ]]; then
|
||
|
echo "Found existing jfw configuration, do you wish to overwrite (y/n)?"
|
||
|
read -n 1
|
||
|
if [[ "$REPLY" == "y" ]];then
|
||
|
echo "Overwriting '/etc/jfw/jfw.rules'"
|
||
|
cp jfw.rules /etc/jfw/
|
||
|
chmod -R 700 /etc/jfw
|
||
|
else
|
||
|
echo "Not overwriting '/etc/jfw/jfw.rules' ."
|
||
|
fi
|
||
|
else
|
||
|
mkdir -p /etc/jfw
|
||
|
cp jfw.rules /etc/jfw/
|
||
|
chmod -R 700 /etc/jfw
|
||
|
fi
|
||
|
|
||
|
# Create symlink to jfw.rules:
|
||
|
ln -s /etc/jfw/jfw.rules /usr/sbin/jfw
|
||
|
|
||
|
# Install systemd service file,
|
||
|
# Still needs to be enabled automatically
|
||
|
cp jfw.service /etc/systemd/system
|
||
|
systemctl daemon-reload
|
||
|
|
||
|
echo "SSH port (22) is opened by default with JFW."
|
||
|
read -p "Enable & start JFW now (yes/no)? "
|
||
|
|
||
|
if [[ "$REPLY" == "yes" ]]; then
|
||
|
systemctl enable --now jfw
|
||
|
else
|
||
|
echo "You can edit the iptables rules to your liking by editing"
|
||
|
echo "'/etc/jfw/jfw.rules'. Afterwards you can use systemct to start"
|
||
|
echo "and/or enable the firewall."
|
||
|
fi
|