simple ufw_script

1. #!/bin/bash
2.  
3. ##########################################################
4. # Because otherwise this is a pain
5. ##########################################################
6.  
7. echo "Did you run this script with sudo privileges? If not, Ctrl-C."
8. echo "Otherwise, press any key to continue."
9. read
10.  
11. sudo ufw disable
12.  
13. ##########################################################
14. # To reset
15. ##########################################################
16. echo y | sudo ufw reset
17.  
18. # To delete a rule, add the word delete after ufw, which means you can
19. # script dynamic rule changing fairly easily.
20.  
21. ##########################################################
22. # Internet Exposed Apps
23. ##########################################################
24. sudo ufw allow Crashplan
25. sudo ufw allow Deluge
26. #sudo ufw allow Icecast
27. sudo ufw allow BTSync
28.  
29.  
30. ##########################################################
31. # LAN System Apps
32. ##########################################################
33. # FTP - it's a service, so no app profile
34. sudo ufw allow proto tcp from 192.168.1.0/24 to any port 20
35. sudo ufw allow proto tcp from 192.168.1.0/24 to any port 21
36. # WakeOnLan
37. sudo ufw allow from 192.168.1.0/24 to any port 9
38. sudo ufw allow from 192.168.1.0/24 to any app CUPS
39.  
40.  
41. ##########################################################
42. # And close up everything else
43. # This is last because UFW evaluates from top to bottom.  ALWAYS.
44. # So if you put these first (as some guides have you do) or worse,
45. # put "deny in to any" as your first rule, then you're borked.
46. # Putting your DEFAULTS like this, though, means they're evaluated last,
47. # which is our desired behavior - and lets us add rules later easily.
48. ##########################################################
49. sudo ufw default reject incoming
50. sudo ufw default allow outgoing
51.  
52. sudo ufw enable