Added firewall

diff --git a/setup.sh b/setup.sh
index bac50be53df31daeed5df31f1694935d400bc589..deb15c4c605ea64018c8cfc4e157a9e2f3c1ac26 100755 (executable)
--- a/setup.sh
+++ b/setup.sh
@@ -1,15 +1,5 @@
 #!/bin/sh
 
-echo "securing ssh"
-PORT=2222
-sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
-            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
-            -e 's/^#\?UsePAM .*/UsePAM no/' \
-            -e 's/^#\?Port .*/Port $PORT/' \
-            /etc/ssh/sshd_config
-echo "switched port to $PORT"
-sudo systemctl restart sshd
-
 echo "setting up services"
 docker compose build
 docker compose up mail -d
@@ -20,3 +10,20 @@ docker compose exec -it mail setup config dkim
 docker exec -it mail cat /tmp/docker-mailserver/opendkim/keys/prime8.dev/mail.txt
 docker compose down
 echo "services are set up"
+
+echo "setting up firewall"
+sudo ufw default deny incoming
+sudo ufw defualt allow outgoing
+sudo ufw allow 2222,80,443,25,143,465,587,993,22,9418/tcp
+sudo ufw enable
+echo "firewall set up"
+
+echo "securing ssh"
+PORT=2222
+sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
+            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
+            -e 's/^#\?UsePAM .*/UsePAM no/' \
+            -e 's/^#\?Port .*/Port $PORT/' \
+            /etc/ssh/sshd_config
+echo "switched port to $PORT"
+sudo systemctl restart sshd