From: Damian Myrda <monkey.damianek@gmail.com>
Date: Sat, 7 Sep 2024 22:46:19 +0000 (-0500)
Subject: Added firewall
X-Git-Url: http://git.prime8.dev/?a=commitdiff_plain;h=4e011e177cbde94862b872fa6196face3c9c63a3;p=p8d.git

Added firewall
---

diff --git a/setup.sh b/setup.sh
index bac50be..deb15c4 100755
--- a/setup.sh
+++ b/setup.sh
@@ -1,15 +1,5 @@
 #!/bin/sh
 
-echo "securing ssh"
-PORT=2222
-sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
-            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
-            -e 's/^#\?UsePAM .*/UsePAM no/' \
-            -e 's/^#\?Port .*/Port $PORT/' \
-            /etc/ssh/sshd_config
-echo "switched port to $PORT"
-sudo systemctl restart sshd
-
 echo "setting up services"
 docker compose build
 docker compose up mail -d
@@ -20,3 +10,20 @@ docker compose exec -it mail setup config dkim
 docker exec -it mail cat /tmp/docker-mailserver/opendkim/keys/prime8.dev/mail.txt
 docker compose down
 echo "services are set up"
+
+echo "setting up firewall"
+sudo ufw default deny incoming
+sudo ufw defualt allow outgoing
+sudo ufw allow 2222,80,443,25,143,465,587,993,22,9418/tcp
+sudo ufw enable
+echo "firewall set up"
+
+echo "securing ssh"
+PORT=2222
+sudo sed -i -e 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' \
+            -e 's/^#\?PermitRootLogin .*/PermitRootLogin no/' \
+            -e 's/^#\?UsePAM .*/UsePAM no/' \
+            -e 's/^#\?Port .*/Port $PORT/' \
+            /etc/ssh/sshd_config
+echo "switched port to $PORT"
+sudo systemctl restart sshd