Changed transmission to deluge. Simplify ufw rules

2020-11-10 23:31:05 +01:00
parent 3d97cd5302
commit 69bd27150f
10515 changed files with 666 additions and 2369 deletions
--- a/root/etc/ufw/enable.sh
+++ b/root/etc/ufw/enable.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+set -e
+
+TIMESTAMP_FORMAT='%a %b %d %T %Y'
+log() {
+  echo "$(date +"${TIMESTAMP_FORMAT}") [tunnel-up] $*"
+}
+# Source our persisted env variables from container startup
+. /etc/deluge/environment-variables.sh
+
+log "Firewall script executed with $*"
+
+# Enable firewall
+log "enabling firewall"
+sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
+
+# Block all outgoing
+log "Deny all outgoing traffic"
+ufw default deny outgoing
+# Block all incoming
+log "Deny all incoming traffic"
+ufw default deny incoming
+
+# Allow LOCAL_NETWORK
+if [[ -n "${LOCAL_NETWORK-}" ]]; then
+  for localNet in ${LOCAL_NETWORK//,/ }; do
+    log "Allow in and out from ${localNet}"
+    ufw allow in to ${localNet}
+    ufw allow out to ${localNet}
+  done
+fi
+
+# Allow outgoing traffic on the vpn interface ${1} in principle tun0
+log "Allow outgoing traffic on ${1}"
+ufw allow out on ${1} from any to any
+
+# Allow connection to the VPN IP server
+log "Getting server and port from ${2}"
+VPN_SERVER_IP=$(cat ${2} | grep -H "remote" | head -1 | cut -d " " -f 3)
+VPN_PORT=$(cat ${2} | grep -H "remote" | head -1 | cut -d " " -f 4)
+log "Got IP ${VPN_SERVER_IP} and port ${VPN_PORT}"
+
+PROTOCOL="udp"
+if [[ -n ${NORDVPN_PROTOCOL} ]]; then
+  PROTOCOL=${NORDVPN_PROTOCOL}
+fi
+
+log "Allow to connect to ${VPN_SERVER_IP} on port ${VPN_PORT} using ${PROTOCOL}"
+ufw allow out to ${VPN_SERVER_IP} port ${VPN_PORT} proto ${PROTOCOL}
+
+ufw enable
+ufw status