Nano/lazy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add UFW configuration support

Browse Source
This commit is contained in:
Konano 2025-08-29 17:59:40 +08:00
parent af62764573
commit 3776b05bed
Signed by: Nano
GPG Key ID: 93686B78EE43A65A
2 changed files with 42 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
configure_priv.sh
View File

@ -341,6 +341,17 @@ configure_iptables() {
[ $offline -eq 1 ] && return [ $offline -eq 1 ] && return
[ "$(uname)" = "Darwin" ] && return [ "$(uname)" = "Darwin" ] && return
# 如果 ufw 是 active就直接返回
if command_exists ufw; then
if sudo ufw status | grep -q "Status: active"; then
echo "检测到 ufw 已启用,跳过 iptables 配置。"
return
fi
if confirm_action "检测到 ufw 已存在,是否直接使用 ufw 进行管理,跳过 iptables" "Y"; then
return
fi
fi
if command_exists ifquery && systemctl is-active --quiet networking; then if command_exists ifquery && systemctl is-active --quiet networking; then
# ifupdown: /etc/network/if-pre-up.d/iptables-load # ifupdown: /etc/network/if-pre-up.d/iptables-load
[ -f /etc/network/if-pre-up.d/iptables-load ] && return [ -f /etc/network/if-pre-up.d/iptables-load ] && return
@ -370,6 +381,32 @@ configure_iptables() {
fi fi
} }
configure_ufw() {
[ $offline -eq 1 ] && return
[ "$(uname)" = "Darwin" ] && return
! command_exists ufw && return
if sudo ufw status | grep -q "Status: inactive"; then
return
fi
# 如果 ufw 没有被脚本初始化过
if ! sudo ufw status verbose | grep -q "Initialized by lazy"; then
if confirm_action "要配置 ufw 吗?" "N"; then
# 默认拒绝所有入站连接
sudo ufw default deny incoming
sudo ufw default allow outgoing
# 允许常用端口
sudo ufw allow ssh comment 'SSH (Initialized by lazy)'
sudo ufw allow http
sudo ufw allow https
sudo ufw allow 2263/tcp comment 'SSH'
sudo ufw allow 9443/tcp comment 'gost-proxy'
sudo ufw allow 6330/tcp comment 'node-exporter'
fi
fi
}
configure_zsh_prefix() { configure_zsh_prefix() {
[ -f ~/.zsh_user ] || return [ -f ~/.zsh_user ] || return
@ -595,6 +632,7 @@ configure_tmux
configure_docker configure_docker
configure_fail2ban configure_fail2ban
configure_iptables configure_iptables
configure_ufw
# configure_hostname # configure_hostname
configure_timedate configure_timedate
configure_bootinfo configure_bootinfo

4
files/iptables-load
View File

@ -48,4 +48,8 @@ iptables -P INPUT DROP
add_input_tcp_filter 9443 gost-proxy add_input_tcp_filter 9443 gost-proxy
add_input_tcp_filter 6330 node-exporter add_input_tcp_filter 6330 node-exporter
##########
# if you use ufw, please execute `sudo ufw allow xxxx/tcp comment 'xxxx'``
##########
# ==================== # ====================