def addORdeleteRule():
aORdQuestion = input(
"Would you like to add or Delete a rule from the firewall, Yes (Y) or No (N):"
)
if (aORdQuestion == "Y" or aORdQuestion == "y"):
aORd = input(
"Would you like to do Add a rule or Delete a rule (A) or (D):")
if (aORd == "A" or aORd == "a"):
aport = input(
"Enter the ports you would like to add from the firewall with a comma seperating them:"
)
ufw.add("allow aport")
else:
numORrule = input(
"Would you like to delete by number or rule, Num (N) or Rule (R):"
)
if (numORrule == "R" or numORrule == "r"):
dport = input(
"Enter the ports you would like to delete from the firewall with a common seperating them:"
)
ufw.delete("allow dport")
else:
ufw.get_rules()
dport = input(
"Enter the ports you would like to delete from the firewall with a common seperating them:"
)
ufw.delete(dport)
def ip_banner():
"""get ip from docker log
这一版本假定当前host所有的docker都在跑ssr
"""
"""------ read docker containers ------"""
c_list = client.containers.list(all=False)
"""------------get ip------------------"""
ip_re = re.compile(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
token_re = re.compile("failed to handshake with " +
r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" +
": authentication error")
for cur_container in c_list:
cur_container_log = cur_container.logs(
tail=log_tail_from).decode("utf-8")
for ip in token_re.findall(cur_container_log):
cur_ip = ip_re.findall(ip)[0]
# exceptional white-list
if cur_ip == "127.0.0.1":
continue
"""
[Ban IP Operation]
1. system wide ufw update
2. update database in docker (will auto-backup date when exit or terminated)
"""
syslog.syslog(
syslog.LOG_NOTICE,
'[SS-MONITOR]: adding new ip: {_ip} \n'.format(_ip=cur_ip))
ufw.add("deny from {_ip} to any".format(_ip=cur_ip))
db_container.exec_run(cmd=permanent_banner(cur_ip), detach=True)
def ufw_block(request,blocktype,blocktarget):
if (blocktype == "in") | (blocktype == "out"):
ufw.add("deny " + blocktype + " " + blocktarget)
elif blocktype == "host":
ufw.add("deny from " + blocktarget + " to any")
check_ufw()
return HttpResponse("Block Successful")
23 def add_rule_to_firewall( IP ):
24 ufw.add( "deny from {} to any" ).fromat( IP )
25
26 def main():
27 ban_list = get_banlist('https://www.binarydefense.com/banlist.txt')
28 cleaned_list = cleanup_banlist( ban_list )
29 for ip in cleaned_list:
30 add_rule_to_firewall( ip )
31 print("All items have been added")
32 #print(ban_list)
33
34 if __name__ == "__main__":
35 main()
def firewallEnable():
fEnable = input(
"Would you like to enable the UFW Firewall? Yes (Y) or No (N):")
if (fEnable == "Y" or fEnable == "y"):
ufw.enable()
print("UFW has been Enabled.")
SSH = input(
"Would you like to allow or deny port 22 (SSH) to the firewall (Highly Recommended, Denying could revoke access), Allow (A) or Deny (D):"
)
if SSH == "A" or SSH == "a":
ufw.add("allow 22")
print("Port 22 (SSH) has been added to the firewall.")
else:
ufw.delete("allow 22")
print(
"Port 22 (SSH) has been deleted if it was in the firewall."
)
def deploy(email, port):
clear()
input(
"Press enter to deploy Yacht... (This also allows incoming traffic on the port you have specified)"
)
ufw.add('allow ' + str(port))
ufw.reload()
dclient = docker.from_env()
try:
dclient.containers.run(name="yacht",
image="selfhostedpro/yacht:do",
remove=False,
detach=True,
ports={'8000/tcp': port},
volumes={
'/var/run/docker.sock': {
'bind': '/var/run/docker.sock',
'mode': 'rw'
},
'/root/.yacht/config': {
'bind': '/config',
'mode': 'rw'
}
},
environment=[
"ADMIN_EMAIL=" + email,
"SECRET_KEY=" + secrets.token_hex(16)
])
except Exception as e:
clear()
print(e)
input("Press enter to change your port.")
main_loop(email)
clear()
print("\nEmail is set to: " + email)
print(
"\nThe default password is: pass\nPlease change this once you've logged in"
)
print("\nYacht is available on: " + str(port) + '\n')
print(
"If you need to run this script again you can use the following command:"
)
print("/opt/SelfhostedPro/install_yacht.sh")
def webServices():
webVerify = input(
"Would you like to allow port 80, 443 and forward port 80 to 8080, Yes (Y) or No (N):"
)
if (webVerify == "Y" or webVerify == "y"):
ufw.add("allow 80")
ufw.add("allow 443")
fOpen = open("/etc/ufw/before.rules", "r")
contents = fOpen.readlines()
fOpen.close()
contents.insert(9, "\n*nat")
contents.insert(10, "\n:PREROUTING ACCEPT [0:0]")
contents.insert(
11,
"\n-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080")
contents.insert(12, "\nCOMMIT\n")
fOpen = open("/etc/ufw/before.rules", "w")
contents = "".join(contents)
fOpen.write(contents)
fOpen.close()
print("Ports 80 & 443 have been added to the firewall.")
print("Port 80 is now being redirected to port 8080.")
def MySQL():
MySQLverify = input(
"Would you like to open ports for MySQL, Yes (Y) or No (N):")
if (MySQLverify == "Y" or MySQLverify == "y"):
SQLports = input(
"would you like to open the ports for Classic protocol (C), X protocol (X), or Both (B):"
)
if (SQLports == "C" or SQLports == "c"):
ufw.add("allow 3306")
print("Port 3306 has been added to the firewall.")
elif (SQLports == "X" or SQLports == "x"):
ufw.add("allow 33060")
print("Port 33060 has been added to the firewall.")
else:
ufw.add("allow 3306,33060/tcp")
print("Ports 3306 & 33060 have been added to the firewall.")
def allowORblock():
allowORblock = input(
"Would you like to allow specific hosts in the firewall hosts, Yes (Y) or No (N):"
)
if (allowORblock == "Y" or allowORblock == "y"):
hosts = input(
"Please input the IP or MAC Address you would like to allow")
ufw.add("allow from %s" % hosts)
print("%s is now allowed through the firewall." % hosts)
pingAllow = input(
"Would you like to block (Ping/ICMP) requests, Yes (Y) or No (N):"
)
if (pingAllow == "Y" or pingAllow == "y"):
with open('/etc/ufw/before.rules', 'r') as file:
data = file.readlines()
data[
38] = '-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP\n'
data[
39] = '-A ufw-before-input -p icmp --icmp-type source-quench -j DROP\n'
data[
40] = '-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP\n'
data[
41] = '-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP\n'
data[
42] = '-A ufw-before-input -p icmp --icmp-type echo-request -j DROP\n'
with open('/etc/ufw/before.rules', 'w') as file:
file.writelines(data)
print("/etc/ufw/before.rules has been updated to block ICMP")
telnetAllow = input(
"Would you like to allow port 23 (Telnet) through the firewall, Yes (Y) or No (N):"
)
if (telnetAllow == "Y" or telnetAllow == "y"):
ufw.add("allow 23")
print("Port 23 has been added to the firewall.")
else:
pingAllow = input(
"Would you like to block (Ping/ICMP) requests, Yes (Y) or No (N):"
)
if (pingAllow == "Y" or pingAllow == "y"):
with open('/etc/ufw/before.rules', 'r') as file:
data = file.readlines()
data[
38] = '-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP\n'
data[
39] = '-A ufw-before-input -p icmp --icmp-type source-quench -j DROP\n'
data[
40] = '-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP\n'
data[
41] = '-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP\n'
data[
42] = '-A ufw-before-input -p icmp --icmp-type echo-request -j DROP\n'
with open('/etc/ufw/before.rules', 'w') as file:
file.writelines(data)
print("/etc/ufw/before.rules has been updated to block ICMP")
telnetAllow = input(
"Would you like to allow port 23 (Telnet) through the firewall, Yes (Y) or No (N):"
)
if (telnetAllow == "Y" or telnetAllow == "y"):
ufw.add("allow 23")
print("Port 23 has been added to the firewall.")
elif (pingAllow == "N" or pingAllow == "n"):
telnetAllow = input(
"Would you like to allow port 23 (Telnet) through the firewall, Yes (Y) or No (N):"
)
if (telnetAllow == "Y" or telnetAllow == "y"):
ufw.add("allow 23")
print("Port 23 has been added to the firewall.")
def mailPorts():
mailPorts = input(
"What Mail services would like to allow through the firewall SMTP (SMTP), IMAP (IMAP), IMAPS (IMAPS), POP3 (POP3), Some (SOME), or All (A):"
)
if (mailPorts == "SMTP" or mailPorts == "smtp"):
ufw.add("allow 25")
print("Port 25 has been added to the firewall.")
elif (mailPorts == "IMAP" or mailPorts == "imap"):
ufw.add("allow 143")
print("Port 143 has been added to the firewall.")
elif (mailPorts == "IMAPS" or mailPorts == "imaps"):
ufw.add("allow 993")
print("Port 993 has been added to the firewall.")
elif (mailPorts == "POP3" or mailPorts == "pop3"):
ufw.add("allow 110")
print("Port 110 has been added to the firewall.")
elif (mailPorts == "SOME" or mailPorts == "some"):
sPorts = input(
"Please enter the ports of the Services you would like added seperated with a comma:"
)
ufw.add("allow %s" % sPorts)
print("Ports %s have been added to the firewall." % sPorts)
else:
allPorts = "25,143,993,110/tcp"
ufw.add("allow %s" % allPorts)
print("Ports %s have been added to the firewall." % allPorts)
print("\nDelete *")
ufw.delete('*')
print("\nStatus")
pprint(ufw.status())
print("\nAdding defaults")
ufw.default(incoming='deny')
ufw.default(outgoing='allow', routed='reject')
print("\nStatus")
pprint(ufw.status())
print("\nAdding rules")
ufw.add("allow out on tun0 from any to any")
ufw.add("allow in on tun0 from any to any")
print("\nStatus")
pprint(ufw.status())
print("\nListening")
pprint(ufw.show_listening())
print("\nAdded")
pprint(ufw.show_added())
print("\nAdding broken rules")
try:
ufw.add("allow sdfsdf sdf s fds ")
except: