Example #1
0
 def addORdeleteRule():
     aORdQuestion = input(
         "Would you like to add or Delete a rule from the firewall, Yes (Y) or No (N):"
     )
     if (aORdQuestion == "Y" or aORdQuestion == "y"):
         aORd = input(
             "Would you like to do Add a rule or Delete a rule (A) or (D):")
         if (aORd == "A" or aORd == "a"):
             aport = input(
                 "Enter the ports you would like to add from the firewall with a comma seperating them:"
             )
             ufw.add("allow aport")
         else:
             numORrule = input(
                 "Would you like to delete by number or rule, Num (N) or Rule (R):"
             )
             if (numORrule == "R" or numORrule == "r"):
                 dport = input(
                     "Enter the ports you would like to delete from the firewall with a common seperating them:"
                 )
                 ufw.delete("allow dport")
             else:
                 ufw.get_rules()
                 dport = input(
                     "Enter the ports you would like to delete from the firewall with a common seperating them:"
                 )
                 ufw.delete(dport)
Example #2
0
def ip_banner():
    """get ip from docker log
     这一版本假定当前host所有的docker都在跑ssr
  """
    """------ read docker containers ------"""
    c_list = client.containers.list(all=False)
    """------------get ip------------------"""
    ip_re = re.compile(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}')
    token_re = re.compile("failed to handshake with " +
                          r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}" +
                          ": authentication error")
    for cur_container in c_list:
        cur_container_log = cur_container.logs(
            tail=log_tail_from).decode("utf-8")
        for ip in token_re.findall(cur_container_log):
            cur_ip = ip_re.findall(ip)[0]
            # exceptional white-list
            if cur_ip == "127.0.0.1":
                continue
            """ 
          [Ban IP Operation]
          1. system wide ufw update
          2. update database in docker (will auto-backup date when exit or terminated)
      """
            syslog.syslog(
                syslog.LOG_NOTICE,
                '[SS-MONITOR]: adding new ip: {_ip} \n'.format(_ip=cur_ip))
            ufw.add("deny from {_ip} to any".format(_ip=cur_ip))
            db_container.exec_run(cmd=permanent_banner(cur_ip), detach=True)
Example #3
0
def ufw_block(request,blocktype,blocktarget):

    if (blocktype == "in") | (blocktype == "out"):
        ufw.add("deny " + blocktype + " " + blocktarget)

    elif blocktype == "host":
        ufw.add("deny from " + blocktarget + " to any")

    check_ufw()

    return HttpResponse("Block Successful")
 23 def add_rule_to_firewall( IP ):
 24     ufw.add( "deny from {} to any" ).fromat( IP )
 25 
 26 def main():
 27     ban_list = get_banlist('https://www.binarydefense.com/banlist.txt')
 28     cleaned_list = cleanup_banlist( ban_list )
 29     for ip in cleaned_list:
 30         add_rule_to_firewall( ip )
 31     print("All items have been added")
 32     #print(ban_list)
 33 
 34 if __name__ == "__main__":
 35     main()
Example #5
0
 def firewallEnable():
     fEnable = input(
         "Would you like to enable the UFW Firewall? Yes (Y) or No (N):")
     if (fEnable == "Y" or fEnable == "y"):
         ufw.enable()
         print("UFW has been Enabled.")
         SSH = input(
             "Would you like to allow or deny port 22 (SSH) to the firewall (Highly Recommended, Denying could revoke access), Allow (A) or Deny (D):"
         )
         if SSH == "A" or SSH == "a":
             ufw.add("allow 22")
             print("Port 22 (SSH) has been added to the firewall.")
         else:
             ufw.delete("allow 22")
             print(
                 "Port 22 (SSH) has been deleted if it was in the firewall."
             )
Example #6
0
def deploy(email, port):
    clear()
    input(
        "Press enter to deploy Yacht... (This also allows incoming traffic on the port you have specified)"
    )
    ufw.add('allow ' + str(port))
    ufw.reload()
    dclient = docker.from_env()
    try:
        dclient.containers.run(name="yacht",
                               image="selfhostedpro/yacht:do",
                               remove=False,
                               detach=True,
                               ports={'8000/tcp': port},
                               volumes={
                                   '/var/run/docker.sock': {
                                       'bind': '/var/run/docker.sock',
                                       'mode': 'rw'
                                   },
                                   '/root/.yacht/config': {
                                       'bind': '/config',
                                       'mode': 'rw'
                                   }
                               },
                               environment=[
                                   "ADMIN_EMAIL=" + email,
                                   "SECRET_KEY=" + secrets.token_hex(16)
                               ])
    except Exception as e:
        clear()
        print(e)
        input("Press enter to change your port.")
        main_loop(email)
    clear()
    print("\nEmail is set to: " + email)
    print(
        "\nThe default password is: pass\nPlease change this once you've logged in"
    )
    print("\nYacht is available on: " + str(port) + '\n')
    print(
        "If you need to run this script again you can use the following command:"
    )
    print("/opt/SelfhostedPro/install_yacht.sh")
Example #7
0
 def webServices():
     webVerify = input(
         "Would you like to allow port 80, 443 and forward port 80 to 8080, Yes (Y) or No (N):"
     )
     if (webVerify == "Y" or webVerify == "y"):
         ufw.add("allow 80")
         ufw.add("allow 443")
         fOpen = open("/etc/ufw/before.rules", "r")
         contents = fOpen.readlines()
         fOpen.close()
         contents.insert(9, "\n*nat")
         contents.insert(10, "\n:PREROUTING ACCEPT [0:0]")
         contents.insert(
             11,
             "\n-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080")
         contents.insert(12, "\nCOMMIT\n")
         fOpen = open("/etc/ufw/before.rules", "w")
         contents = "".join(contents)
         fOpen.write(contents)
         fOpen.close()
         print("Ports 80 & 443 have been added to the firewall.")
         print("Port 80 is now being redirected to port 8080.")
Example #8
0
 def MySQL():
     MySQLverify = input(
         "Would you like to open ports for MySQL, Yes (Y) or No (N):")
     if (MySQLverify == "Y" or MySQLverify == "y"):
         SQLports = input(
             "would you like to open the ports for Classic protocol (C), X protocol (X), or Both (B):"
         )
         if (SQLports == "C" or SQLports == "c"):
             ufw.add("allow 3306")
             print("Port 3306 has been added to the firewall.")
         elif (SQLports == "X" or SQLports == "x"):
             ufw.add("allow 33060")
             print("Port 33060 has been added to the firewall.")
         else:
             ufw.add("allow 3306,33060/tcp")
             print("Ports 3306 & 33060 have been added to the firewall.")
Example #9
0
 def allowORblock():
     allowORblock = input(
         "Would you like to allow specific hosts in the firewall hosts, Yes (Y) or No (N):"
     )
     if (allowORblock == "Y" or allowORblock == "y"):
         hosts = input(
             "Please input the IP or MAC Address you would like to allow")
         ufw.add("allow from %s" % hosts)
         print("%s is now allowed through the firewall." % hosts)
         pingAllow = input(
             "Would you like to block (Ping/ICMP) requests, Yes (Y) or No (N):"
         )
         if (pingAllow == "Y" or pingAllow == "y"):
             with open('/etc/ufw/before.rules', 'r') as file:
                 data = file.readlines()
             data[
                 38] = '-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP\n'
             data[
                 39] = '-A ufw-before-input -p icmp --icmp-type source-quench -j DROP\n'
             data[
                 40] = '-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP\n'
             data[
                 41] = '-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP\n'
             data[
                 42] = '-A ufw-before-input -p icmp --icmp-type echo-request -j DROP\n'
             with open('/etc/ufw/before.rules', 'w') as file:
                 file.writelines(data)
         print("/etc/ufw/before.rules has been updated to block ICMP")
         telnetAllow = input(
             "Would you like to allow port 23 (Telnet) through the firewall, Yes (Y) or No (N):"
         )
         if (telnetAllow == "Y" or telnetAllow == "y"):
             ufw.add("allow 23")
             print("Port 23 has been added to the firewall.")
     else:
         pingAllow = input(
             "Would you like to block (Ping/ICMP) requests, Yes (Y) or No (N):"
         )
         if (pingAllow == "Y" or pingAllow == "y"):
             with open('/etc/ufw/before.rules', 'r') as file:
                 data = file.readlines()
             data[
                 38] = '-A ufw-before-input -p icmp --icmp-type destination-unreachable -j DROP\n'
             data[
                 39] = '-A ufw-before-input -p icmp --icmp-type source-quench -j DROP\n'
             data[
                 40] = '-A ufw-before-input -p icmp --icmp-type time-exceeded -j DROP\n'
             data[
                 41] = '-A ufw-before-input -p icmp --icmp-type parameter-problem -j DROP\n'
             data[
                 42] = '-A ufw-before-input -p icmp --icmp-type echo-request -j DROP\n'
             with open('/etc/ufw/before.rules', 'w') as file:
                 file.writelines(data)
         print("/etc/ufw/before.rules has been updated to block ICMP")
         telnetAllow = input(
             "Would you like to allow port 23 (Telnet) through the firewall, Yes (Y) or No (N):"
         )
         if (telnetAllow == "Y" or telnetAllow == "y"):
             ufw.add("allow 23")
             print("Port 23 has been added to the firewall.")
         elif (pingAllow == "N" or pingAllow == "n"):
             telnetAllow = input(
                 "Would you like to allow port 23 (Telnet) through the firewall, Yes (Y) or No (N):"
             )
             if (telnetAllow == "Y" or telnetAllow == "y"):
                 ufw.add("allow 23")
                 print("Port 23 has been added to the firewall.")
Example #10
0
 def mailPorts():
     mailPorts = input(
         "What Mail services would like to allow through the firewall SMTP (SMTP), IMAP (IMAP), IMAPS (IMAPS), POP3 (POP3), Some (SOME), or All (A):"
     )
     if (mailPorts == "SMTP" or mailPorts == "smtp"):
         ufw.add("allow 25")
         print("Port 25 has been added to the firewall.")
     elif (mailPorts == "IMAP" or mailPorts == "imap"):
         ufw.add("allow 143")
         print("Port 143 has been added to the firewall.")
     elif (mailPorts == "IMAPS" or mailPorts == "imaps"):
         ufw.add("allow 993")
         print("Port 993 has been added to the firewall.")
     elif (mailPorts == "POP3" or mailPorts == "pop3"):
         ufw.add("allow 110")
         print("Port 110 has been added to the firewall.")
     elif (mailPorts == "SOME" or mailPorts == "some"):
         sPorts = input(
             "Please enter the ports of the Services you would like added seperated with a comma:"
         )
         ufw.add("allow %s" % sPorts)
         print("Ports %s have been added to the firewall." % sPorts)
     else:
         allPorts = "25,143,993,110/tcp"
         ufw.add("allow %s" % allPorts)
         print("Ports %s have been added to the firewall." % allPorts)
Example #11
0
print("\nDelete *")
ufw.delete('*')

print("\nStatus")
pprint(ufw.status())

print("\nAdding defaults")
ufw.default(incoming='deny')
ufw.default(outgoing='allow', routed='reject')

print("\nStatus")
pprint(ufw.status())

print("\nAdding rules")
ufw.add("allow out on tun0 from any to any")
ufw.add("allow in on tun0 from any to any")

print("\nStatus")
pprint(ufw.status())

print("\nListening")
pprint(ufw.show_listening())

print("\nAdded")
pprint(ufw.show_added())

print("\nAdding broken rules")
try:
    ufw.add("allow sdfsdf sdf s fds ")
except: