2019-06-15 23:02:44 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
set -e
|
|
|
|
set -x
|
|
|
|
|
2020-03-05 04:29:58 +00:00
|
|
|
# Make sure we are using legacy iptables
|
|
|
|
update-alternatives --set iptables /usr/sbin/iptables-legacy || true
|
|
|
|
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true
|
|
|
|
|
2019-06-15 23:02:44 +00:00
|
|
|
# Add default rules
|
|
|
|
ufw default deny incoming
|
|
|
|
ufw default allow outgoing
|
|
|
|
|
|
|
|
# Add firewall rules
|
|
|
|
ufw allow 22 comment 'allow SSH'
|
|
|
|
ufw allow 80 comment 'allow WWW'
|
2019-10-20 04:20:28 +00:00
|
|
|
ufw allow 443 comment 'allow Secure WWW'
|
2019-06-15 23:02:44 +00:00
|
|
|
ufw allow 1900 comment 'allow SSDP for UPnP discovery'
|
|
|
|
ufw allow 10009 comment 'allow Lightning gRPC'
|
|
|
|
ufw allow 10080 comment 'allow Lightning REST RPC'
|
|
|
|
ufw allow 9735 comment 'allow Lightning'
|
2019-12-23 05:46:42 +00:00
|
|
|
ufw allow 8332 comment 'allow Bitcoin RPC - filtered by rpcallowip'
|
2020-02-28 01:25:33 +00:00
|
|
|
ufw allow 8333 comment 'allow Bitcoin mainnet'
|
|
|
|
ufw allow 18333 comment 'allow Bitcoin testnet'
|
|
|
|
ufw allow from 172.17.0.0/16 to any port 28332 comment 'allow Dojo zmqrawblock'
|
|
|
|
ufw allow from 172.28.0.0/16 to any port 28332 comment 'allow Dojo zmqrawblock'
|
|
|
|
ufw allow from 172.17.0.0/16 to any port 28333 comment 'allow Dojo zmqrawtx'
|
|
|
|
ufw allow from 172.28.0.0/16 to any port 28333 comment 'allow Dojo zmqrawtx'
|
|
|
|
ufw allow from 172.17.0.0/16 to any port 28334 comment 'allow Dojo zmqhashblock'
|
|
|
|
ufw allow from 172.28.0.0/16 to any port 28334 comment 'allow Dojo zmqhashblock'
|
2019-11-23 04:27:35 +00:00
|
|
|
ufw allow 2222 comment 'allow WebSSH2'
|
2019-06-15 23:02:44 +00:00
|
|
|
ufw allow 3000 comment 'allow LndHub'
|
|
|
|
ufw allow 3002 comment 'allow BTC RPC Explorer'
|
2019-11-10 02:52:04 +00:00
|
|
|
#ufw allow 3004 comment 'allow LND Admin'
|
2019-06-15 23:02:44 +00:00
|
|
|
ufw allow 3010 comment 'allow RTL'
|
2020-02-23 05:40:19 +00:00
|
|
|
ufw allow 4080 comment 'allow Mempool.Space'
|
2019-10-05 01:26:48 +00:00
|
|
|
ufw allow 5353 comment 'allow Avahi'
|
2019-12-26 05:11:29 +00:00
|
|
|
ufw allow 8899 comment 'allow Whirlpool'
|
2019-06-15 23:02:44 +00:00
|
|
|
ufw allow 50001 comment 'allow Electrum Server'
|
|
|
|
ufw allow 50002 comment 'allow Electrum Server'
|
|
|
|
ufw allow 56881 comment 'allow myNode QuickSync'
|
|
|
|
ufw allow 51413 comment 'allow myNode QuickSync'
|
|
|
|
ufw allow 6771 comment 'allow myNode QuickSync (LPD)'
|
2019-11-14 02:32:37 +00:00
|
|
|
ufw allow 19999 comment 'allow Netdata'
|
2020-02-23 05:40:19 +00:00
|
|
|
ufw allow 49392 comment 'allow BTCPay Server-direct'
|
2019-08-13 03:29:53 +00:00
|
|
|
ufw allow 51194 comment 'allow VPN'
|
2020-02-23 05:40:19 +00:00
|
|
|
ufw allow 61208 comment 'allow Glances'
|
2019-06-15 23:02:44 +00:00
|
|
|
ufw allow from 127.0.0.1 comment 'allow from localhost'
|
2020-03-05 04:30:35 +00:00
|
|
|
#ufw allow from ::1 comment 'allow from localhost'
|
2019-12-26 05:11:29 +00:00
|
|
|
|
2019-06-15 23:02:44 +00:00
|
|
|
# Enable UFW
|
|
|
|
ufw --force enable
|
|
|
|
|
|
|
|
# Make sure ufw is enabled at boot
|
|
|
|
systemctl enable ufw
|
|
|
|
|
|
|
|
# Check UFW status
|
|
|
|
ufw status
|
|
|
|
|
2019-08-31 01:17:35 +00:00
|
|
|
# Reload firewall after some time to reset (fixes VPN)
|
|
|
|
sleep 120s
|
|
|
|
ufw reload
|
|
|
|
|
2019-06-15 23:02:44 +00:00
|
|
|
# Success
|
2019-12-26 04:38:30 +00:00
|
|
|
exit 0
|