peterneave · February 5, 2020 14:24
diff --git a/generate_allowed_list.sh b/generate_allowed_list.sh
 #!/usr/bin/env bash
 > allowed_ranges
 #Bamboo Triggers
 echo '18.205.93.0/25' >> allowed_ranges
 echo '18.234.32.128/25' >> allowed_ranges
 echo '13.52.5.0/25' >> allowed_ranges
 #Atlassian IP Addresses
 curl -s https://ip-ranges.atlassian.com/ | jq -r '.items[] | .cidr' >> allowed_ranges
 echo Allowed Ranges file generated
diff --git a/hard_reset_iptables.sh b/hard_reset_iptables.sh
 #!/usr/bin/env bash
 read -p "This will delete the iptables and reset based on ufw. Are you sure? " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]; then
  ufw disable
  iptables -F
  iptables -X
  ufw enable
 fi
diff --git a/reload_firewall.sh b/reload_firewall.sh
 #!/usr/bin/env bash

 if [ ! -f allowed_ranges ]; then
  echo Generating allowed ranges
  . generate_allowed_list.sh
 else
  echo Using allowed ranges file
 fi

 ufw reset
 #Always allow local subnet
 ufw allow from 192.168.0.0/16
 xargs -a allowed_ranges -n 1 -I % ufw allow from % to any port 443
 ufw default deny incoming
 ufw default allow outgoing

 echo
 echo Presenting new rules for review
 sleep 1
 less /lib/ufw/user.rules

 read -p "Would you like to apply the rules now? " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]; then
  ufw enable
  ufw status verbose
 fi

 read -p "Would you like to delete the old rules now? " -n 1 -r
 echo
 if [[ $REPLY =~ ^[Yy]$ ]]; then
  rm /lib/ufw/user{,6}.rules.*
  rm /etc/ufw/before{,6}.rules.*
  rm /etc/ufw/after{,6}.rules.*
 fi
	#!/usr/bin/env bash
	> allowed_ranges
	#Bamboo Triggers
	echo '18.205.93.0/25' >> allowed_ranges
	echo '18.234.32.128/25' >> allowed_ranges
	echo '13.52.5.0/25' >> allowed_ranges
	#Atlassian IP Addresses
	curl -s https://ip-ranges.atlassian.com/ \| jq -r '.items[] \| .cidr' >> allowed_ranges
	echo Allowed Ranges file generated
	#!/usr/bin/env bash
	read -p "This will delete the iptables and reset based on ufw. Are you sure? " -n 1 -r
	echo
	if [[ $REPLY =~ ^[Yy]$ ]]; then
	ufw disable
	iptables -F
	iptables -X
	ufw enable
	fi
	#!/usr/bin/env bash

	if [ ! -f allowed_ranges ]; then
	echo Generating allowed ranges
	. generate_allowed_list.sh
	else
	echo Using allowed ranges file
	fi

	ufw reset
	#Always allow local subnet
	ufw allow from 192.168.0.0/16
	xargs -a allowed_ranges -n 1 -I % ufw allow from % to any port 443
	ufw default deny incoming
	ufw default allow outgoing

	echo
	echo Presenting new rules for review
	sleep 1
	less /lib/ufw/user.rules

	read -p "Would you like to apply the rules now? " -n 1 -r
	echo
	if [[ $REPLY =~ ^[Yy]$ ]]; then
	ufw enable
	ufw status verbose
	fi

	read -p "Would you like to delete the old rules now? " -n 1 -r
	echo
	if [[ $REPLY =~ ^[Yy]$ ]]; then
	rm /lib/ufw/user{,6}.rules.*
	rm /etc/ufw/before{,6}.rules.*
	rm /etc/ufw/after{,6}.rules.*
	fi