diff --git a/configs/scripts/ufw-del b/configs/scripts/ufw-del new file mode 100755 index 0000000..f6dd513 --- /dev/null +++ b/configs/scripts/ufw-del @@ -0,0 +1,50 @@ +#! /usr/bin/env python +import argparse +import sys +import logging +import subprocess + +logger = logging.getLogger(__name__) + +def main() -> int: + # Handle program arguments + ap = argparse.ArgumentParser(prog='ufw-del', description='Delete UFW rules by their comment') + ap.add_argument('comment', help='Comment to delete') + ap.add_argument("--dry-run", help="Don't actually delete the rules", action="store_true") + ap.add_argument('-v', '--verbose', help='Enable verbose logging', action='store_true') + args = ap.parse_args() + + # Configure logging + logging.basicConfig( + level=logging.DEBUG if args.verbose else logging.INFO, + format='%(levelname)s: %(message)s', + ) + + # Call ufw to get a list of rules + logger.info('Getting list of rules...') + rules = subprocess.run(['sudo', 'ufw', 'status', 'numbered'], capture_output=True, text=True).stdout.split('\n') + rules = [rule for rule in rules if rule.startswith('[')] + logger.info(f'Found {len(rules)} rules') + + # Reshape the rules list to be (number, line) tuples + rules = [(int(rule.split('[')[1].split(']')[0].strip()), rule) for rule in rules] + + # Sort descending by rule number + rules.sort(key=lambda x: x[0], reverse=True) + + # Delete rules with the specified comment + for rule_num, rule in rules: + if "#" in rule: + comment = rule.split('#')[1].strip() + if comment == args.comment: + rule_id = rule.split("]")[0].strip('[').strip() + logger.info(f'Deleting rule {rule_id}...') + + if not args.dry_run: + subprocess.run(['sudo', 'ufw', 'delete', rule_id]) + + + return 0 + +if __name__ == "__main__": + sys.exit(main()) \ No newline at end of file diff --git a/configs/scripts/ufw-gen b/configs/scripts/ufw-gen new file mode 100755 index 0000000..700bd08 --- /dev/null +++ b/configs/scripts/ufw-gen @@ -0,0 +1,95 @@ +#! /usr/bin/env python +import argparse +import sys +import logging +import subprocess + +logger = logging.getLogger(__name__) + +PROFILES = { + "minecraft": { + "comment": "Minecraft Server", + "ports": [(25565, "tcp"), (25565, "udp")], + }, + "unturned": { + "comment": "Unturned Server", + "ports": [(27015, "tcp"), (27015, "udp"), (27016, "tcp"), (27016, "udp")], + }, + "zola": { + "comment": "Zola", + "ports": [(1111, "tcp")], + }, +} + + +def main() -> int: + # Handle program arguments + ap = argparse.ArgumentParser( + prog="ufw-gen", description="Generate UFW allow commands" + ) + ap.add_argument( + "profile", + help="Profile to generate UFW allow commands for", + choices=PROFILES.keys(), + ) + ap.add_argument("--from", help="Source IP address", default="any", dest="source") + ap.add_argument("--to", help="Destination IP address", default="any", dest="dest") + ap.add_argument( + "--no-sudo", help="Don't prefix commands with sudo", action="store_true" + ) + ap.add_argument( + "--dry-run", help="Generate UFW commands in dry-run mode", action="store_true" + ) + ap.add_argument( + "--execute", "-x", help="Execute generated UFW commands", action="store_true" + ) + ap.add_argument( + "-v", "--verbose", help="Enable verbose logging", action="store_true" + ) + args = ap.parse_args() + + # Configure logging + logging.basicConfig( + level=logging.DEBUG if args.verbose else logging.INFO, + format="%(levelname)s: %(message)s", + ) + + # Generate UFW allow commands + profile = PROFILES[args.profile] + for port, proto in profile["ports"]: + sudo_str = "" if args.no_sudo else "sudo " + dry_run_str = "--dry-run" if args.dry_run else "" + + # Generate the command + command = ["sudo", "ufw"] if not args.no_sudo else ["ufw"] + if args.dry_run: + command.append("--dry-run") + command.extend( + [ + "allow", + "from", + args.source, + "to", + args.dest, + "port", + str(port), + "proto", + proto, + "comment", + profile["comment"], + ] + ) + + # Run + print(" ".join(command)) + if args.execute: + result = subprocess.run(command).returncode + if result != 0: + logger.error("Failed to run command: %s", command) + return result + + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/configs/shells/bash/macros.sh b/configs/shells/bash/macros.sh index 2275492..dc932a4 100644 --- a/configs/shells/bash/macros.sh +++ b/configs/shells/bash/macros.sh @@ -21,6 +21,7 @@ alias yk-totp="ykman oath accounts code" alias flush-dns-cache="sudo systemd-resolve --flush-caches" alias which-ls="ls -la $(which ls)" alias rdns="dig +short -x" +alias ufw-status="sudo ufw status numbered" # WHOIS macros alias whois-afrinic="whois -h whois.afrinic.net" diff --git a/install-linux.sh b/install-linux.sh index 1a63f25..50a163f 100644 --- a/install-linux.sh +++ b/install-linux.sh @@ -115,7 +115,7 @@ set +x # If ~/.config/git/config-fragments/personal-info.gitconfig does not exist if [ ! -f ~/.config/git/config-fragments/personal-info.gitconfig ]; then # Ask if the user wants to install personal GIT config - echo "Do you want to install the personal GIT config? (y/n)" + echo -n "Do you want to install the personal GIT config? (y/n) " read -r install_git_config if [ "$install_git_config" = "y" ]; then ln -sf $EWCONFIG_ROOT/configs/git/config-fragments/personal-info.gitconfig ~/.config/git/config-fragments/personal-info.gitconfig