storm/configure-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve handling of the firewall. added enable or disable to the menu based on the current state.

Browse Source
This commit is contained in:
Storm Dragon
2026-04-18 03:11:53 -04:00
parent d3a9c009da
commit e7d95c1a62
2 changed files with 60 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.includes/firewall.sh
+58 -5
View File
@@ -12,6 +12,34 @@ ufw_status_output() {
sudo "${sudoFlags[@]}" ufw status 2>&1
}
firewall_reboot_required() {
[[ ! -d "/lib/modules/$(uname -r)" ]]
}
ensure_firewall_backend_ready() {
if firewall_reboot_required; then
msgbox "The running kernel does not match the installed modules. Reboot this server before managing the firewall."
return 1
fi
return 0
}
firewall_enabled() {
local statusText=""
if ! ufw_installed; then
return 1
fi
if ! ensure_firewall_backend_ready; then
return 1
fi
statusText="$(ufw_status_output)"
[[ "$statusText" =~ ^Status:[[:space:]]+active$ ]]
}
ensure_ufw() {
if ufw_installed; then
return 0
@@ -27,7 +55,7 @@ ensure_ufw() {
return 1
fi
msgbox "ufw installed."
msgbox "ufw installed. The firewall is not active until you choose Enable firewall."
return 0
}
@@ -118,6 +146,7 @@ allow_ssh_port() {
local sshPort=""
ensure_ufw || return 1
ensure_firewall_backend_ready || return 1
sshPort="$(resolve_ssh_port)" || {
msgbox "Firewall change cancelled because the SSH port could not be confirmed."
return 1
@@ -128,8 +157,16 @@ allow_ssh_port() {
enable_firewall() {
ensure_ufw || return 1
ensure_firewall_backend_ready || return 1
allow_ssh_port || return 1
# `sudoFlags` is initialized by the main launcher before sourcing this file.
# shellcheck disable=SC2154
if ! sudo "${sudoFlags[@]}" ufw --force enable; then
msgbox "Failed to enable ufw."
return 1
fi
# `sudoFlags` is initialized by the main launcher before sourcing this file.
# shellcheck disable=SC2154
if sudo "${sudoFlags[@]}" systemctl enable --now ufw; then
@@ -137,12 +174,20 @@ enable_firewall() {
return 0
fi
msgbox "Failed to enable ufw."
msgbox "ufw rules were enabled, but the ufw service failed to enable at boot."
return 1
}
disable_firewall() {
ensure_ufw || return 1
ensure_firewall_backend_ready || return 1
# `sudoFlags` is initialized by the main launcher before sourcing this file.
# shellcheck disable=SC2154
if ! sudo "${sudoFlags[@]}" ufw --force disable; then
msgbox "Failed to disable ufw."
return 1
fi
# `sudoFlags` is initialized by the main launcher before sourcing this file.
# shellcheck disable=SC2154
@@ -151,7 +196,7 @@ disable_firewall() {
return 0
fi
msgbox "Failed to disable ufw."
msgbox "ufw rules were disabled, but the ufw service state could not be updated."
return 1
}
@@ -160,6 +205,7 @@ open_custom_port() {
local protocolChoice=""
ensure_ufw || return 1
ensure_firewall_backend_ready || return 1
portNumber="$(inputbox "Enter the port number to open.")" || return 1
if ! valid_port "$portNumber"; then
msgbox "Enter a valid port number from 1 to 65535."
@@ -226,6 +272,7 @@ close_port() {
local ruleValue=""
ensure_ufw || return 1
ensure_firewall_backend_ready || return 1
while IFS= read -r ruleValue; do
[[ -n "$ruleValue" ]] && removableRules+=("$ruleValue")
done < <(list_simple_allow_rules | sort -n -t / -k 1,1)
@@ -253,6 +300,7 @@ view_firewall_status() {
local statusText=""
ensure_ufw || return 1
ensure_firewall_backend_ready || return 1
tempFile="$(mktemp)"
# `sudoFlags` is initialized by the main launcher before sourcing this file.
# shellcheck disable=SC2154
@@ -263,9 +311,14 @@ view_firewall_status() {
}
while true; do
if firewall_enabled; then
firewallToggleLabel="Disable firewall"
else
firewallToggleLabel="Enable firewall"
fi
firewallChoice="$(menulist \
"Enable firewall" \
"Disable firewall" \
"$firewallToggleLabel" \
"Allow SSH" \
"Open port" \
"Close port" \