117 lines
2.6 KiB
Bash
117 lines
2.6 KiB
Bash
#!/bin/bash
|
|
export FIREWALLD=/etc/firewalld
|
|
|
|
alias fw="firewall-cmd"
|
|
alias fwper="firewall-cmd --permanent"
|
|
alias fwr="firewall-cmd --reload"
|
|
alias fwh="firewall-cmd --help | more"
|
|
alias fwhg="firewall-cmd --help | grep -A3"
|
|
alias fwr2p="firewall-cmd --runtime-to-permanent"
|
|
|
|
alias fwz="firewall-cmd --zone"
|
|
alias fwzi="firewall-cmd --info-zone"
|
|
alias fwzp="firewall-cmd --permanent --zone"
|
|
alias fwaz="firewall-cmd --get-active-zones"
|
|
|
|
alias fwpi="firewall-cmd --info-policy"
|
|
alias fwp="firewall-cmd --policy"
|
|
alias fwpp="firewall-cmd --permanent --policy"
|
|
alias fwap="firewall-cmd --get-active-policies"
|
|
|
|
alias fwiwan="firewall-cmd --info-zone wan"
|
|
alias fwilan="firewall-cmd --info-zone lan"
|
|
alias fwivpn="firewall-cmd --info-zone vpn"
|
|
|
|
|
|
|
|
fwrr () {
|
|
cmd="firewall-cmd --zone $1 --add-rich-rule='rule family="ipv4" ${@:2:$#}'"
|
|
echo $cmd
|
|
$cmd
|
|
}
|
|
|
|
fwrrp () {
|
|
cmd="firewall-cmd --policy $1 --add-rich-rule='rule family="ipv4" ${@:2:$#}'"
|
|
echo $cmd
|
|
$cmd
|
|
}
|
|
|
|
|
|
alias inti="ip addr show | grep -A3"
|
|
|
|
fwiz () {
|
|
firewall-cmd --info-zone wan
|
|
firewall-cmd --info-zone lan
|
|
firewall-cmd --info-zone vpn
|
|
}
|
|
|
|
alias fwdr="sudo systemctl restart firewalld"
|
|
alias fwds="sudo systemctl start firewalld"
|
|
alias fwdst="sudo systemctl status firewalld"
|
|
alias fwdstp="sudo systemctl stop firewalld"
|
|
alias fwdd="sudo systemctl disable firewalld"
|
|
alias fwde="sudo systemctl enable firewalld"
|
|
|
|
alias fwdl="journalctl -f -u firewalld"
|
|
|
|
fwxd () {
|
|
local dir=${2:-zones}
|
|
local name
|
|
name=${dir:0:-1}
|
|
echo disabling $name $1
|
|
if [[ -f $FIREWALLD/$dir/$1.xml ]]; then
|
|
# firewall-cmd --get-active-zones
|
|
sudo mv $FIREWALLD/$dir/$1.xml $FIREWALLD/$dir/$1.xml.off
|
|
sudo systemctl restart firewalld
|
|
firewall-cmd --get-active-$dir
|
|
else
|
|
if [[ -f $FIREWALLD/$dir/$1.xml.off ]]; then
|
|
echo $name $1 already disabled
|
|
else
|
|
echo $name $1 does not exist, no $name to disable
|
|
$dir that can be disabled $(ls $FIREWALLD/$dir/*.xml | xargs -I {} basename -- {} .xml)
|
|
fi
|
|
fi
|
|
}
|
|
|
|
fwxe () {
|
|
local dir=${2:-zones}
|
|
local name
|
|
name=${dir:0:-1}
|
|
echo enabling $name $1
|
|
if [[ -f $FIREWALLD/$dir/$1.xml.off ]]; then
|
|
sudo mv $FIREWALLD/$dir/$1.xml.off $FIREWALLD/$dir/$1.xml
|
|
sudo systemctl restart firewalld
|
|
firewall-cmd --get-active-$dir
|
|
else
|
|
if [[ -f $FIREWALLD/$dir/$1.xml ]]; then
|
|
echo $name $1 already enabled
|
|
else
|
|
echo $name $1 does not exist, no $name to enable
|
|
echo $dir that can be enabled $(fwxdl $dir)
|
|
fi
|
|
fi
|
|
}
|
|
|
|
# TODO list disabled zone or policy
|
|
|
|
fwzd () { fwxd $1
|
|
}
|
|
|
|
fwze () { fwxe $1
|
|
}
|
|
|
|
fwpd () { fwxd $1 policies
|
|
}
|
|
|
|
fwpe () { fwxe $1 policies
|
|
}
|
|
|
|
|
|
fwxdl () {
|
|
ls $FIREWALLD/${1:-zones}/*.xml.off | xargs -I {} basename -- {} .xml.off
|
|
}
|
|
|
|
|
|
|