#!/usr/bin/env bash # ----------- # --- Define Arrays # ----------- # --- # - IP Addresses to log # --- declare -a log_ip_arr for _ip in $log_ips ; do log_ip_arr+=("$_ip") done # --- # - IP-Addresses (Host, Guests (VServer, LX_Container) # --- declare -a ext_ip_arr for _ip in $ext_ips ; do host_ip_arr+=("$_ip") done # --- # - Extern Interfaces # --- declare -a ext_if_arr for _dev in $ext_ifs ; do ext_if_arr+=("$_dev") done # --- # - VPN Interfaces # --- declare -a vpn_if_arr for _dev in $vpn_ifs ; do vpn_if_arr+=("$_dev") done # --- # - Local Network Interfaces # --- declare -a local_if_arr for _dev in $local_ifs ; do local_if_arr+=("$_dev") done # --- # - Network Interfaces completly blocked # --- declare -a blocked_if_arr for _dev in $blocked_ifs ; do blocked_if_arr+=("$_dev") done # --- # - Network Interfaces not firewalled # --- declare -a unprotected_if_arr for _dev in $unprotected_ifs ; do unprotected_if_arr+=("$_dev") done # --- # - Restrict local Servive to given IP-Address/Network # --- declare -a restrict_local_service_to_net_arr for _val in $restrict_local_service_to_net ; do restrict_local_service_to_net_arr+=("$_val") done # --- # - Restrict local Network to given IP-Address/Network # --- declare -a restrict_local_net_to_net_arr for _val in $restrict_local_net_to_net ; do restrict_local_net_to_net_arr+=("$_val") done # --- # - Allow extern Service # --- declare -a allow_ext_service_arr for _val in $allow_ext_service ; do allow_ext_service_arr+=("$_val") done # --- # - Allow extern IP-Address/Network # --- declare -a allow_ext_net_arr for _net in $allow_ext_net ; do allow_ext_net_arr+=("$_net") done # --- # - Allow (non-standard) local Services # --- declare -a allow_local_service_arr for _val in $allow_local_service ; do allow_local_service_arr+=("$_val") done # --- # - Generally block ports # --- declare -a block_tcp_port_arr for _port in $block_tcp_ports ; do block_tcp_port_arr+=("$_port") done declare -a block_udp_port_arr for _port in $block_udp_ports ; do block_udp_port_arr+=("$_port") done # --- # - Private IPs / IP-Ranges allowed to forward # --- declare -a forward_private_ip_arr for _ip in $forward_private_ips ; do forward_private_ip_arr+=("$_ip") done # --- # - Network Interfaces DHCP Service # --- declare -a dhcp_if_arr for _dev in $dhcp_server_ifs ; do dhcp_if_arr+=($_dev) done # --- # - IP Addresses DNS Server # --- # - local declare -a dns_server_ip_arr for _ip in $dns_server_ips ; do dns_server_ip_arr+=("$_ip") done # DMZ declare -a forward_dns_server_ip_arr for _ip in $forward_dns_server_ips ; do forward_dns_server_ip_arr+=("$_ip") done # --- # - Netwoks allowed access to local DNS Resolver # --- declare -a resolver_allowed_network_arr for _net in $resolver_allowed_networks ; do resolver_allowed_network_arr+=("$_net") done # --- # - IP Addresses VPN Server # --- # local declare -a vpn_server_ip_arr for _ip in $vpn_server_ips ; do vpn_server_ip_arr+=("$_ip") done # DMZ declare -a forward_vpn_server_ip_arr for _ip in $forward_vpn_server_ips ; do forward_vpn_server_ip_arr+=("$_ip") done # --- # - IP Addresses SSH Server # --- # local declare -a ssh_server_ip_arr for _ip in $ssh_server_ips ; do ssh_server_ip_arr+=("$_ip") done # DMZ declare -a forward_ssh_server_ip_arr for _ip in $forward_ssh_server_ips ; do forward_ssh_server_ip_arr+=("$_ip") done # --- # - IP Addresses HTTP Server # --- # local declare -a http_server_ip_arr for _ip in $http_server_ips ; do http_server_ip_arr+=("$_ip") done # DMZ declare -a forward_http_server_ip_arr for _ip in $forward_http_server_ips ; do forward_http_server_ip_arr+=("$_ip") done # --- # - IP Addresses FTP Server # --- # local declare -a ftp_server_ip_arr for _ip in $ftp_server_ips ; do ftp_server_ip_arr+=("$_ip") done # DMZ declare -a forward_ftp_server_ip_arr for _ip in $forward_ftp_server_ips ; do forward_ftp_server_ip_arr+=("$_ip") done # --- # - Mail SMTP Server # --- # local declare -a smtpd_ips_arr for _ip in $smtpd_ips ; do smtpd_ips_arr+=("$_ip") done # DMZ declare -a forward_smtpd_ip_arr for _ip in $forward_smtpd_ips ; do forward_smtpd_ip_arr+=("$_ip") done # --- # - IP Addresses XMPP Service (Jabber - Prosody) # --- declare -a xmpp_server_ip_arr for _ip in $xmpp_server_ips ; do xmpp_server_ip_arr+=("$_ip") done declare -a forward_xmpp_server_ip_arr for _ip in $forward_xmpp_server_ips ; do forward_xmpp_server_ip_arr+=("$_ip") done # --- # - XMPP Remote Dovecote Out Service # --- declare -a xmmp_remote_out_service_arr for _val in $xmmp_remote_out_services ; do xmmp_remote_out_service_arr+=("$_val") done # --- # - Mail Services (smtps/pop(s)/imap(s) # --- # local declare -a mail_server_ips_arr for _ip in $mail_server_ips ; do mail_server_ips_arr+=("$_ip") done # DMZ declare -a forward_mail_server_ip_arr for _ip in $forward_mail_server_ips ; do forward_mail_server_ip_arr+=("$_ip") done # --- # - Mail client (smtps/pop(s)/imap(s) # --- # local declare -a mail_client_ips_arr for _ip in $mail_client_ips ; do mail_client_ips_arr+=("$_ip") done # DMZ declare -a forward_mail_client_ip_arr for _ip in $forward_mail_client_ips ; do forward_mail_client_ip_arr+=("$_ip") done # --- # - (local) Dovecot auth service # --- declare -a dovecot_auth_allowed_network_arr for _port in $dovecot_auth_allowed_networks ; do dovecot_auth_allowed_network_arr+=("$_port") done # --- # - IP Addresses Mumble Server # --- # local declare -a mumble_server_ip_arr for _ip in $mumble_server_ips ; do mumble_server_ip_arr+=("$_ip") done # DMZ declare -a forward_mumble_server_ip_arr for _ip in $forward_mumble_server_ips ; do forward_mumble_server_ip_arr+=("$_ip") done # --- # - IP Addresses Telephone Systems # --- declare -a tel_sys_ip_arr for _ip in $tel_sys_ips ; do tel_sys_ip_arr+=("$_ip") done # --- # - IP Addresses Munin # --- # local declare -a munin_server_ip_arr for _ip in $munin_server_ips ; do munin_server_ip_arr+=("$_ip") done # DMZ declare -a forward_munin_server_ip_arr for _ip in $forward_munin_server_ips ; do forward_munin_server_ip_arr+=("$_ip") done # --- # - IP Addresses XyMon # --- declare -a xymon_server_ip_arr for _ip in $xymon_server_ips ; do xymon_server_ip_arr+=("$_ip") done # --- # - IP Addresses Rsync Out # --- # local declare -a rsync_out_ip_arr for _ip in $rsync_out_ips ; do rsync_out_ip_arr+=("$_ip") done # DMZ declare -a forward_rsync_out_ip_arr for _ip in $forward_rsync_out_ips ; do forward_rsync_out_ip_arr+=("$_ip") done # --- # - SSH Ports # --- declare -a ssh_port_arr for _port in $ssh_ports ; do ssh_port_arr+=("$_port") done # --- # - XMPP Service (Jabber - Prosody) # --- declare -a xmmp_tcp_in_port_arr for _port in $xmmp_tcp_in_ports ; do xmmp_tcp_in_port_arr+=("$_port") done declare -a xmmp_tcp_out_port_arr for _port in $xmmp_tcp_out_ports ; do xmmp_tcp_out_port_arr+=("$_port") done # --- # - VPN Ports # --- # local declare -a vpn_port_arr for _port in $vpn_ports ; do vpn_port_arr+=("$_port") done # --- # - Rsync Out Ports # -- declare -a rsync_port_arr for _port in $rsync_ports ; do rsync_port_arr+=("$_port") done # --- # - Special TCP Ports OUT # --- # local declare -a tcp_out_port_arr for _port in $tcp_out_ports ; do tcp_out_port_arr+=("$_port") done # DMZ declare -a forward_tcp_out_port_arr for _port in $forward_tcp_out_ports ; do forward_tcp_out_port_arr+=("$_port") done # --- # - Special UDP Ports OUT # --- # local declare -a udp_out_port_arr for _port in $udp_out_ports ; do udp_out_port_arr+=("$_port") done # DMZ declare -a forward_udp_out_port_arr for _port in $forward_udp_out_ports ; do forward_udp_out_port_arr+=("$_port") done