1234567891011121314151617181920212223242526272829303132333435363738394041 |
- #!/usr/bin/env perl
- use strict;
- use warnings;
- use Data::Dumper;
- my $DRY_RUN = $ARGV[0] ? 1 : 0;
- # Build rules, apply rules.
- # Enable every available service.
- # Don't use tCMS on hosts that do anything else with.
- my $list = qx{ufw app list};
- my @apps = split(/\n/, $list);
- shift @apps;
- @apps = map { s/^\s+//; $_ } @apps;
- # Sane defaults
- my @rules = (
- [qw{enable}],
- [qw{default deny outgoing}],
- [qw{default deny incoming}],
- );
- # Allow, but rate limit
- foreach my $app (@apps) {
- push(@rules,
- ["allow", $app],
- ["limit", $app],
- );
- }
- @rules = map { unshift(@{$_}, '--dry-run'); $_ } @rules if $DRY_RUN;
- @rules = map { unshift(@{$_}, 'ufw'); $_ } @rules;
- print Dumper(\@rules);
- foreach my $rule (@rules) {
- system(@$rule);
- }
|