shell 尝试为Unified Firewall自动插入规则时,我无法计算多维数组

iih3973s  于 2023-01-02  发布在  Shell
关注(0)|答案(1)|浏览(108)

我正在尝试自动为我的防火墙插入规则...使用Shell,但我是Shell编码的初学者...

#!/usr/bin/env bash

if [[ ! $EUID -eq 0 && ! $USER -eq "root" ]]; then
   echo "You're not running as administator(root)!";
   exit 1;
fi

declare -i allowRulesIDX=0;
declare -a allowRules;
$allowRulesIDX=$(($allowRulesIDX+1)); // Line number 10
$allowRules[$allowRulesIDX]=(80 "TLS/HTTP" "Local"); // Line number 11
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(443 "SSL/HTTPS" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=3306 "MySQL" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(53 "DNS" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(68 "DHCP" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(5353 "mDNS" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(853 "DNS" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(546 "DHCPv6" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(547 "DHCPv6" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(123 "NTP" "Local");
$allowRulesIDX=$(($allowRulesIDX+1));
$allowRules[$allowRulesIDX]=(5000 "UPnP" "Local");
declare -i rejectRulesIDX=0;
declare -a rejectRules;
$rejectRulesIDX=$((rejectRulesIDX+1));
$rejectRules[$rejectRulesIDX]=(5900 "VNC" "Anywhere");
declare -i RulesActionIDX=0;
declare -a RulesAction;
$RulesActionIDX=$((RulesActionIDX+1));
$RulesAction[$RulesActionIDX+1]=(${allowRules[@]} allow);
$RulesActionIDX=$((RulesActionIDX+1));
$RulesAction[$RulesActionIDX+1]=(${rejectRules[@]} reject);
for action in ${RulesAction[@]};
do
    for rule in ${{action[0]}[@]};
    do
        for entry in ${rule[@]};
        do
               for $port in $(([[ ${entry[0]} =~ - ]] && {$((${entry[0]} | cut --fields=1 --delimiter=-))..$((${entry[0]} | cut --fields=2 --delimiter=-))} || ${entry[0]}));
               do
                  for proto in udp tcp;
                  do
                            for direction in in out;
                            do
                                if [[ ${entry[2]} -eq "Anywhere" ]]; then
                                    echo ufw ${action[1]} $direction log-all proto $proto from any to any port $port comment ${entry[1]};
                                elif [[ ${entry[2]} -eq "Local" ]]; then
                                    for localTarget in 127.0.0.0/24 192.168.1.0/24;
                                    do
                                        echo ufw ${action[1]} $direction log-all proto $proto from $localTarget to any port $port comment ${entry[1]};
                                    done;
                                else
                                    echo ufw ${action[1]} $direction log-all proto $proto from ${entry[2]} to any port $port comment ${entry[1]};
                                fi
                             done;
                  done;
            done;
        done;
    done;
done;

# Must always be the last line
exit 0;
  • 请注意,我打印命令(而不是执行它们)是为了调试。

并且它导致:

line 10: 0=1: command not found
line 11: syntax error near unexpected token 80

我尝试了一些技巧来实现变量内的多维数组,但似乎我不能正确地实现它,变量的值不知何故被执行,而不是被增加?

shell

1条答案

按热度按时间
zsbz8rwp

zsbz8rwp1#

我在这上面花了一些时间,因为我打算创建一个派生程序,将我定制的iptables编码/规则转换为nftables(* 指定的iptables替换 )。
我喜欢用*bash做一些事情,我非常努力让它只为bash工作,但这太令人沮丧了。
我放弃了bash,使用awk作为主要工具进行重写,如果有数千条规则,awk将是此类解析/转换的更好选择。
下面的脚本将执行我认为是您在上面提出的逻辑,但是由于我认为“ ${entry[0]} =~ - ”条件的语句格式不正确,因此产生了一些模糊性。我解释为此类情况是范围,不需要“拆分”。
此外,有时您会遇到逗号分隔的列表,您也不希望将其拆分,因此我修改了输入的格式,使用竖线(或管道符,“|“)作为字段分隔符。
您还会注意到,我再次修改了它,添加了accept/reject规范作为每个规范行的第一个字段(“class”**)。
我也不太明白您要对“Anywhere”或“Local”以外的目标值做些什么。如果可能,我建议您考虑定义规范时不要用双引号括住它们,以减少所涉及的解析和逻辑工作。
下面是生成的代码逻辑。我希望它对你有用。

#!/bin/bash

if [[ ! $EUID -eq 0 && ! $USER -eq "root" ]]; then
    echo "You're not running as administator(root)!";
    exit 1;
fi

DBG=0

#declare -i allowRulesIDX=0;
#declare -A allowRules;
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=80,[comment]="TLS/HTTP",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=443,[comment]="SSL/HTTPS",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=3306,[comment]="MySQL",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=53,[comment]="DNS",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=68,[comment]="DHCP",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=5353,[comment]="mDNS",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=853,[comment]="DNS",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=546,[comment]="DHCPv6",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=547,[comment]="DHCPv6",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=123,[comment]="NTP",[target]="Local"';
#allowRulesIDX=$((++allowRulesIdx));
#allowRules[$allowRulesIDX]='[port]=5000,[comment]="UPnP",[target]="Local"';
#
#
#declare -i rejectRulesIDX=0;
#declare -A rejectRules;
#rejectRulesIDX=$(($rejectRulesIDX+1));
#rejectRules[$rejectRulesIDX]='[port]=5900,[comment]="VNC",[target]="Anywhere"';

### NOTE:  Commas as delimiter are not ideal because some of the fields could have commas, causing confusion/difficulties for proper parsing.
###     Vertical bar (or pipe, "|") is a better choice for delimiter.
RULES_FILE="FW_rules.txt"
cat >"${RULES_FILE}" <<"EnDoFiNpUt"
[class]=allow|[port]=80|[target]="Local"|[comment]="TLS/HTTP"
[class]=allow|[port]=443|[target]="Local"|[comment]="SSL/HTTPS"
[class]=allow|[port]=3306|[target]="Local"|[comment]="MySQL"
[class]=allow|[port]=53|[target]="Local"|[comment]="DNS"
[class]=allow|[port]=68|[target]="Local"|[comment]="DHCP"
[class]=allow|[port]=5353|[target]="Local"|[comment]="mDNS"
[class]=allow|[port]=853|[target]="Local"|[comment]="DNS"
[class]=allow|[port]=546|[target]="Local"|[comment]="DHCPv6"
[class]=allow|[port]=547|[target]="Local"|[comment]="DHCPv6"
[class]=allow|[port]=123|[target]="Local"|[comment]="NTP"
[class]=allow|[port]=5000,95,303|[target]="Local"|[comment]="UPnP"
[class]=reject|[port]=5900|[target]="Anywhere"|[comment]="VNC"
EnDoFiNpUt

awk -F "|" -v dbg="${DBG}" 'BEGIN{
    ufwRulesIDX=0 ;
    split("", ufwRules) ;

    allowRulesIDX=0 ;
    split("", allowRules) ;

    rejectRulesIDX=0 ;
    split("", rejectRules) ;

    split("", Actions) ;
    Actions[1]="accept" ;
    Actions[2]="reject" ;

    split("", Protos) ;
    Protos[1]="udp" ;
    Protos[2]="tcp" ;

    split("", Directions) ;
    Directions[1]="in" ;
    Directions[2]="out" ;

    split("", LocalTargets) ;
    LocalTargets[1]="127.0.0.0/24" ;
    LocalTargets[2]="192.168.1.0/24" ;

    port=1 ;
    target=2 ;
    comment=3 ;
    unknown=4 ;
    br1="[" ;
    br2="]" ;
}{
    if( $0 == "" ){
        exit ;
    } ;

    ufwRulesIDX++ ;
    ufwRules[ufwRulesIDX]=$0 ;
    if( dbg == 1 ){ printf("#\n#*** ufwRules[%s] = '%s' ...\n", ufwRulesIDX, ufwRules[ufwRulesIDX] ) ; } ;

    split("", hold) ;

    for( i=1 ; i<=NF ; i++ ){
        if( dbg == 1 ){ printf("# $%s = %s ...\n", i, $i ) ; } ;
        #[class]=allow|[port]=5000|[target]="Local"|[comment]="UPnP"
        split("", tmp) ;    # initialize to empty
        split($i, tmp, "=") ;

        gsub(/\[/, "", tmp[1] ) ;
        gsub(/\]/, "", tmp[1] ) ;
        if( dbg == 1 ){ printf("#\t tmp[1] = %s\n", tmp[1] ) ; } ;
        if( dbg == 1 ){ printf("#\t tmp[2] = %s\n", tmp[2] ) ; } ;

        switch (tmp[1]) {
            case "class" :  {
                assign=tmp[2];
                if( dbg == 1 ){ print "#\t\t assign = ", assign ; }
                break ;
            } ;
            case "port" :   {
                hold[port]=tmp[2] ;
                break ;
            } ;
            case "target" : {
                hold[target]=tmp[2] ;
                break ;
            } ;
            case "comment" : {
                hold[comment]=tmp[2] ;
                break ;
            } ;
            default :   {
                printf("\t Unrecognized field label '%s' in rule [NR]:  %s\n" ) ; break ;
                hold[unknown]=tmp[2] ;
            } ;
        } ;
    } ;
    switch (assign) {
        case "allow" : {
            allowRulesIDX++ ;
            allowRules[allowRulesIDX,port]=hold[port] ;
            allowRules[allowRulesIDX,target]=hold[target] ;
            allowRules[allowRulesIDX,comment]=hold[comment] ;
            allowRules[allowRulesIDX,unknown]=hold[unknown] ;
            if( dbg == 1 ){ print "#\t allowRulesIDX = ", allowRulesIDX ; } ;
            break ;
        } ;
        case "reject" : {
            rejectRulesIDX++ ;
            rejectRules[rejectRulesIDX,port]=hold[port] ;
            rejectRules[rejectRulesIDX,target]=hold[target] ;
            rejectRules[rejectRulesIDX,comment]=hold[comment] ;
            rejectRules[rejectRulesIDX,unknown]=hold[unknown] ;
            if( dbg == 1 ){ print "#\t rejectRulesIDX = ", rejectRulesIDX ; } ;
            break ;
        } ;
    } ;

}END{
    if( dbg == 1 ){ printf("#S\n#S================== INPUT DEFINITIONS =====================\n") ; } ;

    for( i=1 ; i<=ufwRulesIDX ; i++ ){
        printf("#S\t [%02d] = %s\n", i, ufwRules[i] ) ;
    } ;

    if( dbg == 1 ){ printf("#A\n#A================== ALLOW RULES =====================\n") ; } ;
    for( i=1 ; i <= allowRulesIDX ; i++ ){
        printf("#A\t [A %02d] = ", i ) ;
        for( j=1 ; j<=3 ; j++ ){
            printf(" %s |", allowRules[i,j] ) ;
        } ;
        printf("\n") ;
    } ;

    if( dbg == 1 ){ printf("#R\n#R================== REJECT RULES =====================\n") ; } ;
    for( i=1 ; i <= rejectRulesIDX ; i++ ){
        printf("#R\t [R %02d] = ", i ) ;
        for( j=1 ; j<=3 ; j++ ){
            printf(" %s |", rejectRules[i,j] ) ;
        } ;
        printf("\n") ;
    } ;

    if( dbg == 1 ){ printf("#UA\n#UA================== UFW ALLOW RULES =====================\n") ; } ;
    for( i=1 ; i <= allowRulesIDX ; i++ ){
        if( dbg == 1 ){ printf("#UA\t allowRules[%02d,port] = %s ...\n", i, allowRules[i,port] ) ; } ;
        n=split(allowRules[i,port], Ports, "," ) ;
        for( j=1 ; j<=n ; j++ ){
            if( dbg == 1 ){ printf("#UA\t Ports[%02d] = %s ...\n", j, Ports[j] ) ; } ;
            for( k=1 ; k<=2 ; k++ ){
                if( dbg == 1 ){ printf("#UA\t Protos[%02d] = %s ...\n", k, Protos[k] ) ; } ;
                for( m=1 ; m<=2 ; m++ ){
                    if( dbg == 1 ){ printf("#UA\t Directions[%02d] = %s ...\n", m, Directions[m] ) ; } ;
                    Target=allowRules[allowRulesIDX,target] ;
                    gsub(/"/, "", Target ) ;
                    switch (Target) {
                        case "Anywhere" : {
                            if(dbg == 1 ){ printf("#UAA\t\t Target = %s\n", Target ) ; } ;
                            printf("ufw %s %s log-all Proto %s from any to any port %s comment %s\n", Actions[1], Directions[m], Protos[k], Ports[j], allowRules[allowRulesIDX,comment] ) ;
                            break ;
                        } ;
                        case "Local" : {
                            if(dbg == 1 ){ printf("#UAL\t\t Target = %s\n", Target ) ; } ;
                            for( p=1 ; p<=2 ; p++ ){
                                if( dbg == 1 ){ printf("#UL\t LocalTargets[%02d] = %s ...\n", p, LocalTargets[p] ) ; } ;
                                printf("ufw %s %s log-all Proto %s from %s to any port %s comment %s\n", Actions[1], Directions[m], Protos[k], LocalTargets[p], Ports[j], allowRules[allowRulesIDX,comment] ) ;
                            } ;
                            break ;
                        } ;
                        default : {
                            if(dbg == 1 ){ printf("#UAO\t\t Target = %s\n", Target ) ; } ;
                            printf("ufw %s %s log-all Proto %s from %s to any port %s comment %s\n", Actions[1], Directions[m], Protos[k], allowRules[allowRulesIDX,target], Ports[j], allowRules[allowRulesIDX,comment] ) ;
                            break ;
                        } ;
                    } ;
                } ;
            } ;
            
        } ;
    } ;

    if( dbg == 1 ){ printf("#UR\n#UR================== UFW REJECT RULES =====================\n") ; } ;
    for( i=1 ; i <= rejectRulesIDX ; i++ ){
        if( dbg == 1 ){ printf("#UR\t rejectRules[%02d,port] = %s ...\n", i, rejectRules[i,port] ) ; } ;
        n=split(rejectRules[i,port], Ports, "," ) ;
        for( j=1 ; j<=n ; j++ ){
            if( dbg == 1 ){ printf("#UR\t Ports[%02d] = %s ...\n", j, Ports[j] ) ; } ;
            for( k=1 ; k<=2 ; k++ ){
                if( dbg == 1 ){ printf("#UR\t Protos[%02d] = %s ...\n", k, Protos[k] ) ; } ;
                for( m=1 ; m<=2 ; m++ ){
                    if( dbg == 1 ){ printf("#UR\t Directions[%02d] = %s ...\n", m, Directions[m] ) ; } ;
                    Target=rejectRules[rejectRulesIDX,target] ;
                    gsub(/"/, "", Target ) ;
                    switch (Target) {
                        case "Anywhere" : {
                            if(dbg == 1 ){ printf("#URA\t\t Target = %s\n", Target ) ; } ;
                            printf("ufw %s %s log-all Proto %s from any to any port %s comment %s\n", Actions[2], Directions[m], Protos[k], Ports[j], rejectRules[rejectRulesIDX,comment] ) ;
                            break ;
                        } ;
                        case "Local" : {
                            if(dbg == 1 ){ printf("#URL\t\t Target = %s\n", Target ) ; } ;
                            for( p=1 ; p<=2 ; p++ ){
                                if( dbg == 1 ){ printf("#\t LocalTargets[%02d] = %s ...\n", p, LocalTargets[p] ) ; } ;
                                printf("ufw %s %s log-all Proto %s from %s to any port %s comment %s\n", Actions[2], Directions[m], Protos[k], LocalTargets[p], Ports[j], rejectRules[rejectRulesIDX,comment] ) ;
                            } ;
                            break ;
                        } ;
                        default : {
                            if(dbg == 1 ){ printf("#URO\t\t Target = %s\n", Target ) ; } ;
                            printf("ufw %s %s log-all Proto %s from %s to any port %s comment %s\n", Actions[2], Directions[m], Protos[k], rejectRules[rejectRulesIDX,target], Ports[j], rejectRules[rejectRulesIDX,comment] ) ;
                            break ;
                        } ;
                    } ;
                } ;
            } ;
            
        } ;
    } ;
}' "${RULES_FILE}"

exit 0

会话日志如下:

#S   [01] = [class]=allow|[port]=80|[target]="Local"|[comment]="TLS/HTTP"
#S   [02] = [class]=allow|[port]=443|[target]="Local"|[comment]="SSL/HTTPS"
#S   [03] = [class]=allow|[port]=3306|[target]="Local"|[comment]="MySQL"
#S   [04] = [class]=allow|[port]=53|[target]="Local"|[comment]="DNS"
#S   [05] = [class]=allow|[port]=68|[target]="Local"|[comment]="DHCP"
#S   [06] = [class]=allow|[port]=5353|[target]="Local"|[comment]="mDNS"
#S   [07] = [class]=allow|[port]=853|[target]="Local"|[comment]="DNS"
#S   [08] = [class]=allow|[port]=546|[target]="Local"|[comment]="DHCPv6"
#S   [09] = [class]=allow|[port]=547|[target]="Local"|[comment]="DHCPv6"
#S   [10] = [class]=allow|[port]=123|[target]="Local"|[comment]="NTP"
#S   [11] = [class]=allow|[port]=5000,95,303|[target]="Local"|[comment]="UPnP"
#S   [12] = [class]=reject|[port]=5900|[target]="Anywhere"|[comment]="VNC"
#A   [A 01] =  80 | "Local" | "TLS/HTTP" |
#A   [A 02] =  443 | "Local" | "SSL/HTTPS" |
#A   [A 03] =  3306 | "Local" | "MySQL" |
#A   [A 04] =  53 | "Local" | "DNS" |
#A   [A 05] =  68 | "Local" | "DHCP" |
#A   [A 06] =  5353 | "Local" | "mDNS" |
#A   [A 07] =  853 | "Local" | "DNS" |
#A   [A 08] =  546 | "Local" | "DHCPv6" |
#A   [A 09] =  547 | "Local" | "DHCPv6" |
#A   [A 10] =  123 | "Local" | "NTP" |
#A   [A 11] =  5000,95,303 | "Local" | "UPnP" |
#R   [R 01] =  5900 | "Anywhere" | "VNC" |
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 80 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 80 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 80 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 80 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 80 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 80 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 80 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 80 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 443 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 443 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 443 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 443 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 443 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 443 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 443 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 443 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 3306 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 3306 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 3306 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 3306 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 3306 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 3306 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 3306 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 3306 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 53 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 53 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 53 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 53 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 53 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 53 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 53 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 53 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 68 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 68 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 68 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 68 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 68 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 68 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 68 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 68 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 5353 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 5353 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 5353 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 5353 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 5353 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 5353 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 5353 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 5353 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 853 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 853 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 853 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 853 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 853 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 853 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 853 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 853 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 546 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 546 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 546 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 546 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 546 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 546 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 546 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 546 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 547 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 547 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 547 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 547 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 547 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 547 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 547 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 547 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 123 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 123 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 123 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 123 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 123 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 123 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 123 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 123 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 5000 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 5000 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 5000 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 5000 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 5000 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 5000 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 5000 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 5000 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 95 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 95 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 95 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 95 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 95 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 95 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 95 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 95 comment "UPnP"
ufw accept in log-all Proto udp from 127.0.0.0/24 to any port 303 comment "UPnP"
ufw accept in log-all Proto udp from 192.168.1.0/24 to any port 303 comment "UPnP"
ufw accept out log-all Proto udp from 127.0.0.0/24 to any port 303 comment "UPnP"
ufw accept out log-all Proto udp from 192.168.1.0/24 to any port 303 comment "UPnP"
ufw accept in log-all Proto tcp from 127.0.0.0/24 to any port 303 comment "UPnP"
ufw accept in log-all Proto tcp from 192.168.1.0/24 to any port 303 comment "UPnP"
ufw accept out log-all Proto tcp from 127.0.0.0/24 to any port 303 comment "UPnP"
ufw accept out log-all Proto tcp from 192.168.1.0/24 to any port 303 comment "UPnP"
ufw reject in log-all Proto udp from any to any port 5900 comment "VNC"
ufw reject out log-all Proto udp from any to any port 5900 comment "VNC"
ufw reject in log-all Proto tcp from any to any port 5900 comment "VNC"
ufw reject out log-all Proto tcp from any to any port 5900 comment "VNC"
赞(0)分享  回复(0)举报  2023-01-02
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com