Created
September 23, 2024 12:07
-
-
Save corporatepiyush/0d704cae4d8da6d6d819d001ee80842e to your computer and use it in GitHub Desktop.
Convert all UFW to iptables rules for faster perf
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Exit immediately if a command exits with a non-zero status | |
| set -e | |
| # Function to check if the script is run as root | |
| check_root() { | |
| if [ "$(id -u)" != "0" ]; then | |
| echo "This script must be run as root" 1>&2 | |
| exit 1 | |
| fi | |
| } | |
| # Function to flush existing rules and set default policies | |
| flush_iptables() { | |
| iptables -F | |
| iptables -X | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| iptables -t mangle -F | |
| iptables -t mangle -X | |
| iptables -P INPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| } | |
| # Function to convert UFW rules to iptables rules | |
| convert_ufw_to_iptables() { | |
| echo "Converting UFW rules to iptables rules..." | |
| # Read UFW rules | |
| ufw_rules=$(sudo ufw status | grep -E '^[0-9]' | awk '{print $1 " " $2 " " $3}') | |
| # Convert and apply rules | |
| while read -r port action from; do | |
| if [[ $from != "(v6)" ]]; then # Skip IPv6 rules | |
| protocol=$(echo $port | cut -d '/' -f2) | |
| port=$(echo $port | cut -d '/' -f1) | |
| if [[ $action == "ALLOW" ]]; then | |
| iptables -A INPUT -p $protocol --dport $port -j ACCEPT | |
| echo "Added rule: ACCEPT $protocol on port $port" | |
| elif [[ $action == "DENY" ]]; then | |
| iptables -A INPUT -p $protocol --dport $port -j DROP | |
| echo "Added rule: DROP $protocol on port $port" | |
| fi | |
| fi | |
| done <<< "$ufw_rules" | |
| # Add default rules | |
| iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT | |
| iptables -A INPUT -i lo -j ACCEPT | |
| iptables -P INPUT DROP | |
| iptables -P OUTPUT ACCEPT | |
| echo "Conversion complete." | |
| } | |
| # Function to save rules | |
| save_rules() { | |
| iptables-save > /etc/iptables.rules | |
| } | |
| # Function to set up rules to load on boot | |
| setup_boot_load() { | |
| cat > /etc/network/if-pre-up.d/iptables <<EOF | |
| #!/bin/sh | |
| iptables-restore < /etc/iptables.rules | |
| EOF | |
| chmod +x /etc/network/if-pre-up.d/iptables | |
| } | |
| # Function to disable UFW | |
| disable_ufw() { | |
| if command -v ufw >/dev/null 2>&1; then | |
| ufw disable | |
| else | |
| echo "UFW is not installed. Skipping UFW disable step." | |
| fi | |
| } | |
| # Main execution | |
| echo "Starting iptables setup based on UFW rules..." | |
| check_root | |
| echo "Flushing existing iptables rules..." | |
| flush_iptables | |
| echo "Converting UFW rules to iptables rules..." | |
| convert_ufw_to_iptables | |
| echo "Saving rules..." | |
| save_rules | |
| echo "Setting up rules to load on boot..." | |
| setup_boot_load | |
| echo "Disabling UFW..." | |
| disable_ufw | |
| echo "iptables setup complete!" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment