diff options
Diffstat (limited to 'fortress.sh')
| -rwxr-xr-x | fortress.sh | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/fortress.sh b/fortress.sh new file mode 100755 index 0000000..4df0921 --- /dev/null +++ b/fortress.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# fortress_setup_ubuntu.sh - secure SSH fortress on Ubuntu with UFW + +set -e + +bouncer_ip="38.102.127.173" + +echo "Updating package lists..." +sudo apt update + +echo "Installing UFW if not present..." +sudo apt install -y ufw + +echo "Setting default UFW policies..." +sudo ufw default deny incoming +sudo ufw default allow outgoing + +echo "Allowing SSH only from bouncer ($bouncer_ip)..." +sudo ufw allow from $bouncer_ip to any port 22 proto tcp comment 'Allow SSH from bouncer' + +echo "Allowing inbound HTTP/HTTPS..." +sudo ufw allow 80/tcp comment 'Allow HTTP' +sudo ufw allow 443/tcp comment 'Allow HTTPS' + +echo "Enabling UFW..." +sudo ufw --force enable + +echo "UFW Status:" +sudo ufw status verbose + +echo "SSH fortress is active! Only $bouncer_ip can connect via SSH." |