From 5cfeb2cf156705349730bdc6ce883fd8eb22e728 Mon Sep 17 00:00:00 2001
From: doc <doc@filenotfound.org>
Date: Tue, 16 Sep 2025 11:30:38 +0000
Subject: first commit

---
 fortress.sh | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100755 fortress.sh

(limited to 'fortress.sh')

diff --git a/fortress.sh b/fortress.sh
new file mode 100755
index 0000000..4df0921
--- /dev/null
+++ b/fortress.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# fortress_setup_ubuntu.sh - secure SSH fortress on Ubuntu with UFW
+
+set -e
+
+bouncer_ip="38.102.127.173"
+
+echo "Updating package lists..."
+sudo apt update
+
+echo "Installing UFW if not present..."
+sudo apt install -y ufw
+
+echo "Setting default UFW policies..."
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+
+echo "Allowing SSH only from bouncer ($bouncer_ip)..."
+sudo ufw allow from $bouncer_ip to any port 22 proto tcp comment 'Allow SSH from bouncer'
+
+echo "Allowing inbound HTTP/HTTPS..."
+sudo ufw allow 80/tcp comment 'Allow HTTP'
+sudo ufw allow 443/tcp comment 'Allow HTTPS'
+
+echo "Enabling UFW..."
+sudo ufw --force enable
+
+echo "UFW Status:"
+sudo ufw status verbose
+
+echo "SSH fortress is active! Only $bouncer_ip can connect via SSH."
-- 
cgit v1.2.3