-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlinux_check_firewall.sh
More file actions
executable file
·107 lines (99 loc) · 2.4 KB
/
linux_check_firewall.sh
File metadata and controls
executable file
·107 lines (99 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/bin/bash
#
# Check Firewall Status [Linux]
#
# Check the status of the firewall on a Linux system and print any rules defined.
#
# Supports:
# Linux-All
#
# Category:
# Firewall
#
# License:
# AGPLv3
#
# Author:
# Charlie Powell <cdp1337@bitsnbytes.dev>
#
# Link:
# https://github.com/eVAL-Agency/ScriptsCollection
#
# Changelog:
# 20250105 - Initial version
##
# Simple wrapper to emulate `which -s`
#
# The -s flag is not available on all systems, so this function
# provides a consistent way to check for command existence
# without having to include '&>/dev/null' everywhere.
#
# Returns 0 on success, 1 on failure
#
# Arguments:
# $1 - Command to check
#
# CHANGELOG:
# 2025.12.15 - Initial version (for a regression fix)
#
function cmd_exists() {
local CMD="$1"
which "$CMD" &>/dev/null
return $?
}
##
# Get which firewall is enabled,
# or "none" if none located
function get_enabled_firewall() {
if [ "$(systemctl is-active firewalld)" == "active" ]; then
echo "firewalld"
elif [ "$(systemctl is-active ufw)" == "active" ]; then
echo "ufw"
elif [ "$(systemctl is-active iptables)" == "active" ]; then
echo "iptables"
else
echo "none"
fi
}
##
# Get which firewall is available on the local system,
# or "none" if none located
#
# CHANGELOG:
# 2025.12.15 - Use cmd_exists to fix regression bug
# 2025.04.10 - Switch from "systemctl list-unit-files" to "which" to support older systems
function get_available_firewall() {
if cmd_exists firewall-cmd; then
echo "firewalld"
elif cmd_exists ufw; then
echo "ufw"
elif systemctl list-unit-files iptables.service &>/dev/null; then
echo "iptables"
else
echo "none"
fi
}
FIREWALL_AVAILABLE="$(get_available_firewall)"
FIREWALL_ENABLED="$(get_enabled_firewall)"
if [ "$FIREWALL_AVAILABLE" == "none" ]; then
echo "No firewall installed"
exit 1
fi
if [ "$FIREWALL_ENABLED" == "none" ]; then
echo "Firewall: $FIREWALL_AVAILABLE - Status: Disabled"
exit 1
elif [ "$FIREWALL_ENABLED" != "$FIREWALL_AVAILABLE" ]; then
echo "WARNING - Firewall $FIREWALL_AVAILABLE installed but $FIREWALL_ENABLED is enabled"
exit 1
else
echo "Firewall: $FIREWALL_AVAILABLE - Status: Enabled"
fi
if [ "$FIREWALL_ENABLED" == "ufw" ]; then
ufw status verbose
elif [ "$FIREWALL_ENABLED" == "firewalld" ]; then
for ZONE in $(firewall-cmd --get-zones); do
firewall-cmd --list-all --zone=$ZONE
done
#elif [ "$FIREWALL_ENABLED" == "iptables" ]; then
# iptables -L -v
fi