d-bis/explorer-monorepo
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c1fe6ec6e3a7b22d8d7f9f089ca0104f907da218
explorer-monorepo/scripts/fix-udm-pro-firewall.sh

98 lines
3.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Fix UDM Pro Firewall Rules for Container Outbound Access
# Adds allow rules for container IPs to access internet
set -euo pipefail
UDM_PRO_IP="192.168.11.1"
UDM_PRO_USER="OQmQuS"
UDM_PRO_PASS="m0MFXHdgMFKGB2l3bO4"
CONTAINER_IPS=("192.168.11.166" "192.168.11.167")
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m'
echo "=========================================="
echo "Fix UDM Pro Firewall for Container Access"
echo "=========================================="
echo ""
# Note: UDM Pro firewall rules are typically managed via Web UI
# This script provides diagnostic information and recommendations
echo -e "${BLUE}Checking current firewall rules...${NC}"
# Check FORWARD chain
FORWARD_RULES=$(sshpass -p "$UDM_PRO_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR ${UDM_PRO_USER}@${UDM_PRO_IP} \
"sudo iptables -L FORWARD -n -v --line-numbers 2>&1 | head -40" 2>&1)
echo "FORWARD chain rules:"
echo "$FORWARD_RULES" | head -20
# Check for deny rules
DENY_RULES=$(echo "$FORWARD_RULES" | grep -E "DROP|REJECT" | head -5)
if [ -n "$DENY_RULES" ]; then
echo ""
echo -e "${YELLOW}⚠️ Found deny rules that may block traffic:${NC}"
echo "$DENY_RULES"
fi
# Check OUTPUT chain
OUTPUT_RULES=$(sshpass -p "$UDM_PRO_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR ${UDM_PRO_USER}@${UDM_PRO_IP} \
"sudo iptables -L OUTPUT -n -v --line-numbers 2>&1 | head -30" 2>&1)
echo ""
echo "OUTPUT chain rules:"
echo "$OUTPUT_RULES" | head -20
# Check policy
FORWARD_POLICY=$(sshpass -p "$UDM_PRO_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR ${UDM_PRO_USER}@${UDM_PRO_IP} \
"sudo iptables -L FORWARD -n 2>&1 | grep 'Chain FORWARD' | grep -o 'policy [A-Z]*'" 2>&1)
echo ""
echo "FORWARD chain policy: $FORWARD_POLICY"
if echo "$FORWARD_POLICY" | grep -q "DROP"; then
echo -e "${RED}❌ FORWARD chain policy is DROP${NC}"
echo "This will block all forwarded traffic unless explicitly allowed"
echo ""
echo "Solution: Add allow rules in UDM Pro Web UI:"
echo " 1. Settings → Firewall & Security → Firewall Rules"
echo " 2. Add rule: Allow outbound from 192.168.11.166/167"
echo " 3. Place rule BEFORE any deny rules"
else
echo -e "${GREEN}✅ FORWARD chain policy allows traffic${NC}"
fi
echo ""
echo "=========================================="
echo "UDM Pro Firewall Fix Instructions"
echo "=========================================="
echo ""
echo "To fix outbound internet access for containers:"
echo ""
echo "1. Access UDM Pro Web UI: https://192.168.11.1"
echo ""
echo "2. Go to: Settings → Firewall & Security → Firewall Rules"
echo ""
echo "3. Add new rule:"
echo " - Name: Allow Container Outbound"
echo " - Action: Accept"
echo " - Source: 192.168.11.166, 192.168.11.167"
echo " - Destination: Any"
echo " - Protocol: Any"
echo " - Port: Any"
echo ""
echo "4. Ensure rule is placed BEFORE any deny rules"
echo ""
echo "5. Save and wait 30 seconds"
echo ""
echo "Note: UDM Pro may require rules to be added via Web UI"
echo " Direct iptables changes may not persist"
echo ""
Reference in New Issue View Git Blame Copy Permalink