Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/thibautplg/firewalld-xml-to-cli

Quick and simple bash script to convert back firewalld xml files to firewall-cmd commands
https://github.com/thibautplg/firewalld-xml-to-cli

Last synced: about 9 hours ago
JSON representation

Quick and simple bash script to convert back firewalld xml files to firewall-cmd commands

Host: GitHub
URL: https://github.com/thibautplg/firewalld-xml-to-cli
Owner: ThibautPlg
License: mit
Created: 2024-08-06T14:45:20.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-08-06T15:23:25.000Z (3 months ago)
Last Synced: 2024-08-07T17:19:42.751Z (3 months ago)
Language: Shell
Size: 8.79 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Firewalld xml converter

Quick and simple bash script to convert back firewalld xml files to firewall-cmd commands.
Rare usecase, I know, but I couldn't find an existing script that does that and based on [this github issue](https://github.com/firewalld/firewalld/issues/283), I'm not alone!

/!\ Warning: it's really bare-bones and covers a small portion of what is possible to make with firewalld. See "What it does not" section.

## Requirements
- [xq](https://github.com/sibprogrammer/xq) which is used to parse the xml files.

## Usage
```
sudo ./firewall-cmd-dump.sh
```
Or by using stdout

```
sudo ./firewall-cmd-dump.sh > /tmp/firewall-cmd-MyServer.sh
```
### What it does
- Parse `zone.xml` files from `/etc/firewalld/zones/`
- Create cli commands to
- Create new zones (ignore the default ones if exists)
- Open Ports
- Open services
- Add Sources
### What it does not
- Remove things (for example if you removed `ssh` from the `work` zone, it will not create the `--remove-service` command)
- Other operations than the ones related to `port`, `sources`, `services` and `zones` (no `policies`, no `ipsets`...)

## Output example
`cat /tmp/firewall-cmd-MyServer.sh`
```
#Create an executable file by using stdout. "sudo ./firewall-cmd-dump.sh > /tmp/firewall-cmd-MyServer.sh"

#__________ zone internal-bastion __________#
sudo firewall-cmd --permanent --new-zone="internal-bastion"
sudo firewall-cmd --permanent --zone="internal-bastion" --add-port="22/tcp"
sudo firewall-cmd --permanent --zone="internal-bastion" --add-source="10.0.0.210"
sudo firewall-cmd --permanent --zone="internal-bastion" --add-source="10.0.0.211"
#__________ zone public __________#
sudo firewall-cmd --permanent --zone="public" --add-port="80/tcp"
sudo firewall-cmd --permanent --zone="public" --add-port="443/tcp"
#__________ zone zabbix __________#
sudo firewall-cmd --permanent --new-zone="zabbix"
sudo firewall-cmd --permanent --zone="zabbix" --add-port="10050/tcp"
sudo firewall-cmd --permanent --zone="zabbix" --add-source="10.0.0.10"
sudo firewall-cmd --permanent --reload
```

## get-zones-from-servers-ansible.yml

A bonus ansible playbook to get automatically the xml files from all your servers and put them in a local directory.
Uncomment the second `ZONES_DIR` in the `CONFIG` section of the script to use what has been fetched with Ansible.

## Contributions
Are welcome of course. This minimal proof of concept covers my immediate usecase and is yet to be improved.