From 752c7915b3acccbaf139dd9cc8e53688544422cf Mon Sep 17 00:00:00 2001 From: RadekSabacky Date: Thu, 20 Nov 2025 14:47:41 +0100 Subject: [PATCH] + colors for check the firewall setup --- .../nym-node-setup/network-tunnel-manager.sh | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/scripts/nym-node-setup/network-tunnel-manager.sh b/scripts/nym-node-setup/network-tunnel-manager.sh index ee1e3a7555..b4e6fdfb35 100644 --- a/scripts/nym-node-setup/network-tunnel-manager.sh +++ b/scripts/nym-node-setup/network-tunnel-manager.sh @@ -829,16 +829,16 @@ check_forward_chain() { output=$(iptables -L FORWARD -n --line-numbers) if ! echo "$output" | grep -q "^1[[:space:]]\+$NYM_CHAIN"; then - echo "FORWARD rule 1 is not ${NYM_CHAIN}; re-run network-tunnel-manager.sh exit_policy_install" + error "FORWARD rule 1 is not ${NYM_CHAIN}; re-run network-tunnel-manager.sh exit_policy_install" return 1 fi if ! echo "$output" | grep -q "ACCEPT.*state RELATED,ESTABLISHED"; then - echo "FORWARD chain missing RELATED,ESTABLISHED accepts; re-run network-tunnel-manager.sh apply_iptables_rules_wg" + error "FORWARD chain missing RELATED,ESTABLISHED accepts; re-run network-tunnel-manager.sh apply_iptables_rules_wg" return 1 fi - echo "FORWARD chain ordering looks good" + ok "FORWARD chain ordering looks good" return 0 } @@ -850,9 +850,9 @@ check_nym_exit_chain() { local line line=$(firewall_rule_line "$NYM_CHAIN" $((idx + 1))) if [[ "$line" =~ ${patterns[$idx]} ]]; then - echo "${NYM_CHAIN} rule $((idx + 1)) ok (${patterns[$idx]})" + ok "${NYM_CHAIN} rule $((idx + 1)) ok (${patterns[$idx]})" else - echo "${NYM_CHAIN} rule $((idx + 1)) is not ${patterns[$idx]}; re-run network-tunnel-manager.sh exit_policy_install" + error "${NYM_CHAIN} rule $((idx + 1)) is not ${patterns[$idx]}; re-run network-tunnel-manager.sh exit_policy_install" errors=1 fi done @@ -860,12 +860,12 @@ check_nym_exit_chain() { local last_rule last_rule=$(iptables -L "$NYM_CHAIN" -n --line-numbers | awk 'NR>2 {line=$0} END {print line}') if [[ -z "${last_rule:-}" ]]; then - echo "${NYM_CHAIN} chain is empty; re-run network-tunnel-manager.sh exit_policy_install" + error "${NYM_CHAIN} chain is empty; re-run network-tunnel-manager.sh exit_policy_install" errors=1 elif [[ "$last_rule" =~ REJECT ]] && [[ "$last_rule" =~ 0\.0\.0\.0/0 ]]; then - echo "${NYM_CHAIN} ends with the catch-all REJECT" + ok "${NYM_CHAIN} ends with the catch-all REJECT" else - echo "${NYM_CHAIN} final rule is not the catch-all REJECT (got: $last_rule)" + error "${NYM_CHAIN} final rule is not the catch-all REJECT (got: $last_rule)" errors=1 fi @@ -873,28 +873,28 @@ check_nym_exit_chain() { } check_firewall_setup() { - echo "checking ipv4 firewall ordering…" + info "checking ipv4 firewall ordering…" local errors=0 check_forward_chain || errors=1 check_nym_exit_chain || errors=1 if command -v ip6tables >/dev/null 2>&1; then - echo "checking ipv6 firewall ordering…" + info "checking ipv6 firewall ordering…" if ip6tables -L "$NYM_CHAIN" -n --line-numbers >/dev/null 2>&1; then if ! ip6tables -L "$NYM_CHAIN" -n --line-numbers | sed -n '3p' | grep -q "udp.*dpt:53"; then - echo "ip6tables ${NYM_CHAIN} rule 1 is not UDP 53" + error "ip6tables ${NYM_CHAIN} rule 1 is not UDP 53" errors=1 fi fi fi if [[ $errors -ne 0 ]]; then - echo "There may be some ordering issues, it is recommended to re-run network-tunnel-manager.sh exit_policy_install after configuring UFW." + error "There may be some ordering issues, it is recommended to re-run network-tunnel-manager.sh exit_policy_install after configuring UFW." return 1 fi - echo "It's looking good!" + ok "It's looking good!" return 0 }