feat(ufw): auto-open firewall ports after app installation

- cloudpanel: allow ftp, smtp, dns, http, https, smtps, imaps, pop3s, and admin panel ports - coolify: allow http, https, and dashboard port after install - pterodactyl: allow http, https, wings daemon (8080), and sftp (2022) ports - uptime-kuma: allow app port on install - proxmox: add open_firewall_ports() with ufw guard checks and new menu option [9]
2026-05-12 17:46:31 -04:00
parent aba84b26f7
commit dda32051ac
8 changed files with 134 additions and 15 deletions
@@ -306,6 +306,34 @@ show_network_info() {
    return 0
 }

+# ═══════════════════════════════════════════════════════════════════════════
+# Firewall
+# ═══════════════════════════════════════════════════════════════════════════
+
+open_firewall_ports() {
+    echo -e "${WHITE}${BOLD}OPEN PROXMOX FIREWALL PORTS${NC}\n"
+
+    check_proxmox || return 1
+
+    if ! command -v ufw >/dev/null 2>&1; then
+        echo -e "${YELLOW}[!] UFW is not installed on this host. Nothing to do.${NC}"
+        echo -e "${GRAY}    Proxmox uses its own pve-firewall; UFW is optional.${NC}"
+        return 0
+    fi
+    if ! ufw status 2>/dev/null | grep -q "Status: active"; then
+        echo -e "${YELLOW}[!] UFW is installed but inactive. Enable it first.${NC}"
+        return 0
+    fi
+
+    ufw_allow "${PANEL_PORT}/tcp" "Proxmox web UI"
+    ufw_allow 5900:5999/tcp      "Proxmox VNC console"
+    ufw_allow 3128/tcp           "Proxmox SPICE proxy"
+
+    echo ""
+    echo -e "${GRAY}[i] For clustered nodes, also open: 5404-5405/udp (corosync), 60000-60050/tcp (live migration).${NC}"
+    echo -e "${GRAY}[i] If using NFS storage: 111/tcp+udp and 2049/tcp.${NC}"
+}
+
 # ═══════════════════════════════════════════════════════════════════════════
 # Main Menu
 # ═══════════════════════════════════════════════════════════════════════════
@@ -321,9 +349,10 @@ show_menu() {
    echo -e "  ${CYAN}[6]${NC} View Network Info"
    echo -e "  ${PURPLE}[7]${NC} Update Proxmox VE"
    echo -e "  ${PURPLE}[8]${NC} Clear Cache"
+    echo -e "  ${PURPLE}[9]${NC} Open Firewall Ports (UFW)"
    echo -e "  ${RED}[0]${NC} Back to main menu"
    echo ""
-    echo -n "Choice [0-8]: "
+    echo -n "Choice [0-9]: "
 }

 main() {
@@ -331,7 +360,7 @@ main() {
        show_menu
        read -r choice
        echo ""
-        
+
        case $choice in
            1) fix_login_issue ;;
            2) restart_pve_cluster ;;
@@ -341,10 +370,11 @@ main() {
            6) show_network_info ;;
            7) update_proxmox ;;
            8) clear_cache ;;
+            9) open_firewall_ports ;;
            0) return 0 ;;
            *) echo -e "${RED}Invalid option${NC}" ;;
        esac
-        
+
        echo ""
        read -p "Press Enter to continue..."
    done