From b09cc0433fd3211ce28649be0a72089372e13ac4 Mon Sep 17 00:00:00 2001
From: Michael Mayer <michael@photoprism.app>
Date: Sun, 4 Dec 2022 17:32:34 +0100
Subject: [PATCH] Deploy: Add install-firewall.sh script

Signed-off-by: Michael Mayer <michael@photoprism.app>
---
 scripts/dist/install-firewall.sh | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100755 scripts/dist/install-firewall.sh

diff --git a/scripts/dist/install-firewall.sh b/scripts/dist/install-firewall.sh
new file mode 100755
index 000000000..3e04f012b
--- /dev/null
+++ b/scripts/dist/install-firewall.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+# Install ufw package if needed:
+sudo apt-get update
+sudo apt-get -qq install --no-install-recommends ufw
+
+# Basic ufw firewall setup allowing ssh, http, and https:
+sudo ufw default deny incoming
+sudo ufw default allow outgoing
+sudo ufw allow ssh
+sudo ufw allow http
+sudo ufw allow https
+sudo ufw logging off
+sudo rm -f /var/log/ufw.log
+sudo ufw --force enable