Limit RustDesk Server Access with these ufw bash scripts.

Here’s a nice way to maintain access-control, for your RustDesk server, using some simple bash scripts and ufw (Uncomplicated Firewall)

RustDesk requires several ports to be open. This can end up looking really-messy, really-quickly, when you go to view your ufw rules list.

Our first step is to define a ufw alias for RustDesk that contains all the ports.

Strong recommendation: Do not omit this step!

/etc/ufw/applications.d/rustdesk
[RustDesk]
title=RustDesk
description=RustDesk remote desktop application
ports=21115:21119/tcp|8000/tcp|21116/udp

Reload the firewall:

Terminal
sudo ufw reload

CREATING RULES

This script helps us to easily add an IP address to our firewall rules (with a comment)

rustdesk-allow [IP address] [comment]
#!/bin/bash

# Check that we passed two arguments.
# If not, print a little help screen.
script_name=$(basename "$0")
if [ "$#" -ne 2 ]; then
    echo "---$script_name----------------------------------------"
    echo "    Usage: $script_name [IP address] [comment]"
    echo ""
    echo "    Example# $script_name 192.0.2.1 \"Bob's Machine\""
    echo ""
    exit 1
fi

ip="$1"
comment="$2"

# Check if the IP address is valid
if [[ ! "$ip" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
    echo "Invalid IP address: $ip"
    exit 1
fi

# Allow RustDesk traffic for the IP address and add a comment.
ufw allow from "$ip" to any app RustDesk comment "RustDesk-$comment"
Allows an IP address to Rustdesk Server

LISTING RULES

Traditionally, we can check our entire ufw rule set with:

Terminal
❯ ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] Nginx Full                 ALLOW IN    Anywhere                  
[ 2] Anywhere                   ALLOW IN    10.23.0.2                  # The "MCP"
[ 3] RustDesk                   ALLOW IN    10.0.0.1                   # RustDesk-Backup Server
[ 4] RustDesk                   ALLOW IN    192.0.2.1                  # RustDesk-Mary's Desktop
[ 5] Nginx Full (v6)            ALLOW IN    Anywhere (v6)             

If you have lots of rules it can be hard to find what you’re looking for.
Here’s a script that uses grep to parse out the RustDesk ufw rules:

rustdesk-list [comment-search-string]
#!/bin/bash
ufw status numbered | grep --color=auto "RustDesk-$1"
lists rustdesk rules with optional comment search.

Sample output:

Terminal
❯ rustdesk-list
[ 3] RustDesk                   ALLOW IN    10.0.0.1                   # RustDesk-Backup Server
[ 4] RustDesk                   ALLOW IN    192.0.2.1                  # RustDesk-Mary's Desktop

You can also pass it an argument to refine your search:

Terminal
❯ rustdesk-list "Backup Server"
[ 3] RustDesk                   ALLOW IN    10.0.0.1                   # RustDesk-Backup Server

REMOVING RULES

OPTION 1 (Simpler)

(rustdesk-list && ufw delete #)

Terminal
❯ rustdesk-list "Backup Server"
[ 3] RustDesk                   ALLOW IN    10.0.0.1              # RustDesk-Backup Server
Terminal
❯ ufw delete 3
Deleting:
 allow from 10.0.0.1 to any app RustDesk comment 'RustDesk-Backup Server'
Proceed with operation (y|n)? y
Rule deleted
OPTION 2

(rustdesk-list && rustdesk-remove)

rustdesk-remove [IP -or- Comment]
#!/bin/bash

if [ -z "$1" ]; then
    echo "Usage: rustdesk_remove <IP address or comment>"
    exit 1
fi

# Check if argument is an IP address or comment
if [[ "$1" =~ [A-Za-z] ]]; then
    comment=$1
    ip=$(sudo ufw status numbered | grep "$comment" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
    if [ -z "$ip" ]; then
        echo "Rule not found"
        exit 1
    fi
else
    ip=$1
fi

# Delete the UFW rule
if sudo ufw delete allow from $ip to any app "RustDesk"; then
    echo "Deleted RustDesk rule for IP address: $ip"
else
    echo "Failed to delete RustDesk rule for IP address: $ip"
fi
remove a RestDesk rule by IP or comment.

Note: It will only remove RustDesk Alias Rules, not any of the other rules for your selected machine. 😎

You can then pass the script either the IP address or comment of the rule you want to remove.
Let’s search for the rule we want to delete:

Terminal
❯ rustdesk-list "Mary's Desktop"
[ 3] RustDesk                   ALLOW IN    192.0.2.1              # RustDesk-Mary's Desktop

Delete by passing the IP:

Terminal
❯ rustdesk-remove 192.0.2.1
Deleting:
 allow from 192.0.2.1 to any app RustDesk comment 'RustDesk-Mary's Desktop'
Proceed with operation (y|n)? y
Rule deleted

Delete by passing part of the comment field:

Terminal
❯ rustdesk-remove "Mary's Desktop"
Deleting:
 allow from 192.0.2.1 to any app RustDesk comment 'RustDesk-Mary's Desktop'
Proceed with operation (y|n)? y
Rule deleted

Note that option 2 can be more dangerous if you use a comment search that hits multiple entries, and you aren’t paying attention to the confirmation.


Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *