Add full monorepo: virtual-banker, backend, frontend, docs, scripts, deployment

Co-authored-by: Cursor <cursoragent@cursor.com>

scripts/fix-udm-pro-firewall.sh

@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# Fix UDM Pro Firewall Rules for Container Outbound Access
+# Adds allow rules for container IPs to access internet
+
+set -euo pipefail
+
+UDM_PRO_IP="192.168.11.1"
+UDM_PRO_USER="OQmQuS"
+UDM_PRO_PASS="m0MFXHdgMFKGB2l3bO4"
+CONTAINER_IPS=("192.168.11.166" "192.168.11.167")
+
+# Colors
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m'
+
+echo "=========================================="
+echo "Fix UDM Pro Firewall for Container Access"
+echo "=========================================="
+echo ""
+
+# Note: UDM Pro firewall rules are typically managed via Web UI
+# This script provides diagnostic information and recommendations
+
+echo -e "${BLUE}Checking current firewall rules...${NC}"
+
+# Check FORWARD chain
+FORWARD_RULES=$(sshpass -p "$UDM_PRO_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR ${UDM_PRO_USER}@${UDM_PRO_IP} \
+  "sudo iptables -L FORWARD -n -v --line-numbers 2>&1 | head -40" 2>&1)
+
+echo "FORWARD chain rules:"
+echo "$FORWARD_RULES" | head -20
+
+# Check for deny rules
+DENY_RULES=$(echo "$FORWARD_RULES" | grep -E "DROP|REJECT" | head -5)
+if [ -n "$DENY_RULES" ]; then
+    echo ""
+    echo -e "${YELLOW}⚠️  Found deny rules that may block traffic:${NC}"
+    echo "$DENY_RULES"
+fi
+
+# Check OUTPUT chain
+OUTPUT_RULES=$(sshpass -p "$UDM_PRO_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR ${UDM_PRO_USER}@${UDM_PRO_IP} \
+  "sudo iptables -L OUTPUT -n -v --line-numbers 2>&1 | head -30" 2>&1)
+
+echo ""
+echo "OUTPUT chain rules:"
+echo "$OUTPUT_RULES" | head -20
+
+# Check policy
+FORWARD_POLICY=$(sshpass -p "$UDM_PRO_PASS" ssh -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR ${UDM_PRO_USER}@${UDM_PRO_IP} \
+  "sudo iptables -L FORWARD -n 2>&1 | grep 'Chain FORWARD' | grep -o 'policy [A-Z]*'" 2>&1)
+
+echo ""
+echo "FORWARD chain policy: $FORWARD_POLICY"
+
+if echo "$FORWARD_POLICY" | grep -q "DROP"; then
+    echo -e "${RED}❌ FORWARD chain policy is DROP${NC}"
+    echo "This will block all forwarded traffic unless explicitly allowed"
+    echo ""
+    echo "Solution: Add allow rules in UDM Pro Web UI:"
+    echo "  1. Settings → Firewall & Security → Firewall Rules"
+    echo "  2. Add rule: Allow outbound from 192.168.11.166/167"
+    echo "  3. Place rule BEFORE any deny rules"
+else
+    echo -e "${GREEN}✅ FORWARD chain policy allows traffic${NC}"
+fi
+
+echo ""
+echo "=========================================="
+echo "UDM Pro Firewall Fix Instructions"
+echo "=========================================="
+echo ""
+echo "To fix outbound internet access for containers:"
+echo ""
+echo "1. Access UDM Pro Web UI: https://192.168.11.1"
+echo ""
+echo "2. Go to: Settings → Firewall & Security → Firewall Rules"
+echo ""
+echo "3. Add new rule:"
+echo "   - Name: Allow Container Outbound"
+echo "   - Action: Accept"
+echo "   - Source: 192.168.11.166, 192.168.11.167"
+echo "   - Destination: Any"
+echo "   - Protocol: Any"
+echo "   - Port: Any"
+echo ""
+echo "4. Ensure rule is placed BEFORE any deny rules"
+echo ""
+echo "5. Save and wait 30 seconds"
+echo ""
+echo "Note: UDM Pro may require rules to be added via Web UI"
+echo "      Direct iptables changes may not persist"
+echo ""