diff --git a/src/freedombone-utils-avahi b/src/freedombone-utils-avahi index f30fe11f..705dada4 100755 --- a/src/freedombone-utils-avahi +++ b/src/freedombone-utils-avahi @@ -126,4 +126,19 @@ function install_avahi { mark_completed $FUNCNAME } +function configure_firewall_for_avahi { + if [[ $(is_completed $FUNCNAME) == "1" ]]; then + return + fi + iptables -A INPUT -p tcp --dport 548 -j ACCEPT + iptables -A INPUT -p udp --dport 548 -j ACCEPT + iptables -A INPUT -p tcp --dport 5353 -j ACCEPT + iptables -A INPUT -p udp --dport 5353 -j ACCEPT + iptables -A INPUT -p tcp --dport 5354 -j ACCEPT + iptables -A INPUT -p udp --dport 5354 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + mark_completed $FUNCNAME +} + # NOTE: deliberately there is no "exit 0" diff --git a/src/freedombone-utils-dns b/src/freedombone-utils-dns index b53351c4..9dcee072 100755 --- a/src/freedombone-utils-dns +++ b/src/freedombone-utils-dns @@ -203,4 +203,18 @@ function set_your_domain_name { mark_completed $FUNCNAME } +function configure_firewall_for_dns { + if [[ $(is_completed $FUNCNAME) == "1" ]]; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT + function_check save_firewall_settings + save_firewall_settings + mark_completed $FUNCNAME +} + # NOTE: deliberately no exit 0 diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall index d54ac5d5..6079f491 100755 --- a/src/freedombone-utils-firewall +++ b/src/freedombone-utils-firewall @@ -118,97 +118,6 @@ function configure_firewall_ping { mark_completed $FUNCNAME } -function configure_firewall_for_avahi { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then - return - fi - iptables -A INPUT -p tcp --dport 548 -j ACCEPT - iptables -A INPUT -p udp --dport 548 -j ACCEPT - iptables -A INPUT -p tcp --dport 5353 -j ACCEPT - iptables -A INPUT -p udp --dport 5353 -j ACCEPT - iptables -A INPUT -p tcp --dport 5354 -j ACCEPT - iptables -A INPUT -p udp --dport 5354 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - mark_completed $FUNCNAME -} - -function configure_firewall_for_dns { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT - function_check save_firewall_settings - save_firewall_settings - mark_completed $FUNCNAME -} - -function configure_firewall_for_web_access { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - firewall_remove 80 tcp - firewall_remove 443 tcp - mark_completed $FUNCNAME -} - -function configure_firewall_for_web_server { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - - firewall_add HTTP 80 tcp - firewall_add HTTPS 443 tcp - mark_completed $FUNCNAME -} - -function configure_firewall_for_ssh { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - - firewall_add SSH ${SSH_PORT} tcp - mark_completed $FUNCNAME -} - -function configure_firewall_for_git { - if [[ $(is_completed $FUNCNAME) == "1" ]]; then - return - fi - if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then - # docker does its own firewalling - return - fi - if [[ $ONION_ONLY != "no" ]]; then - return - fi - - firewall_add Git 9418 tcp - mark_completed $FUNCNAME -} - function configure_internet_protocol { if [[ $(is_completed $FUNCNAME) == "1" ]]; then return diff --git a/src/freedombone-utils-git b/src/freedombone-utils-git index 90e95392..ee297f30 100755 --- a/src/freedombone-utils-git +++ b/src/freedombone-utils-git @@ -136,4 +136,20 @@ function set_repo_commit { fi } +function configure_firewall_for_git { + if [[ $(is_completed $FUNCNAME) == "1" ]]; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + + firewall_add Git 9418 tcp + mark_completed $FUNCNAME +} + # NOTE: deliberately no exit 0 diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh index 106a8204..a660fc26 100755 --- a/src/freedombone-utils-ssh +++ b/src/freedombone-utils-ssh @@ -139,4 +139,17 @@ function regenerate_ssh_keys { mark_completed $FUNCNAME } +function configure_firewall_for_ssh { + if [[ $(is_completed $FUNCNAME) == "1" ]]; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + + firewall_add SSH ${SSH_PORT} tcp + mark_completed $FUNCNAME +} + # NOTE: deliberately no exit 0 diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web index e0884ac2..d4b1b216 100755 --- a/src/freedombone-utils-web +++ b/src/freedombone-utils-web @@ -598,4 +598,20 @@ function remove_certs { fi } +function configure_firewall_for_web_access { + if [[ $(is_completed $FUNCNAME) == "1" ]]; then + return + fi + if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then + # docker does its own firewalling + return + fi + if [[ $ONION_ONLY != "no" ]]; then + return + fi + firewall_add HTTP 80 tcp + firewall_add HTTPS 443 tcp + mark_completed $FUNCNAME +} + # NOTE: deliberately no exit 0