diff --git a/src/freedombone-utils-avahi b/src/freedombone-utils-avahi
index f30fe11f..705dada4 100755
--- a/src/freedombone-utils-avahi
+++ b/src/freedombone-utils-avahi
@@ -126,4 +126,19 @@ function install_avahi {
mark_completed $FUNCNAME
}
+function configure_firewall_for_avahi {
+ if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+ return
+ fi
+ iptables -A INPUT -p tcp --dport 548 -j ACCEPT
+ iptables -A INPUT -p udp --dport 548 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
+ iptables -A INPUT -p udp --dport 5353 -j ACCEPT
+ iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
+ iptables -A INPUT -p udp --dport 5354 -j ACCEPT
+ function_check save_firewall_settings
+ save_firewall_settings
+ mark_completed $FUNCNAME
+}
+
# NOTE: deliberately there is no "exit 0"
diff --git a/src/freedombone-utils-dns b/src/freedombone-utils-dns
index b53351c4..9dcee072 100755
--- a/src/freedombone-utils-dns
+++ b/src/freedombone-utils-dns
@@ -203,4 +203,18 @@ function set_your_domain_name {
mark_completed $FUNCNAME
}
+function configure_firewall_for_dns {
+ if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
+ function_check save_firewall_settings
+ save_firewall_settings
+ mark_completed $FUNCNAME
+}
+
# NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index d54ac5d5..6079f491 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -118,97 +118,6 @@ function configure_firewall_ping {
mark_completed $FUNCNAME
}
-function configure_firewall_for_avahi {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- iptables -A INPUT -p tcp --dport 548 -j ACCEPT
- iptables -A INPUT -p udp --dport 548 -j ACCEPT
- iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
- iptables -A INPUT -p udp --dport 5353 -j ACCEPT
- iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
- iptables -A INPUT -p udp --dport 5354 -j ACCEPT
- function_check save_firewall_settings
- save_firewall_settings
- mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_dns {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
- function_check save_firewall_settings
- save_firewall_settings
- mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_web_access {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
- firewall_remove 80 tcp
- firewall_remove 443 tcp
- mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_web_server {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
-
- firewall_add HTTP 80 tcp
- firewall_add HTTPS 443 tcp
- mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_ssh {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
-
- firewall_add SSH ${SSH_PORT} tcp
- mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_git {
- if [[ $(is_completed $FUNCNAME) == "1" ]]; then
- return
- fi
- if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
- # docker does its own firewalling
- return
- fi
- if [[ $ONION_ONLY != "no" ]]; then
- return
- fi
-
- firewall_add Git 9418 tcp
- mark_completed $FUNCNAME
-}
-
function configure_internet_protocol {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
diff --git a/src/freedombone-utils-git b/src/freedombone-utils-git
index 90e95392..ee297f30 100755
--- a/src/freedombone-utils-git
+++ b/src/freedombone-utils-git
@@ -136,4 +136,20 @@ function set_repo_commit {
fi
}
+function configure_firewall_for_git {
+ if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+
+ firewall_add Git 9418 tcp
+ mark_completed $FUNCNAME
+}
+
# NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh
index 106a8204..a660fc26 100755
--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -139,4 +139,17 @@ function regenerate_ssh_keys {
mark_completed $FUNCNAME
}
+function configure_firewall_for_ssh {
+ if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+
+ firewall_add SSH ${SSH_PORT} tcp
+ mark_completed $FUNCNAME
+}
+
# NOTE: deliberately no exit 0
diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web
index e0884ac2..d4b1b216 100755
--- a/src/freedombone-utils-web
+++ b/src/freedombone-utils-web
@@ -598,4 +598,20 @@ function remove_certs {
fi
}
+function configure_firewall_for_web_access {
+ if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+ return
+ fi
+ if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+ # docker does its own firewalling
+ return
+ fi
+ if [[ $ONION_ONLY != "no" ]]; then
+ return
+ fi
+ firewall_add HTTP 80 tcp
+ firewall_add HTTPS 443 tcp
+ mark_completed $FUNCNAME
+}
+
# NOTE: deliberately no exit 0