Move firewall functions into app scripts
This commit is contained in:
parent
fe53a43e9f
commit
bc76f9237f
|
@ -32,6 +32,21 @@
|
|||
ENABLE_BABEL="no"
|
||||
BABEL_PORT=6696
|
||||
|
||||
function configure_firewall_for_babel {
|
||||
if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ENABLE_BABEL != "yes" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Babel $BABEL_PORT")
|
||||
echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_babel {
|
||||
if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
|
||||
return
|
||||
|
|
|
@ -32,6 +32,19 @@
|
|||
ENABLE_BATMAN="no"
|
||||
BATMAN_CELLID='any'
|
||||
|
||||
function configure_firewall_for_batman {
|
||||
if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ENABLE_BATMAN != "yes" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function mesh_batman {
|
||||
if grep -Fxq "mesh_batman" $COMPLETION_FILE; then
|
||||
return
|
||||
|
|
|
@ -40,6 +40,20 @@ CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
|
|||
CJDCMD_REPO="https://github.com/inhies/cjdcmd"
|
||||
CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
|
||||
|
||||
function configure_firewall_for_cjdns {
|
||||
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ENABLE_CJDNS != "yes" ]]; then
|
||||
return
|
||||
fi
|
||||
ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
|
||||
ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function get_cjdns_public_key {
|
||||
if [ -f /home/$MY_USERNAME/README ]; then
|
||||
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
|
||||
|
@ -382,6 +396,9 @@ function mesh_cjdns {
|
|||
chmod 600 /home/$MY_USERNAME/README
|
||||
fi
|
||||
|
||||
function_check configure_firewall_for_cjdns
|
||||
configure_firewall_for_cjdns
|
||||
|
||||
echo 'mesh_cjdns' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
|
|
|
@ -28,6 +28,27 @@
|
|||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
function configure_firewall_for_dlna {
|
||||
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport 1900 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('DLNA 1900')
|
||||
OPEN_PORTS+=('DLNA 8200')
|
||||
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_dlna_server {
|
||||
if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
|
||||
return
|
||||
|
|
|
@ -78,6 +78,34 @@ GPGIT_COMMIT='583dc76119f19420f8a33f606744faa7c8922738'
|
|||
# refresh gpg keys every few hours
|
||||
REFRESH_GPG_KEYS_HOURS=2
|
||||
|
||||
function configure_firewall_for_email {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('Email 25')
|
||||
OPEN_PORTS+=('Email 587')
|
||||
OPEN_PORTS+=('Email 465')
|
||||
OPEN_PORTS+=('Email 993')
|
||||
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function encrypt_incoming_email {
|
||||
# encrypts incoming mail using your GPG public key
|
||||
# so even if an attacker gains access to the data at rest they still need
|
||||
|
|
|
@ -32,6 +32,24 @@ IPFS_GO_REPO="https://github.com/ipfs/go-ipfs"
|
|||
IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166'
|
||||
IPFS_PORT=4001
|
||||
|
||||
function configure_firewall_for_ipfs {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("IPFS $IPFS_PORT")
|
||||
echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_ipfs {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
|
||||
return
|
||||
|
@ -163,5 +181,8 @@ function install_ipfs {
|
|||
rm /tmp/ipfsid
|
||||
fi
|
||||
|
||||
function_check configure_firewall_for_ipfs
|
||||
configure_firewall_for_ipfs
|
||||
|
||||
echo 'install_ipfs' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
|
@ -34,6 +34,29 @@ IRC_ONION_PORT=6697
|
|||
# An optional password to log into IRC. This applies to all users
|
||||
IRC_PASSWORD=
|
||||
|
||||
function configure_firewall_for_irc {
|
||||
if [ ! -d /etc/ngircd ]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
|
||||
iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("IRC $IRC_PORT")
|
||||
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_irc_server {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
|
|
|
@ -53,6 +53,25 @@ function get_voip_server_password {
|
|||
fi
|
||||
}
|
||||
|
||||
function configure_firewall_for_voip {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Mumble $VOIP_PORT")
|
||||
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_mumble {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
|
|
|
@ -35,6 +35,50 @@ VOIP_TURN_PORT=3478
|
|||
VOIP_TURN_TLS_PORT=5349
|
||||
VOIP_TURN_NONCE=
|
||||
|
||||
function configure_firewall_for_voip_turn {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("TURN $VOIP_TURN_PORT")
|
||||
OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
|
||||
echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
|
||||
function configure_firewall_for_sip4 {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("SIP $SIP_PORT")
|
||||
OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT")
|
||||
echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function get_sip_server_password {
|
||||
if [ -f /home/$MY_USERNAME/README ]; then
|
||||
if grep -q "SIP server password" /home/$MY_USERNAME/README; then
|
||||
|
|
|
@ -37,6 +37,19 @@ SYNCTHING_PORT=22000
|
|||
SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
|
||||
SYNCTHING_USER_IDS_FILE='.syncthingids'
|
||||
|
||||
function configure_firewall_for_syncthing {
|
||||
if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
|
||||
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_syncthing {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
|
|
|
@ -44,6 +44,25 @@ TOXIC_REPO="https://github.com/Tox/toxic"
|
|||
TOXIC_COMMIT='cf16849b374e484a33a4dffa3dfb937b59d537f2'
|
||||
TOXIC_FILE=/usr/local/bin/toxic
|
||||
|
||||
function configure_firewall_for_tox {
|
||||
if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Tox $TOX_PORT")
|
||||
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function tox_avahi {
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
|
|
|
@ -35,6 +35,32 @@ XMPP_PASSWORD=
|
|||
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
|
||||
XMPP_ECC_CURVE='"secp384r1"'
|
||||
|
||||
function configure_firewall_for_xmpp {
|
||||
if [ ! -d /etc/prosody ]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('XMPP 5222-5223')
|
||||
OPEN_PORTS+=('XMPP 5269')
|
||||
OPEN_PORTS+=('XMPP 5280-5281')
|
||||
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function update_prosody_modules {
|
||||
if [ ! -d $INSTALL_DIR/prosody-modules ]; then
|
||||
return
|
||||
|
|
|
@ -45,6 +45,26 @@ ZERONET_DEFAULT_MAIL_TAGLINE="Mail for the Mesh"
|
|||
ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID"
|
||||
ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b'
|
||||
|
||||
function configure_firewall_for_zeronet {
|
||||
if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("ZeroNet $ZERONET_PORT")
|
||||
OPEN_PORTS+=("Tracker $TRACKER_PORT")
|
||||
echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function install_zeronet_blog {
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
|
|
|
@ -103,100 +103,6 @@ function configure_firewall_ping {
|
|||
echo 'configure_firewall_ping' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_voip {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Mumble $VOIP_PORT")
|
||||
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_syncthing {
|
||||
if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
|
||||
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_voip_turn {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("TURN $VOIP_TURN_PORT")
|
||||
OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
|
||||
echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
|
||||
function configure_firewall_for_sip4 {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("SIP $SIP_PORT")
|
||||
OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT")
|
||||
echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_ipfs {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("IPFS $IPFS_PORT")
|
||||
echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_avahi {
|
||||
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
|
||||
return
|
||||
|
@ -212,89 +118,6 @@ function configure_firewall_for_avahi {
|
|||
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_cjdns {
|
||||
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ENABLE_CJDNS != "yes" ]]; then
|
||||
return
|
||||
fi
|
||||
ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
|
||||
ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_batman {
|
||||
if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ENABLE_BATMAN != "yes" ]]; then
|
||||
return
|
||||
fi
|
||||
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_babel {
|
||||
if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $ENABLE_BABEL != "yes" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Babel $BABEL_PORT")
|
||||
echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_zeronet {
|
||||
if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
|
||||
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("ZeroNet $ZERONET_PORT")
|
||||
OPEN_PORTS+=("Tracker $TRACKER_PORT")
|
||||
echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_dlna {
|
||||
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p udp --dport 1900 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('DLNA 1900')
|
||||
OPEN_PORTS+=('DLNA 8200')
|
||||
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_dns {
|
||||
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
|
||||
return
|
||||
|
@ -309,55 +132,6 @@ function configure_firewall_for_dns {
|
|||
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_xmpp {
|
||||
if [ ! -d /etc/prosody ]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('XMPP 5222-5223')
|
||||
OPEN_PORTS+=('XMPP 5269')
|
||||
OPEN_PORTS+=('XMPP 5280-5281')
|
||||
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_irc {
|
||||
if [ ! -d /etc/ngircd ]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
|
||||
iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("IRC $IRC_PORT")
|
||||
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_web_access {
|
||||
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
|
||||
return
|
||||
|
@ -398,25 +172,6 @@ function configure_firewall_for_web_server {
|
|||
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_tox {
|
||||
if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=("Tox $TOX_PORT")
|
||||
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_ssh {
|
||||
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
|
||||
return
|
||||
|
@ -453,34 +208,6 @@ function configure_firewall_for_git {
|
|||
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_email {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
|
||||
return
|
||||
fi
|
||||
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
|
||||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
if [[ $ONION_ONLY != "no" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
|
||||
function_check save_firewall_settings
|
||||
save_firewall_settings
|
||||
|
||||
OPEN_PORTS+=('Email 25')
|
||||
OPEN_PORTS+=('Email 587')
|
||||
OPEN_PORTS+=('Email 465')
|
||||
OPEN_PORTS+=('Email 993')
|
||||
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_internet_protocol {
|
||||
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
|
||||
return
|
||||
|
|
Loading…
Reference in New Issue