Move firewall functions into app scripts

This commit is contained in:
Bob Mottram 2016-07-03 18:52:57 +01:00
parent fe53a43e9f
commit bc76f9237f
14 changed files with 631 additions and 625 deletions

View File

@ -32,6 +32,21 @@
ENABLE_BABEL="no"
BABEL_PORT=6696
function configure_firewall_for_babel {
if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BABEL != "yes" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Babel $BABEL_PORT")
echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
}
function mesh_babel {
if grep -Fxq "mesh_babel" $COMPLETION_FILE; then
return

View File

@ -32,6 +32,19 @@
ENABLE_BATMAN="no"
BATMAN_CELLID='any'
function configure_firewall_for_batman {
if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
return
fi
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
}
function mesh_batman {
if grep -Fxq "mesh_batman" $COMPLETION_FILE; then
return

View File

@ -40,6 +40,20 @@ CJDNS_COMMIT='13189fde111d0500427a7a0ce06a970753527bca'
CJDCMD_REPO="https://github.com/inhies/cjdcmd"
CJDCMD_COMMIT='973cca6ed0eecf9041c3403a40193c0b1291b808'
function configure_firewall_for_cjdns {
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
}
function get_cjdns_public_key {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "cjdns public key" /home/$MY_USERNAME/README; then
@ -382,6 +396,9 @@ function mesh_cjdns {
chmod 600 /home/$MY_USERNAME/README
fi
function_check configure_firewall_for_cjdns
configure_firewall_for_cjdns
echo 'mesh_cjdns' >> $COMPLETION_FILE
}

View File

@ -28,6 +28,27 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function configure_firewall_for_dlna {
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
return
fi
iptables -A INPUT -p udp --dport 1900 -j ACCEPT
iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('DLNA 1900')
OPEN_PORTS+=('DLNA 8200')
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
}
function install_dlna_server {
if grep -Fxq "install_dlna_server" $COMPLETION_FILE; then
return

View File

@ -78,6 +78,34 @@ GPGIT_COMMIT='583dc76119f19420f8a33f606744faa7c8922738'
# refresh gpg keys every few hours
REFRESH_GPG_KEYS_HOURS=2
function configure_firewall_for_email {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('Email 25')
OPEN_PORTS+=('Email 587')
OPEN_PORTS+=('Email 465')
OPEN_PORTS+=('Email 993')
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
}
function encrypt_incoming_email {
# encrypts incoming mail using your GPG public key
# so even if an attacker gains access to the data at rest they still need

View File

@ -32,6 +32,24 @@ IPFS_GO_REPO="https://github.com/ipfs/go-ipfs"
IPFS_COMMIT='20b06a4cbce8884f5b194da6e98cb11f2c77f166'
IPFS_PORT=4001
function configure_firewall_for_ipfs {
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("IPFS $IPFS_PORT")
echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
}
function install_ipfs {
if [[ $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" ]]; then
return
@ -163,5 +181,8 @@ function install_ipfs {
rm /tmp/ipfsid
fi
function_check configure_firewall_for_ipfs
configure_firewall_for_ipfs
echo 'install_ipfs' >> $COMPLETION_FILE
}

View File

@ -34,6 +34,29 @@ IRC_ONION_PORT=6697
# An optional password to log into IRC. This applies to all users
IRC_PASSWORD=
function configure_firewall_for_irc {
if [ ! -d /etc/ngircd ]; then
return
fi
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("IRC $IRC_PORT")
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
}
function install_irc_server {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return

View File

@ -53,6 +53,25 @@ function get_voip_server_password {
fi
}
function configure_firewall_for_voip {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Mumble $VOIP_PORT")
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
}
function install_mumble {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return

View File

@ -35,6 +35,50 @@ VOIP_TURN_PORT=3478
VOIP_TURN_TLS_PORT=5349
VOIP_TURN_NONCE=
function configure_firewall_for_voip_turn {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("TURN $VOIP_TURN_PORT")
OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
}
function configure_firewall_for_sip4 {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("SIP $SIP_PORT")
OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT")
echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
}
function get_sip_server_password {
if [ -f /home/$MY_USERNAME/README ]; then
if grep -q "SIP server password" /home/$MY_USERNAME/README; then

View File

@ -37,6 +37,19 @@ SYNCTHING_PORT=22000
SYNCTHING_SHARED_DATA=/var/lib/syncthing/SyncShared
SYNCTHING_USER_IDS_FILE='.syncthingids'
function configure_firewall_for_syncthing {
if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
return
fi
iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
}
function install_syncthing {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return

View File

@ -44,6 +44,25 @@ TOXIC_REPO="https://github.com/Tox/toxic"
TOXIC_COMMIT='cf16849b374e484a33a4dffa3dfb937b59d537f2'
TOXIC_FILE=/usr/local/bin/toxic
function configure_firewall_for_tox {
if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Tox $TOX_PORT")
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
}
function tox_avahi {
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return

View File

@ -35,6 +35,32 @@ XMPP_PASSWORD=
XMPP_CIPHERS='"EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA"'
XMPP_ECC_CURVE='"secp384r1"'
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('XMPP 5222-5223')
OPEN_PORTS+=('XMPP 5269')
OPEN_PORTS+=('XMPP 5280-5281')
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
}
function update_prosody_modules {
if [ ! -d $INSTALL_DIR/prosody-modules ]; then
return

View File

@ -45,6 +45,26 @@ ZERONET_DEFAULT_MAIL_TAGLINE="Mail for the Mesh"
ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID"
ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b'
function configure_firewall_for_zeronet {
if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("ZeroNet $ZERONET_PORT")
OPEN_PORTS+=("Tracker $TRACKER_PORT")
echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
}
function install_zeronet_blog {
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return

View File

@ -103,100 +103,6 @@ function configure_firewall_ping {
echo 'configure_firewall_ping' >> $COMPLETION_FILE
}
function configure_firewall_for_voip {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Mumble $VOIP_PORT")
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
}
function configure_firewall_for_syncthing {
if grep -Fxq "configure_firewall_for_syncthing" $COMPLETION_FILE; then
return
fi
iptables -A INPUT -p udp --dport $SYNCTHING_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SYNCTHING_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Syncthing $SYNCTHING_PORT")
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
}
function configure_firewall_for_voip_turn {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_voip_turn" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p udp --dport $VOIP_TURN_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_TURN_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $VOIP_TURN_TLS_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("TURN $VOIP_TURN_PORT")
OPEN_PORTS+=("TURN TLS $VOIP_TURN_TLS_PORT")
echo 'configure_firewall_for_voip_turn' >> $COMPLETION_FILE
}
function configure_firewall_for_sip4 {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_sip4" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p udp --dport $SIP_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SIP_PORT -j ACCEPT
iptables -A INPUT -p udp --dport $SIP_TLS_PORT -j ACCEPT
iptables -A INPUT -p tcp --dport $SIP_TLS_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("SIP $SIP_PORT")
OPEN_PORTS+=("SIP TLS $SIP_TLS_PORT")
echo 'configure_firewall_for_sip4' >> $COMPLETION_FILE
}
function configure_firewall_for_ipfs {
if [[ $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_ipfs" $COMPLETION_FILE; then
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport $IPFS_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("IPFS $IPFS_PORT")
echo 'configure_firewall_for_ipfs' >> $COMPLETION_FILE
}
function configure_firewall_for_avahi {
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
return
@ -212,89 +118,6 @@ function configure_firewall_for_avahi {
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
}
function configure_firewall_for_cjdns {
if grep -Fxq "configure_firewall_for_cjdns" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_CJDNS != "yes" ]]; then
return
fi
ip6tables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
ip6tables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_cjdns' >> $COMPLETION_FILE
}
function configure_firewall_for_batman {
if grep -Fxq "configure_firewall_for_batman" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BATMAN != "yes" ]]; then
return
fi
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_batman' >> $COMPLETION_FILE
}
function configure_firewall_for_babel {
if grep -Fxq "configure_firewall_for_babel" $COMPLETION_FILE; then
return
fi
if [[ $ENABLE_BABEL != "yes" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $BABEL_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Babel $BABEL_PORT")
echo 'configure_firewall_for_babel' >> $COMPLETION_FILE
}
function configure_firewall_for_zeronet {
if grep -Fxq "configure_firewall_for_zeronet" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT
iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("ZeroNet $ZERONET_PORT")
OPEN_PORTS+=("Tracker $TRACKER_PORT")
echo 'configure_firewall_for_zeronet' >> $COMPLETION_FILE
}
function configure_firewall_for_dlna {
if grep -Fxq "configure_firewall_for_dlna" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
return
fi
iptables -A INPUT -p udp --dport 1900 -j ACCEPT
iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('DLNA 1900')
OPEN_PORTS+=('DLNA 8200')
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
}
function configure_firewall_for_dns {
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
return
@ -309,55 +132,6 @@ function configure_firewall_for_dns {
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
}
function configure_firewall_for_xmpp {
if [ ! -d /etc/prosody ]; then
return
fi
if grep -Fxq "configure_firewall_for_xmpp" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('XMPP 5222-5223')
OPEN_PORTS+=('XMPP 5269')
OPEN_PORTS+=('XMPP 5280-5281')
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
}
function configure_firewall_for_irc {
if [ ! -d /etc/ngircd ]; then
return
fi
if grep -Fxq "configure_firewall_for_irc" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("IRC $IRC_PORT")
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
}
function configure_firewall_for_web_access {
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
return
@ -398,25 +172,6 @@ function configure_firewall_for_web_server {
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
}
function configure_firewall_for_tox {
if grep -Fxq "configure_firewall_for_tox" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Tox $TOX_PORT")
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
}
function configure_firewall_for_ssh {
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
return
@ -453,34 +208,6 @@ function configure_firewall_for_git {
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
}
function configure_firewall_for_email {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" || $SYSTEM_TYPE == "$VARIANT_MESH" || $SYSTEM_TYPE == "$VARIANT_NONMAILBOX" ]]; then
return
fi
if grep -Fxq "configure_firewall_for_email" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('Email 25')
OPEN_PORTS+=('Email 587')
OPEN_PORTS+=('Email 465')
OPEN_PORTS+=('Email 993')
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
}
function configure_internet_protocol {
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
return