Allow icmp for mesh variant
This commit is contained in:
Bob Mottram
parent
c70b67051b
commit
142a41319a
|
|
@ -1505,8 +1505,8 @@ function mesh_cjdns {
|
|||
fi
|
||||
fi
|
||||
|
||||
ip6tables -A INPUT -i eth0 -p udp --dport $CJDNS_PORT -j ACCEPT
|
||||
ip6tables -A INPUT -i eth0 -p tcp --dport $CJDNS_PORT -j ACCEPT
|
||||
ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
|
||||
ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
|
||||
save_firewall_settings
|
||||
|
||||
if ! grep -q "Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
|
||||
|
|
@ -5887,6 +5887,20 @@ function save_firewall_settings {
|
|||
chmod +x /etc/network/if-up.d/iptables
|
||||
}
|
||||
|
||||
function configure_firewall_ping {
|
||||
if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
# Only allow ping for mesh installs
|
||||
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_ping' >> $COMPLETION_FILE
|
||||
}
|
||||
|
||||
function configure_firewall_for_voip {
|
||||
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
|
||||
return
|
||||
|
|
@ -5894,8 +5908,8 @@ function configure_firewall_for_voip {
|
|||
if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p udp --dport $VOIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport $VOIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -5967,8 +5981,8 @@ function configure_firewall_for_dlna {
|
|||
if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p udp --dport 1900 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 8200 -j ACCEPT
|
||||
iptables -A INPUT -p udp --dport 1900 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -5981,7 +5995,7 @@ function configure_firewall_for_dns {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -5997,9 +6011,9 @@ function configure_firewall_for_xmpp {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6015,9 +6029,9 @@ function configure_firewall_for_irc {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport $IRC_PORT -j ACCEPT
|
||||
iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $IRC_PORT -j ACCEPT
|
||||
iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 9999 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6043,8 +6057,8 @@ function configure_firewall_for_web_access {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6057,8 +6071,8 @@ function configure_firewall_for_web_server {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6071,7 +6085,7 @@ function configure_firewall_for_tox {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport $TOX_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6084,8 +6098,8 @@ function configure_firewall_for_ssh {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6098,7 +6112,7 @@ function configure_firewall_for_git {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -6114,10 +6128,10 @@ function configure_firewall_for_email {
|
|||
# docker does its own firewalling
|
||||
return
|
||||
fi
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
|
||||
iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 587 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 465 -j ACCEPT
|
||||
iptables -A INPUT -p tcp --dport 993 -j ACCEPT
|
||||
save_firewall_settings
|
||||
echo 'configure_firewall_for_email' >> $COMPLETION_FILE
|
||||
}
|
||||
|
|
@ -9883,8 +9897,14 @@ function intrusion_detection {
|
|||
fi
|
||||
# Avoid logging the changed database
|
||||
sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
|
||||
# recreate the configuration
|
||||
echo '
|
||||
|
||||
' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
|
||||
# reset
|
||||
echo '
|
||||
|
||||
|
||||
|
||||
' | reset-tripwire
|
||||
|
||||
|
|
@ -10241,6 +10261,7 @@ check_domains
|
|||
install_not_on_BBB
|
||||
remove_default_user
|
||||
configure_firewall
|
||||
configure_firewall_ping
|
||||
configure_firewall_for_ssh
|
||||
configure_firewall_for_dns
|
||||
configure_firewall_for_ftp
|
||||
|
|
|
|||
Loading…
Reference in New Issue