From 3714095c0db320ca559ec17829b0dd250f1113c9 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 28 Jul 2017 22:46:36 +0100
Subject: [PATCH] Firewall for keyserver

---
 src/freedombone-app-keyserver | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver
index 3d15bb62..6b5c39b5 100755
--- a/src/freedombone-app-keyserver
+++ b/src/freedombone-app-keyserver
@@ -46,6 +46,16 @@ keyserver_variables=(ONION_ONLY
                      KEYSERVER_DOMAIN_NAME
                      KEYSERVER_CODE)
 
+function configure_firewall_for_keyserver {
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    firewall_add keyserver 11370 tcp
+    firewall_add keyserver 11371 tcp
+    firewall_add keyserver 11372 tcp
+    mark_completed $FUNCNAME
+}
+
 function logging_on_keyserver {
     echo -n ''
 }
@@ -133,6 +143,10 @@ function remove_keyserver {
     remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
     remove_completion_param "install_keyserver"
 
+    firewall_remove 11370 tcp
+    firewall_remove 11371 tcp
+    firewall_remove 11372 tcp
+
     sed -i '/keyserver/d' $COMPLETION_FILE
     if [ -d /var/lib/sks ]; then
         rm -rf /var/lib/sks
@@ -373,6 +387,8 @@ function install_keyserver {
     function_check nginx_ensite
     nginx_ensite $KEYSERVER_DOMAIN_NAME
 
+    configure_firewall_for_keyserver
+
     systemctl restart nginx
 
     set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"