free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Move firewall functions to their logical homes

This commit is contained in:
Bob Mottram 2016-10-22 18:26:17 +01:00
parent a94295ef52
commit 66bdd41ec1
6 changed files with 74 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/freedombone-utils-avahi
View File

@ -126,4 +126,19 @@ function install_avahi {
mark_completed $FUNCNAME
}
function configure_firewall_for_avahi {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
iptables -A INPUT -p udp --dport 548 -j ACCEPT
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
mark_completed $FUNCNAME
}
# NOTE: deliberately there is no "exit 0"

14
src/freedombone-utils-dns
View File

@ -203,4 +203,18 @@ function set_your_domain_name {
mark_completed $FUNCNAME
}
function configure_firewall_for_dns {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

91
src/freedombone-utils-firewall
View File

@ -118,97 +118,6 @@ function configure_firewall_ping {
mark_completed $FUNCNAME
}
function configure_firewall_for_avahi {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
iptables -A INPUT -p udp --dport 548 -j ACCEPT
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
mark_completed $FUNCNAME
}
function configure_firewall_for_dns {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
mark_completed $FUNCNAME
}
function configure_firewall_for_web_access {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_remove 80 tcp
firewall_remove 443 tcp
mark_completed $FUNCNAME
}
function configure_firewall_for_web_server {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add HTTP 80 tcp
firewall_add HTTPS 443 tcp
mark_completed $FUNCNAME
}
function configure_firewall_for_ssh {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
firewall_add SSH ${SSH_PORT} tcp
mark_completed $FUNCNAME
}
function configure_firewall_for_git {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add Git 9418 tcp
mark_completed $FUNCNAME
}
function configure_internet_protocol {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return

16
src/freedombone-utils-git
View File

@ -136,4 +136,20 @@ function set_repo_commit {
fi
}
function configure_firewall_for_git {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add Git 9418 tcp
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

13
src/freedombone-utils-ssh
View File

@ -139,4 +139,17 @@ function regenerate_ssh_keys {
mark_completed $FUNCNAME
}
function configure_firewall_for_ssh {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
firewall_add SSH ${SSH_PORT} tcp
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0

16
src/freedombone-utils-web
View File

@ -598,4 +598,20 @@ function remove_certs {
fi
}
function configure_firewall_for_web_access {
if [[ $(is_completed $FUNCNAME) == "1" ]]; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
firewall_add HTTP 80 tcp
firewall_add HTTPS 443 tcp
mark_completed $FUNCNAME
}
# NOTE: deliberately no exit 0