Tidying gnusocial utils
This commit is contained in:
parent
05f39281f2
commit
8b4ddff6eb
|
@ -131,7 +131,7 @@ function create_freedns_updater {
|
||||||
}
|
}
|
||||||
|
|
||||||
function add_ddns_domain {
|
function add_ddns_domain {
|
||||||
if [ ! $1 ]; then
|
if [ ! "$1" ]; then
|
||||||
echo $'ddns domain not specified'
|
echo $'ddns domain not specified'
|
||||||
exit 5638
|
exit 5638
|
||||||
fi
|
fi
|
||||||
|
@ -147,10 +147,10 @@ function add_ddns_domain {
|
||||||
exit 5745
|
exit 5745
|
||||||
fi
|
fi
|
||||||
if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
|
if ! grep -q "$DDNS_PROVIDER" /etc/inadyn.conf; then
|
||||||
echo '' >> /etc/inadyn.conf
|
{ echo '';
|
||||||
echo "system $DDNS_PROVIDER" >> /etc/inadyn.conf
|
echo "system $DDNS_PROVIDER";
|
||||||
echo ' ssl' >> /etc/inadyn.conf
|
echo ' ssl';
|
||||||
echo " checkip-url $GET_IP_ADDRESS_URL /" >> /etc/inadyn.conf
|
echo " checkip-url $GET_IP_ADDRESS_URL /"; } >> /etc/inadyn.conf
|
||||||
if [ $DDNS_USERNAME ]; then
|
if [ $DDNS_USERNAME ]; then
|
||||||
echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
|
echo " username $DDNS_USERNAME" >> /etc/inadyn.conf
|
||||||
fi
|
fi
|
||||||
|
@ -168,7 +168,7 @@ function add_ddns_domain {
|
||||||
}
|
}
|
||||||
|
|
||||||
function remove_ddns_domain {
|
function remove_ddns_domain {
|
||||||
if [ ! $1 ]; then
|
if [ ! "$1" ]; then
|
||||||
echo $'ddns domain not specified'
|
echo $'ddns domain not specified'
|
||||||
exit 5638
|
exit 5638
|
||||||
fi
|
fi
|
||||||
|
@ -203,14 +203,14 @@ function configure_dns {
|
||||||
# allow changes to resolv.conf
|
# allow changes to resolv.conf
|
||||||
chattr -i $resolvconf
|
chattr -i $resolvconf
|
||||||
|
|
||||||
echo 'domain localdomain' > $resolvconf
|
{ echo 'domain localdomain';
|
||||||
echo 'search localdomain' >> $resolvconf
|
echo 'search localdomain';
|
||||||
echo "nameserver $NAMESERVER1" >> $resolvconf
|
echo "nameserver $NAMESERVER1";
|
||||||
echo "nameserver $NAMESERVER2" >> $resolvconf
|
echo "nameserver $NAMESERVER2";
|
||||||
echo "nameserver $NAMESERVER3" >> $resolvconf
|
echo "nameserver $NAMESERVER3";
|
||||||
echo "nameserver $NAMESERVER4" >> $resolvconf
|
echo "nameserver $NAMESERVER4";
|
||||||
echo "nameserver $NAMESERVER5" >> $resolvconf
|
echo "nameserver $NAMESERVER5";
|
||||||
echo "nameserver $NAMESERVER6" >> $resolvconf
|
echo "nameserver $NAMESERVER6"; } > $resolvconf
|
||||||
|
|
||||||
# prevent resolv.conf from changing
|
# prevent resolv.conf from changing
|
||||||
resolvconf -u
|
resolvconf -u
|
||||||
|
@ -222,7 +222,7 @@ function set_hostname {
|
||||||
DEFAULT_DOMAIN_NAME="$1"
|
DEFAULT_DOMAIN_NAME="$1"
|
||||||
|
|
||||||
echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
|
echo "$DEFAULT_DOMAIN_NAME" > /etc/hostname
|
||||||
hostname $DEFAULT_DOMAIN_NAME
|
hostname "$DEFAULT_DOMAIN_NAME"
|
||||||
echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
|
echo "$DEFAULT_DOMAIN_NAME" > /etc/mailname
|
||||||
|
|
||||||
if grep -q "127.0.1.1" /etc/hosts; then
|
if grep -q "127.0.1.1" /etc/hosts; then
|
||||||
|
@ -238,7 +238,7 @@ function set_your_domain_name {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
function_check set_hostname
|
function_check set_hostname
|
||||||
set_hostname $DEFAULT_DOMAIN_NAME
|
set_hostname "$DEFAULT_DOMAIN_NAME"
|
||||||
|
|
||||||
mark_completed "${FUNCNAME[0]}"
|
mark_completed "${FUNCNAME[0]}"
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,44 +32,45 @@ TOMB_REPO="https://github.com/dyne/Tomb"
|
||||||
TOMB_COMMIT='c80ebd6d6ed77980eb5b559757e03ea13a29bdd1'
|
TOMB_COMMIT='c80ebd6d6ed77980eb5b559757e03ea13a29bdd1'
|
||||||
|
|
||||||
function mesh_install_tomb {
|
function mesh_install_tomb {
|
||||||
chroot ${rootdir} apt-get -yq install cryptsetup zsh pinentry-curses
|
# shellcheck disable=SC2154
|
||||||
|
chroot "${rootdir}" apt-get -yq install cryptsetup zsh pinentry-curses
|
||||||
|
|
||||||
if [ ! -d ${rootdir}/$INSTALL_DIR ]; then
|
if [ ! -d "${rootdir}/$INSTALL_DIR" ]; then
|
||||||
mkdir -p ${rootdir}/$INSTALL_DIR
|
mkdir -p "${rootdir}/$INSTALL_DIR"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d /repos/tomb ]; then
|
if [ -d /repos/tomb ]; then
|
||||||
mkdir ${rootdir}/$INSTALL_DIR/tomb
|
mkdir "${rootdir}/$INSTALL_DIR/tomb"
|
||||||
cp -r -p /repos/tomb/. ${rootdir}/$INSTALL_DIR/tomb
|
cp -r -p /repos/tomb/. "${rootdir}/$INSTALL_DIR/tomb"
|
||||||
cd ${rootdir}/$INSTALL_DIR/tomb
|
cd "${rootdir}/$INSTALL_DIR/tomb" || exit 3648368
|
||||||
git pull
|
git pull
|
||||||
else
|
else
|
||||||
git_clone $TOMB_REPO ${rootdir}/$INSTALL_DIR/tomb
|
git_clone "$TOMB_REPO" "${rootdir}/$INSTALL_DIR/tomb"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cd ${rootdir}/$INSTALL_DIR/tomb
|
cd "${rootdir}/$INSTALL_DIR/tomb" || exit 7346384
|
||||||
|
|
||||||
git checkout $TOMB_COMMIT -b $TOMB_COMMIT
|
git checkout $TOMB_COMMIT -b $TOMB_COMMIT
|
||||||
|
|
||||||
chroot ${rootdir} /bin/bash -x <<EOF
|
chroot "${rootdir}" /bin/bash -x <<EOF
|
||||||
cd $INSTALL_DIR/tomb
|
cd $INSTALL_DIR/tomb
|
||||||
make install
|
make install
|
||||||
EOF
|
EOF
|
||||||
if [ ! -f ${rootdir}/usr/local/bin/tomb ]; then
|
if [ ! -f "${rootdir}/usr/local/bin/tomb" ]; then
|
||||||
exit 93462
|
exit 93462
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function install_tomb {
|
function install_tomb {
|
||||||
if [ $INSTALLING_MESH ]; then
|
if [ "$INSTALLING_MESH" ]; then
|
||||||
mesh_install_tomb
|
mesh_install_tomb
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
function_check set_repo_commit
|
function_check set_repo_commit
|
||||||
set_repo_commit $INSTALL_DIR/tomb "tomb commit" "$TOMB_COMMIT" $TOMB_REPO
|
set_repo_commit "$INSTALL_DIR/tomb" "tomb commit" "$TOMB_COMMIT" "$TOMB_REPO"
|
||||||
|
|
||||||
if [ -f $COMPLETION_FILE ]; then
|
if [ -f "$COMPLETION_FILE" ]; then
|
||||||
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
|
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
@ -77,22 +78,22 @@ function install_tomb {
|
||||||
|
|
||||||
apt-get -yq install cryptsetup zsh pinentry-curses
|
apt-get -yq install cryptsetup zsh pinentry-curses
|
||||||
|
|
||||||
if [ ! -d $INSTALL_DIR ]; then
|
if [ ! -d "$INSTALL_DIR" ]; then
|
||||||
mkdir -p $INSTALL_DIR
|
mkdir -p "$INSTALL_DIR"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -d /repos/tomb ]; then
|
if [ -d /repos/tomb ]; then
|
||||||
mkdir $INSTALL_DIR/tomb
|
mkdir "$INSTALL_DIR/tomb"
|
||||||
cp -r -p /repos/tomb/. $INSTALL_DIR/tomb
|
cp -r -p /repos/tomb/. "$INSTALL_DIR/tomb"
|
||||||
cd $INSTALL_DIR/tomb
|
cd "$INSTALL_DIR/tomb" || exit 7684638
|
||||||
git pull
|
git pull
|
||||||
else
|
else
|
||||||
git_clone $TOMB_REPO $INSTALL_DIR/tomb
|
git_clone "$TOMB_REPO" "$INSTALL_DIR/tomb"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
cd $INSTALL_DIR/tomb
|
cd "$INSTALL_DIR/tomb" || exit 364863463
|
||||||
|
|
||||||
git checkout $TOMB_COMMIT -b $TOMB_COMMIT
|
git checkout "$TOMB_COMMIT" -b "$TOMB_COMMIT"
|
||||||
set_completion_param "tomb commit" "$TOMB_COMMIT"
|
set_completion_param "tomb commit" "$TOMB_COMMIT"
|
||||||
|
|
||||||
make install
|
make install
|
||||||
|
|
|
@ -33,9 +33,9 @@ function install_final {
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
# unmount any attached usb drive
|
# unmount any attached usb drive
|
||||||
if [ -d $USB_MOUNT ]; then
|
if [ -d "$USB_MOUNT" ]; then
|
||||||
umount $USB_MOUNT
|
umount "$USB_MOUNT"
|
||||||
rm -rf $USB_MOUNT
|
rm -rf "$USB_MOUNT"
|
||||||
fi
|
fi
|
||||||
function_check split_gpg_key_into_fragments
|
function_check split_gpg_key_into_fragments
|
||||||
split_gpg_key_into_fragments
|
split_gpg_key_into_fragments
|
||||||
|
@ -63,32 +63,32 @@ $(get_ssh_server_key)
|
||||||
echo ''
|
echo ''
|
||||||
|
|
||||||
# add user menu on ssh login
|
# add user menu on ssh login
|
||||||
if ! grep -q 'controluser' /home/$MY_USERNAME/.bashrc; then
|
if ! grep -q 'controluser' "/home/$MY_USERNAME/.bashrc"; then
|
||||||
echo 'controluser' >> /home/$MY_USERNAME/.bashrc
|
echo 'controluser' >> "/home/$MY_USERNAME/.bashrc"
|
||||||
fi
|
fi
|
||||||
if [ ! -f $IMAGE_PASSWORD_FILE ]; then
|
if [ ! -f "$IMAGE_PASSWORD_FILE" ]; then
|
||||||
if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then
|
if [ -f "/root/${PROJECT_NAME}-wifi.cfg" ]; then
|
||||||
create_wifi_startup_script
|
create_wifi_startup_script
|
||||||
echo ''
|
echo ''
|
||||||
echo $'Shutting down the system. Detatch the ethernet cable, attach wifi dongle, then power on again.'
|
echo $'Shutting down the system. Detatch the ethernet cable, attach wifi dongle, then power on again.'
|
||||||
echo ''
|
echo ''
|
||||||
${PROJECT_NAME}-logging off --restart
|
"${PROJECT_NAME}-logging" off --restart
|
||||||
systemctl poweroff
|
systemctl poweroff
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
echo $'Turning off logging'
|
echo $'Turning off logging'
|
||||||
${PROJECT_NAME}-logging off --restart
|
"${PROJECT_NAME}-logging" off --restart
|
||||||
echo $'Rebooting the system'
|
echo $'Rebooting the system'
|
||||||
systemctl reboot -i
|
systemctl reboot -i
|
||||||
fi
|
fi
|
||||||
echo $'Turning off logging'
|
echo $'Turning off logging'
|
||||||
${PROJECT_NAME}-logging off --restart
|
"${PROJECT_NAME}-logging" off --restart
|
||||||
}
|
}
|
||||||
|
|
||||||
function update_installed_apps_list {
|
function update_installed_apps_list {
|
||||||
# Why does this secondary file exist, apart from COMPLETION_FILE ?
|
# Why does this secondary file exist, apart from COMPLETION_FILE ?
|
||||||
# It's so that it is visible to unprivileged users from the user control panel
|
# It's so that it is visible to unprivileged users from the user control panel
|
||||||
cat $COMPLETION_FILE | grep "install_" > /usr/share/${PROJECT_NAME}/installed.txt
|
grep "install_" "$COMPLETION_FILE" > "/usr/share/${PROJECT_NAME}/installed.txt"
|
||||||
}
|
}
|
||||||
|
|
||||||
function create_default_user_removal_daemon {
|
function create_default_user_removal_daemon {
|
||||||
|
@ -96,31 +96,31 @@ function create_default_user_removal_daemon {
|
||||||
|
|
||||||
first_start_daemon_filename=/etc/systemd/system/firststart.service
|
first_start_daemon_filename=/etc/systemd/system/firststart.service
|
||||||
first_start_script=/usr/local/bin/firststart
|
first_start_script=/usr/local/bin/firststart
|
||||||
echo '#!/bin/bash' > $first_start_script
|
{ echo '#!/bin/bash';
|
||||||
echo 'if [ -d /home/fbone]; then' >> $first_start_script
|
echo 'if [ -d /home/fbone]; then';
|
||||||
echo ' userdel -r fbone' >> $first_start_script
|
echo ' userdel -r fbone';
|
||||||
echo ' if [ -d /home/fbone]; then' >> $first_start_script
|
echo ' if [ -d /home/fbone]; then';
|
||||||
echo ' rm -rf /home/fbone' >> $first_start_script
|
echo ' rm -rf /home/fbone';
|
||||||
echo ' fi' >> $first_start_script
|
echo ' fi';
|
||||||
echo 'fi' >> $first_start_script
|
echo 'fi';
|
||||||
echo 'systemctl disable firststart' >> $first_start_script
|
echo 'systemctl disable firststart';
|
||||||
echo "rm $first_start_daemon_filename" >> $first_start_script
|
echo "rm $first_start_daemon_filename"; } > $first_start_script
|
||||||
chmod +x $first_start_script
|
chmod +x $first_start_script
|
||||||
|
|
||||||
echo '[Unit]' > $first_start_daemon_filename
|
{ echo '[Unit]';
|
||||||
echo 'Description=Daemon run on first boot' >> $first_start_daemon_filename
|
echo 'Description=Daemon run on first boot';
|
||||||
echo 'After=syslog.target' >> $first_start_daemon_filename
|
echo 'After=syslog.target';
|
||||||
echo 'After=network.target' >> $first_start_daemon_filename
|
echo 'After=network.target';
|
||||||
echo '' >> $first_start_daemon_filename
|
echo '';
|
||||||
echo '[Service]' >> $first_start_daemon_filename
|
echo '[Service]';
|
||||||
echo 'User=root' >> $first_start_daemon_filename
|
echo 'User=root';
|
||||||
echo 'Group=root' >> $first_start_daemon_filename
|
echo 'Group=root';
|
||||||
echo "ExecStart=$first_start_script" >> $first_start_daemon_filename
|
echo "ExecStart=$first_start_script";
|
||||||
echo 'StandardOutput=syslog' >> $first_start_daemon_filename
|
echo 'StandardOutput=syslog';
|
||||||
echo 'StandardError=syslog' >> $first_start_daemon_filename
|
echo 'StandardError=syslog';
|
||||||
echo '' >> $first_start_daemon_filename
|
echo '';
|
||||||
echo '[Install]' >> $first_start_daemon_filename
|
echo '[Install]';
|
||||||
echo 'WantedBy=multi-user.target' >> $first_start_daemon_filename
|
echo 'WantedBy=multi-user.target'; } > $first_start_daemon_filename
|
||||||
systemctl enable firststart
|
systemctl enable firststart
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -47,7 +47,7 @@ function save_firewall_settings {
|
||||||
}
|
}
|
||||||
|
|
||||||
function firewall_block_bad_ip_ranges {
|
function firewall_block_bad_ip_ranges {
|
||||||
if [ $INSTALLING_MESH ]; then
|
if [ "$INSTALLING_MESH" ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
|
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
|
||||||
|
@ -135,13 +135,13 @@ function firewall_enable_vpn {
|
||||||
}
|
}
|
||||||
|
|
||||||
function configure_firewall {
|
function configure_firewall {
|
||||||
if [ $INSTALLING_MESH ]; then
|
if [ "$INSTALLING_MESH" ]; then
|
||||||
mesh_firewall
|
mesh_firewall
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if grep -q "RELATED" /etc/firewall.conf; then
|
if grep -q "RELATED" /etc/firewall.conf; then
|
||||||
# recreate the firewall to remove RELATED
|
# recreate the firewall to remove RELATED
|
||||||
sed -i "/firewall/d" $COMPLETION_FILE
|
sed -i "/firewall/d" "$COMPLETION_FILE"
|
||||||
fi
|
fi
|
||||||
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
|
if [[ $(is_completed "${FUNCNAME[0]}") == "1" ]]; then
|
||||||
return
|
return
|
||||||
|
@ -276,10 +276,10 @@ function configure_internet_protocol {
|
||||||
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
|
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
|
||||||
fi
|
fi
|
||||||
if ! grep -q "keepalive" /etc/sysctl.conf; then
|
if ! grep -q "keepalive" /etc/sysctl.conf; then
|
||||||
echo '# keepalive' >> /etc/sysctl.conf
|
{ echo '# keepalive';
|
||||||
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
|
echo 'net.ipv4.tcp_keepalive_probes = 9';
|
||||||
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
|
echo 'net.ipv4.tcp_keepalive_intvl = 75';
|
||||||
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
|
echo 'net.ipv4.tcp_keepalive_time = 7200'; } >> /etc/sysctl.conf
|
||||||
fi
|
fi
|
||||||
if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
|
if ! grep -q "net.ipv4.conf.default.send_redirects" /etc/sysctl.conf; then
|
||||||
echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
|
echo "net.ipv4.conf.default.send_redirects = 0" >> /etc/sysctl.conf
|
||||||
|
@ -335,103 +335,100 @@ function configure_internet_protocol {
|
||||||
}
|
}
|
||||||
|
|
||||||
function mesh_firewall {
|
function mesh_firewall {
|
||||||
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
|
# shellcheck disable=SC2154
|
||||||
|
FIREWALL_FILENAME="${rootdir}/etc/systemd/system/meshfirewall.service"
|
||||||
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
|
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
|
||||||
|
|
||||||
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
|
{ echo '#!/bin/bash';
|
||||||
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -P INPUT ACCEPT';
|
||||||
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -P INPUT ACCEPT';
|
||||||
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -F';
|
||||||
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -F';
|
||||||
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -t nat -F';
|
||||||
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -t nat -F';
|
||||||
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -X';
|
||||||
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -X';
|
||||||
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -P INPUT DROP';
|
||||||
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -P INPUT DROP';
|
||||||
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -i lo -j ACCEPT';
|
||||||
echo 'ip6tables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -i lo -j ACCEPT';
|
||||||
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
|
||||||
echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT';
|
||||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
echo '';
|
||||||
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
|
echo '# Make sure incoming tcp connections are SYN packets';
|
||||||
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
|
||||||
echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP';
|
||||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
echo '';
|
||||||
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
|
echo '# Drop packets with incoming fragments';
|
||||||
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -f -j DROP';
|
||||||
echo 'ip6tables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -f -j DROP';
|
||||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
echo '';
|
||||||
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
|
echo '# Drop bogons';
|
||||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
|
||||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP';
|
||||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
|
||||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP';
|
||||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
|
||||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP';
|
||||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
echo '';
|
||||||
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
|
echo '# Incoming malformed NULL packets:';
|
||||||
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
|
||||||
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
|
echo 'ip6tables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP';
|
||||||
echo '' >> $MESH_FIREWALL_SCRIPT
|
echo '';
|
||||||
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
|
||||||
echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "ip6tables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT";
|
||||||
echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
|
||||||
echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "ip6tables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT";
|
||||||
echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
|
||||||
echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "ip6tables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT";
|
||||||
echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "iptables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
|
||||||
echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "ip6tables -A INPUT -p udp --dport $TRACKER_PORT -j ACCEPT";
|
||||||
echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "iptables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
|
||||||
echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "ip6tables -A INPUT -p tcp --dport $TRACKER_PORT -j ACCEPT";
|
||||||
echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "iptables -A INPUT -p udp --dport 1900 -j ACCEPT";
|
||||||
echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
|
echo "ip6tables -A INPUT -p udp --dport 1900 -j ACCEPT"; } > "$MESH_FIREWALL_SCRIPT"
|
||||||
chmod +x $MESH_FIREWALL_SCRIPT
|
chmod +x "$MESH_FIREWALL_SCRIPT"
|
||||||
|
|
||||||
echo '[Unit]' > $FIREWALL_FILENAME
|
{ echo '[Unit]';
|
||||||
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
|
echo 'Description=Mesh Firewall';
|
||||||
echo '' >> $FIREWALL_FILENAME
|
echo '';
|
||||||
echo '[Service]' >> $FIREWALL_FILENAME
|
echo '[Service]';
|
||||||
echo 'Type=oneshot' >> $FIREWALL_FILENAME
|
echo 'Type=oneshot';
|
||||||
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
|
echo 'ExecStart=/usr/bin/mesh-firewall';
|
||||||
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
|
echo 'RemainAfterExit=no';
|
||||||
echo '' >> $FIREWALL_FILENAME
|
echo '';
|
||||||
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
|
echo 'TimeoutSec=30';
|
||||||
echo '' >> $FIREWALL_FILENAME
|
echo '';
|
||||||
echo '[Install]' >> $FIREWALL_FILENAME
|
echo '[Install]';
|
||||||
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
|
echo 'WantedBy=multi-user.target'; } > "$FIREWALL_FILENAME"
|
||||||
chmod +x $FIREWALL_FILENAME
|
chmod +x "$FIREWALL_FILENAME"
|
||||||
chroot "$rootdir" systemctl enable meshfirewall
|
chroot "$rootdir" systemctl enable meshfirewall
|
||||||
}
|
}
|
||||||
|
|
||||||
function firewall_add {
|
function firewall_add {
|
||||||
firewall_name=$(echo "$1" | sed "s| |-|g")
|
firewall_name=$(string="$1" ; echo "${string// /-}")
|
||||||
firewall_port=$2
|
firewall_port=$2
|
||||||
firewall_protocol="$3"
|
firewall_protocol="$3"
|
||||||
|
|
||||||
if ! grep -q "${firewall_name}=${firewall_port}" $FIREWALL_CONFIG; then
|
if ! grep -q "${firewall_name}=${firewall_port}" "$FIREWALL_CONFIG"; then
|
||||||
echo "${firewall_name}=${firewall_port}" >> $FIREWALL_CONFIG
|
echo "${firewall_name}=${firewall_port}" >> "$FIREWALL_CONFIG"
|
||||||
if [ ! ${firewall_protocol} ]; then
|
if [ ! "${firewall_protocol}" ]; then
|
||||||
iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
|
if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
|
||||||
iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
|
if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
|
||||||
iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [[ "${firewall_protocol}" == *"udp"* ]]; then
|
if [[ "${firewall_protocol}" == *"udp"* ]]; then
|
||||||
iptables -C INPUT -p udp --dport ${firewall_port} -j ACCEPT
|
if ! iptables -C INPUT -p udp --dport "${firewall_port}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p udp --dport "${firewall_port}" -j ACCEPT
|
||||||
iptables -A INPUT -p udp --dport ${firewall_port} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
|
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
|
||||||
iptables -C INPUT -p tcp --dport ${firewall_port} -j ACCEPT
|
if ! iptables -C INPUT -p tcp --dport "${firewall_port}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
|
||||||
iptables -A INPUT -p tcp --dport ${firewall_port} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -440,33 +437,29 @@ function firewall_add {
|
||||||
}
|
}
|
||||||
|
|
||||||
function firewall_add_range {
|
function firewall_add_range {
|
||||||
firewall_name=$(echo "$1" | sed "s| |-|g")
|
firewall_name=$(string="$1" ; echo "${string// /-}")
|
||||||
firewall_port_start=$2
|
firewall_port_start=$2
|
||||||
firewall_port_end=$3
|
firewall_port_end=$3
|
||||||
firewall_protocol="$4"
|
firewall_protocol="$4"
|
||||||
|
|
||||||
if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" $FIREWALL_CONFIG; then
|
if ! grep -q "${firewall_name}=${firewall_port_start}:${firewall_port_end}" "$FIREWALL_CONFIG"; then
|
||||||
echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> $FIREWALL_CONFIG
|
echo "${firewall_name}=${firewall_port_start}:${firewall_port_end}" >> "$FIREWALL_CONFIG"
|
||||||
if [ ! ${firewall_protocol} ]; then
|
if [ ! "${firewall_protocol}" ]; then
|
||||||
iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
|
||||||
iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
|
||||||
iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [[ "${firewall_protocol}" == *"udp"* ]]; then
|
if [[ "${firewall_protocol}" == *"udp"* ]]; then
|
||||||
iptables -C INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
if ! iptables -C INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p udp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
|
||||||
iptables -A INPUT -p udp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
|
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
|
||||||
iptables -C INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
if ! iptables -C INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -p tcp --dport "${firewall_port_start}":"${firewall_port_end}" -j ACCEPT
|
||||||
iptables -A INPUT -p tcp --dport ${firewall_port_start}:${firewall_port_end} -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -479,23 +472,23 @@ function firewall_remove {
|
||||||
firewall_port=$1
|
firewall_port=$1
|
||||||
firewall_protocol="$2"
|
firewall_protocol="$2"
|
||||||
|
|
||||||
if [ ! -f $FIREWALL_CONFIG ]; then
|
if [ ! -f "$FIREWALL_CONFIG" ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if grep -q "=${firewall_port}" $FIREWALL_CONFIG; then
|
if grep -q "=${firewall_port}" "$FIREWALL_CONFIG"; then
|
||||||
if [ ! ${firewall_protocol} ]; then
|
if [ ! "${firewall_protocol}" ]; then
|
||||||
iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
|
iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
|
||||||
iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
|
iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
|
||||||
else
|
else
|
||||||
if [[ "${firewall_protocol}" == *"udp"* ]]; then
|
if [[ "${firewall_protocol}" == *"udp"* ]]; then
|
||||||
iptables -D INPUT -p udp --dport ${firewall_port} -j ACCEPT
|
iptables -D INPUT -p udp --dport "${firewall_port}" -j ACCEPT
|
||||||
fi
|
fi
|
||||||
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
|
if [[ "${firewall_protocol}" == *"tcp"* ]]; then
|
||||||
iptables -D INPUT -p tcp --dport ${firewall_port} -j ACCEPT
|
iptables -D INPUT -p tcp --dport "${firewall_port}" -j ACCEPT
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
sed -i "/=${firewall_port}/d" $FIREWALL_CONFIG
|
sed -i "/=${firewall_port}/d" "$FIREWALL_CONFIG"
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -509,7 +502,7 @@ function domain_to_hex_string {
|
||||||
characters=$(echo -n "$segment" | wc -c)
|
characters=$(echo -n "$segment" | wc -c)
|
||||||
hexnum=$(echo "obase=16; $characters" | bc)
|
hexnum=$(echo "obase=16; $characters" | bc)
|
||||||
echo -n "|"
|
echo -n "|"
|
||||||
if [ $(echo -n "$hexnum" | wc -c) -lt 2 ]; then
|
if [ "$(echo -n "$hexnum" | wc -c)" -lt 2 ]; then
|
||||||
echo -n "0"
|
echo -n "0"
|
||||||
fi
|
fi
|
||||||
echo -n "$hexnum|$segment"
|
echo -n "$hexnum|$segment"
|
||||||
|
@ -523,20 +516,19 @@ function firewall_block_domain {
|
||||||
blocked_domain="$1"
|
blocked_domain="$1"
|
||||||
if [[ "$blocked_domain" == *'@'* ]]; then
|
if [[ "$blocked_domain" == *'@'* ]]; then
|
||||||
# Don't try to block email/microblog addresses
|
# Don't try to block email/microblog addresses
|
||||||
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
|
echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if ! grep -q "$blocked_domain" $FIREWALL_DOMAINS; then
|
if ! grep -q "$blocked_domain" "$FIREWALL_DOMAINS"; then
|
||||||
hexstr=$(domain_to_hex_string $blocked_domain)
|
hexstr=$(domain_to_hex_string "$blocked_domain")
|
||||||
iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
if ! iptables -C INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP; then
|
||||||
if [ ! "$?" = "0" ]; then
|
|
||||||
iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -A INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -A INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -A OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -A OUTPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -I FORWARD -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -I FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
echo "${blocked_domain}" >> $FIREWALL_DOMAINS
|
echo "${blocked_domain}" >> "$FIREWALL_DOMAINS"
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -559,13 +551,12 @@ function firewall_block_ip {
|
||||||
# Don't try to block email/microblog addresses
|
# Don't try to block email/microblog addresses
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if ! grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
|
if ! grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
|
||||||
iptables -C INPUT -s $blocked_ip -j DROP
|
if ! iptables -C INPUT -s "$blocked_ip" -j DROP; then
|
||||||
if [ ! "$?" = "0" ]; then
|
iptables -A INPUT -s "$blocked_ip" -j DROP
|
||||||
iptables -A INPUT -s $blocked_ip -j DROP
|
iptables -A OUTPUT -s "$blocked_ip" -j DROP
|
||||||
iptables -A OUTPUT -s $blocked_ip -j DROP
|
|
||||||
|
|
||||||
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
|
echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
@ -577,31 +568,31 @@ function firewall_unblock_ip {
|
||||||
# Don't try to block email/microblog addresses
|
# Don't try to block email/microblog addresses
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
if grep -q "$blocked_ip" $FIREWALL_DOMAINS; then
|
if grep -q "$blocked_ip" "$FIREWALL_DOMAINS"; then
|
||||||
iptables -D INPUT -s $blocked_ip -j DROP
|
iptables -D INPUT -s "$blocked_ip" -j DROP
|
||||||
iptables -D OUTPUT -s $blocked_ip -j DROP
|
iptables -D OUTPUT -s "$blocked_ip" -j DROP
|
||||||
|
|
||||||
sed -i '/$blocked_ip/d' $FIREWALL_DOMAINS
|
sed -i "/$blocked_ip/d" "$FIREWALL_DOMAINS"
|
||||||
echo "${blocked_ip}" >> $FIREWALL_DOMAINS
|
echo "${blocked_ip}" >> "$FIREWALL_DOMAINS"
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function firewall_refresh_blocklist {
|
function firewall_refresh_blocklist {
|
||||||
if [ ! -f /root/${PROJECT_NAME}-firewall-domains.cfg ]; then
|
if [ ! -f "/root/${PROJECT_NAME}-firewall-domains.cfg" ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
|
|
||||||
while read blocked_domain; do
|
while read -r blocked_domain; do
|
||||||
firewall_block_domain $blocked_domain
|
firewall_block_domain "$blocked_domain"
|
||||||
done </root/${PROJECT_NAME}-firewall-domains.cfg
|
done <"/root/${PROJECT_NAME}-firewall-domains.cfg"
|
||||||
}
|
}
|
||||||
|
|
||||||
function firewall_unblock_domain {
|
function firewall_unblock_domain {
|
||||||
unblocked_domain="$1"
|
unblocked_domain="$1"
|
||||||
if grep -q "${unblocked_domain}" $FIREWALL_DOMAINS; then
|
if grep -q "${unblocked_domain}" "$FIREWALL_DOMAINS"; then
|
||||||
if [[ "${unblocked_domain}" != *'@'* ]]; then
|
if [[ "${unblocked_domain}" != *'@'* ]]; then
|
||||||
hexstr=$(domain_to_hex_string $unblocked_domain)
|
hexstr=$(domain_to_hex_string "$unblocked_domain")
|
||||||
iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -D INPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -D INPUT -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
iptables -D OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -D OUTPUT -p udp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
|
@ -610,7 +601,7 @@ function firewall_unblock_domain {
|
||||||
iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
iptables -D FORWARD -p tcp --dport 53 -m string --hex-string "$hexstr" --algo bm -j DROP
|
||||||
save_firewall_settings
|
save_firewall_settings
|
||||||
fi
|
fi
|
||||||
sed -i "/${unblocked_domain}/d" $FIREWALL_DOMAINS
|
sed -i "/${unblocked_domain}/d" "$FIREWALL_DOMAINS"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -37,22 +37,21 @@ function git_clone {
|
||||||
}
|
}
|
||||||
|
|
||||||
function git_pull {
|
function git_pull {
|
||||||
if [ ! $1 ]; then
|
if [ ! "$1" ]; then
|
||||||
echo $'git_pull no repo specified'
|
echo $'git_pull no repo specified'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
git merge --abort
|
git merge --abort
|
||||||
git stash
|
git stash
|
||||||
git remote set-url origin $1
|
git remote set-url origin "$1"
|
||||||
git checkout master
|
git checkout master
|
||||||
git pull
|
git pull
|
||||||
|
|
||||||
if [ $2 ]; then
|
if [ "$2" ]; then
|
||||||
# delete any existing branch
|
# delete any existing branch
|
||||||
git branch -D $2
|
git branch -D "$2"
|
||||||
# check out the new branch
|
# check out the new branch
|
||||||
git checkout $2 -b $2
|
if ! git checkout "$2" -b "$2"; then
|
||||||
if [ ! "$?" = "0" ]; then
|
|
||||||
echo $"Unable to checkout $1 $2"
|
echo $"Unable to checkout $1 $2"
|
||||||
exit 72357
|
exit 72357
|
||||||
fi
|
fi
|
||||||
|
@ -63,8 +62,8 @@ function commit_has_changed {
|
||||||
repo_dir=$1
|
repo_dir=$1
|
||||||
repo_commit_name=$2
|
repo_commit_name=$2
|
||||||
repo_commit=$3
|
repo_commit=$3
|
||||||
if [ -d $repo_dir ]; then
|
if [ -d "$repo_dir" ]; then
|
||||||
if grep -q "$repo_commit_name" $COMPLETION_FILE; then
|
if grep -q "$repo_commit_name" "$COMPLETION_FILE"; then
|
||||||
CURRENT_REPO_COMMIT=$(get_completion_param "$repo_commit_name")
|
CURRENT_REPO_COMMIT=$(get_completion_param "$repo_commit_name")
|
||||||
if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
|
if [[ "$CURRENT_REPO_COMMIT" != "$repo_commit" ]]; then
|
||||||
echo "1"
|
echo "1"
|
||||||
|
@ -86,13 +85,13 @@ function set_repo_commit {
|
||||||
repo_commit=$3
|
repo_commit=$3
|
||||||
repo_url=$4
|
repo_url=$4
|
||||||
|
|
||||||
if [[ $(commit_has_changed $repo_dir $repo_commit_name $repo_commit) == "1" ]]; then
|
if [[ $(commit_has_changed "$repo_dir" "$repo_commit_name" "$repo_commit") == "1" ]]; then
|
||||||
cd $repo_dir
|
cd "$repo_dir" || exit 3856835
|
||||||
git_pull $repo_url $repo_commit
|
git_pull "$repo_url" "$repo_commit"
|
||||||
|
|
||||||
# application specific stuff after updating the repo
|
# application specific stuff after updating the repo
|
||||||
if [[ $repo_dir == *"www"* ]]; then
|
if [[ $repo_dir == *"www"* ]]; then
|
||||||
chown -R www-data:www-data $repo_dir
|
chown -R www-data:www-data "$repo_dir"
|
||||||
fi
|
fi
|
||||||
if [[ $repo_dir == *"gpgit" ]]; then
|
if [[ $repo_dir == *"gpgit" ]]; then
|
||||||
if [ ! -f /usr/bin/gpgit.pl ]; then
|
if [ ! -f /usr/bin/gpgit.pl ]; then
|
||||||
|
@ -107,12 +106,12 @@ function set_repo_commit {
|
||||||
fi
|
fi
|
||||||
if [[ $repo_dir == *"cleanup-maildir" ]]; then
|
if [[ $repo_dir == *"cleanup-maildir" ]]; then
|
||||||
if [ ! -f /usr/bin/cleanup-maildir ]; then
|
if [ ! -f /usr/bin/cleanup-maildir ]; then
|
||||||
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
|
cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
|
||||||
else
|
else
|
||||||
HASH1=$(sha256sum $INSTALL_DIR/cleanup-maildir/cleanup-maildir | awk -F ' ' '{print $1}')
|
HASH1=$(sha256sum "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" | awk -F ' ' '{print $1}')
|
||||||
HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
|
HASH2=$(sha256sum /usr/bin/cleanup-maildir | awk -F ' ' '{print $1}')
|
||||||
if [[ "$HASH1" != "$HASH2" ]]; then
|
if [[ "$HASH1" != "$HASH2" ]]; then
|
||||||
cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
|
cp "$INSTALL_DIR/cleanup-maildir/cleanup-maildir" /usr/bin
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue