Raspi2-3_GenImage Files · bootstrap.d/21-firewall.sh · Collaboration Tremplin des Sciences

Use 4.14.y as default kernel version...

Use 4.14.y as default kernel version 4.14.y is used as default kernel version of many distros. Additionnaly the 4.14.y branch is the current default branch of the RPi kernel repo.

Unknown - - Load All Authors

Fichier de la dernière révision:

r384:ebd8e6e39c8b


                r394:5d19d305a4db

Download file

             21-firewall.sh
        
                    48 lines
            
             | 1.7 KiB
            
                | application/x-sh
            
             |
                BashLexer
            
             / bootstrap.d / 21-firewall.sh
          
                    Historique
                
                 |
                  Source
                 | Brut
                 |Copy content
                 |Copy permalink

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      #

        Jan Wagner
    
spliting more files, fix-uboot, fix-fbturbo, fix-locale

              r67
            
      # Setup Firewall

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      #

        Jan Wagner
    
spliting more files, fix-uboot, fix-fbturbo, fix-locale

              r67
            
      # Load utility functions

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      . ./functions.sh

      if [ "$ENABLE_IPTABLES" = true ] ; then

        # Create iptables configuration directory

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        mkdir -p "${ETC_DIR}/iptables"

        Unknown
    
iptables fix...

              r279
            
        Unknown
    
fixes...

              r338
            
        # make sure iptables-legacy is the used alternatives 

        #iptables-save and -restore are slaves of iptables and thus are set accordingly

        Unknown
    
its bin/sh again...

              r384
            
        chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy

        Unknown
    
iptables fix...

              r279
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
        # Install iptables systemd service

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
        # Install flush-table script called by iptables service

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
        # Install iptables rule file

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        # Reload systemd configuration and enable iptables service

        chroot_exec systemctl daemon-reload

        chroot_exec systemctl enable iptables.service

        if [ "$ENABLE_IPV6" = true ] ; then

        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
          # Install ip6tables systemd service

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
          install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
          # Install ip6tables file

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
          install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
          install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
          # Reload systemd configuration and enable iptables service

          chroot_exec systemctl daemon-reload

          chroot_exec systemctl enable ip6tables.service

        fi

        drtyhlpr
    
fast fix for issues/128...

              r240
            
        if [ "$ENABLE_SSHD" = false ] ; then

         # Remove SSHD related iptables rules

         sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null

         sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null

        fi

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      fi

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	#
Jan Wagner spliting more files, fix-uboot, fix-fbturbo, fix-locale	r67	# Setup Firewall
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	#

Jan Wagner spliting more files, fix-uboot, fix-fbturbo, fix-locale	r67	# Load utility functions
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	. ./functions.sh

		if [ "$ENABLE_IPTABLES" = true ] ; then
		# Create iptables configuration directory
drtyhlpr Added Raspberry Pi 3 model support	r94	mkdir -p "${ETC_DIR}/iptables"
Unknown iptables fix...	r279
Unknown fixes...	r338	# make sure iptables-legacy is the used alternatives
		#iptables-save and -restore are slaves of iptables and thus are set accordingly
Unknown its bin/sh again...	r384	chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
Unknown iptables fix...	r279
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install iptables systemd service
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install flush-table script called by iptables service
drtyhlpr Added Raspberry Pi 3 model support	r94	install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install iptables rule file
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
		# Reload systemd configuration and enable iptables service
		chroot_exec systemctl daemon-reload
		chroot_exec systemctl enable iptables.service

		if [ "$ENABLE_IPV6" = true ] ; then
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install ip6tables systemd service
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install ip6tables file
drtyhlpr Added Raspberry Pi 3 model support	r94	install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
		# Reload systemd configuration and enable iptables service
		chroot_exec systemctl daemon-reload
		chroot_exec systemctl enable ip6tables.service
		fi
drtyhlpr fast fix for issues/128...	r240
		if [ "$ENABLE_SSHD" = false ] ; then
		# Remove SSHD related iptables rules
		sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
		sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
		fi
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	fi