Raspi2-3_GenImage Files · bootstrap.d/21-firewall.sh · Collaboration Tremplin des Sciences

No need to check if the service exists...

No need to check if the service exists If this snippet is included, the service exists

drtyhlpr - - Load All Authors

Fichier de la dernière révision:

r530:104de92b07e5


                r579:90a66357153e

Download file

             21-firewall.sh
        
                    54 lines
            
             | 1.9 KiB
            
                | application/x-sh
            
             |
                BashLexer
            
             / bootstrap.d / 21-firewall.sh
          
                    Historique
                
                 |
                  Source
                 | Brut
                 |Copy content
                 |Copy permalink

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      #

        Jan Wagner
    
spliting more files, fix-uboot, fix-fbturbo, fix-locale

              r67
            
      # Setup Firewall

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      #

        Jan Wagner
    
spliting more files, fix-uboot, fix-fbturbo, fix-locale

              r67
            
      # Load utility functions

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      . ./functions.sh

      if [ "$ENABLE_IPTABLES" = true ] ; then

        # Create iptables configuration directory

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        mkdir -p "${ETC_DIR}/iptables"

        Unknown
    
iptables fix...

              r279
            
        Unknown
    
kernel features + nexmon monitor mode wlan patch(kali-kernel) with RPI3,RPI3B+ firmware patch...

              r502
            
        if [ "$KERNEL_NF" = false ] ; then

          #iptables-save and -restore are slaves of iptables and thus are set accordingly

          chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy    

        fi

        Unknown
    
iptables fix...

              r279
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
        # Install iptables systemd service

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
        # Install flush-table script called by iptables service

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
        # Install iptables rule file

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
        install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        # Reload systemd configuration and enable iptables service

        chroot_exec systemctl daemon-reload

        chroot_exec systemctl enable iptables.service

        if [ "$ENABLE_IPV6" = true ] ; then

        Unknown
    
kernel features + nexmon monitor mode wlan patch(kali-kernel) with RPI3,RPI3B+ firmware patch...

              r502
            
          if [ "$KERNEL_NF" = false ] ; then

        drtyhlpr
    
Merge branch 'testing' into dropbear

              r530
            
            #iptables-save and -restore are slaves of iptables and thus are set accordingly

            chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy 

      	  fi

        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
          # Install ip6tables systemd service

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
          install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        Jan Wagner
    
comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig

              r71
            
          # Install ip6tables file

        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
          install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
        drtyhlpr
    
Added Raspberry Pi 3 model support

              r94
            
          install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
          # Reload systemd configuration and enable iptables service

          chroot_exec systemctl daemon-reload

          chroot_exec systemctl enable ip6tables.service

        fi

        drtyhlpr
    
fast fix for issues/128...

              r240
            
        if [ "$ENABLE_SSHD" = false ] ; then

         # Remove SSHD related iptables rules

         sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null

         sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null

        fi

        Filip Pytloun
    
Refactor: split bootstrap actions and allow custom

              r56
            
      fi

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	#
Jan Wagner spliting more files, fix-uboot, fix-fbturbo, fix-locale	r67	# Setup Firewall
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	#

Jan Wagner spliting more files, fix-uboot, fix-fbturbo, fix-locale	r67	# Load utility functions
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	. ./functions.sh

		if [ "$ENABLE_IPTABLES" = true ] ; then
		# Create iptables configuration directory
drtyhlpr Added Raspberry Pi 3 model support	r94	mkdir -p "${ETC_DIR}/iptables"
Unknown iptables fix...	r279
Unknown kernel features + nexmon monitor mode wlan patch(kali-kernel) with RPI3,RPI3B+ firmware patch...	r502	if [ "$KERNEL_NF" = false ] ; then
		#iptables-save and -restore are slaves of iptables and thus are set accordingly
		chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
		fi
Unknown iptables fix...	r279
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install iptables systemd service
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install flush-table script called by iptables service
drtyhlpr Added Raspberry Pi 3 model support	r94	install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install iptables rule file
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
		# Reload systemd configuration and enable iptables service
		chroot_exec systemctl daemon-reload
		chroot_exec systemctl enable iptables.service

		if [ "$ENABLE_IPV6" = true ] ; then
Unknown kernel features + nexmon monitor mode wlan patch(kali-kernel) with RPI3,RPI3B+ firmware patch...	r502	if [ "$KERNEL_NF" = false ] ; then
drtyhlpr Merge branch 'testing' into dropbear	r530	#iptables-save and -restore are slaves of iptables and thus are set accordingly
		chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
		fi

Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install ip6tables systemd service
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
Jan Wagner comment-cleanup, net-cleanup, size-calc-fix, split-more, menuconfig	r71	# Install ip6tables file
drtyhlpr Added Raspberry Pi 3 model support	r94	install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
drtyhlpr Added Raspberry Pi 3 model support	r94	install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56
		# Reload systemd configuration and enable iptables service
		chroot_exec systemctl daemon-reload
		chroot_exec systemctl enable ip6tables.service
		fi
drtyhlpr fast fix for issues/128...	r240
		if [ "$ENABLE_SSHD" = false ] ; then
		# Remove SSHD related iptables rules
		sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
		sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
		fi
Filip Pytloun Refactor: split bootstrap actions and allow custom	r56	fi