Raspi2-3_GenImage Commit - r484:31ba8b1e2e39 · Collaboration Tremplin des Sciences

Unknown -

r484:31ba8b1e2e39

parent child

Context file:

r484:31ba8b1e2e39

bootstrap.d/21-firewall.sh +3 0

              #
              # Setup Firewall
              #
              # Load utility functions
              . ./functions.sh
              if [ "$ENABLE_IPTABLES" = true ] ; then
                # Create iptables configuration directory
                mkdir -p "${ETC_DIR}/iptables"
                # make sure iptables-legacy is the used alternatives
                #iptables-save and -restore are slaves of iptables and thus are set accordingly
                chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
                # Install iptables systemd service
                install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
                # Install flush-table script called by iptables service
                install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
                # Install iptables rule file
                install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
                # Reload systemd configuration and enable iptables service
                chroot_exec systemctl daemon-reload
                chroot_exec systemctl enable iptables.service
                if [ "$ENABLE_IPV6" = true ] ; then
+                 # make sure ip6tables-legacy is the used alternatives
+                 chroot_exec update-alternatives --verbose --set ip6tables /usr/sbin/ip6tables-legacy
                  # Install ip6tables systemd service
                  install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                  # Install ip6tables file
                  install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                  install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                  # Reload systemd configuration and enable iptables service
                  chroot_exec systemctl daemon-reload
                  chroot_exec systemctl enable ip6tables.service
                fi
                if [ "$ENABLE_SSHD" = false ] ; then
                 # Remove SSHD related iptables rules
                 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
                 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
                fi
              fi

General Comments 0

Écrire
Preview

Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages