| @@ -1,49 +1,49 | |||
|
|
1 | 1 | # |
|
|
2 | 2 | # Setup Firewall |
|
|
3 | 3 | # |
|
|
4 | 4 | |
|
|
5 | 5 | # Load utility functions |
|
|
6 | 6 | . ./functions.sh |
|
|
7 | 7 | |
|
|
8 | 8 | if [ "$ENABLE_IPTABLES" = true ] ; then |
|
|
9 | 9 | # Create iptables configuration directory |
|
|
10 | 10 | mkdir -p "${ETC_DIR}/iptables" |
|
|
11 | 11 | |
|
|
12 | 12 | # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives |
|
|
13 | chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy | |
|
|
14 | chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save | |
|
|
15 | chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore | |
|
|
13 | chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy | |
|
|
14 | chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save | |
|
|
15 | chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore | |
|
|
16 | 16 | |
|
|
17 | 17 | # Install iptables systemd service |
|
|
18 | 18 | install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service" |
|
|
19 | 19 | |
|
|
20 | 20 | # Install flush-table script called by iptables service |
|
|
21 | 21 | install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh" |
|
|
22 | 22 | |
|
|
23 | 23 | # Install iptables rule file |
|
|
24 | 24 | install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules" |
|
|
25 | 25 | |
|
|
26 | 26 | # Reload systemd configuration and enable iptables service |
|
|
27 | 27 | chroot_exec systemctl daemon-reload |
|
|
28 | 28 | chroot_exec systemctl enable iptables.service |
|
|
29 | 29 | |
|
|
30 | 30 | if [ "$ENABLE_IPV6" = true ] ; then |
|
|
31 | 31 | # Install ip6tables systemd service |
|
|
32 | 32 | install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service" |
|
|
33 | 33 | |
|
|
34 | 34 | # Install ip6tables file |
|
|
35 | 35 | install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh" |
|
|
36 | 36 | |
|
|
37 | 37 | install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules" |
|
|
38 | 38 | |
|
|
39 | 39 | # Reload systemd configuration and enable iptables service |
|
|
40 | 40 | chroot_exec systemctl daemon-reload |
|
|
41 | 41 | chroot_exec systemctl enable ip6tables.service |
|
|
42 | 42 | fi |
|
|
43 | 43 | |
|
|
44 | 44 | if [ "$ENABLE_SSHD" = false ] ; then |
|
|
45 | 45 | # Remove SSHD related iptables rules |
|
|
46 | 46 | sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null |
|
|
47 | 47 | sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null |
|
|
48 | 48 | fi |
|
|
49 | 49 | fi |
General Comments 0
Vous devez vous connecter pour laisser un commentaire.
Se connecter maintenant
