Raspi2-3_GenImage Commit - r240:457d82a7a91d · Collaboration Tremplin des Sciences

1

#

1

#

2

# Setup Firewall

2

# Setup Firewall

3

#

3

#

4

5

# Load utility functions

5

# Load utility functions

6

. ./functions.sh

6

. ./functions.sh

7

8

if [ "$ENABLE_IPTABLES" = true ] ; then

8

if [ "$ENABLE_IPTABLES" = true ] ; then

9

# Create iptables configuration directory

9

# Create iptables configuration directory

10

mkdir -p "${ETC_DIR}/iptables"

10

mkdir -p "${ETC_DIR}/iptables"

11

12

# Install iptables systemd service

12

# Install iptables systemd service

13

install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"

13

install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"

14

15

# Install flush-table script called by iptables service

15

# Install flush-table script called by iptables service

16

install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"

16

install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"

17

18

# Install iptables rule file

18

# Install iptables rule file

19

install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"

19

install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"

20

21

# Reload systemd configuration and enable iptables service

21

# Reload systemd configuration and enable iptables service

22

chroot_exec systemctl daemon-reload

22

chroot_exec systemctl daemon-reload

23

chroot_exec systemctl enable iptables.service

23

chroot_exec systemctl enable iptables.service

24

25

if [ "$ENABLE_IPV6" = true ] ; then

25

if [ "$ENABLE_IPV6" = true ] ; then

26

# Install ip6tables systemd service

26

# Install ip6tables systemd service

27

install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"

27

install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"

28

29

# Install ip6tables file

29

# Install ip6tables file

30

install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"

30

install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"

31

32

install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"

32

install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"

33

34

# Reload systemd configuration and enable iptables service

34

# Reload systemd configuration and enable iptables service

35

chroot_exec systemctl daemon-reload

35

chroot_exec systemctl daemon-reload

36

chroot_exec systemctl enable ip6tables.service

36

chroot_exec systemctl enable ip6tables.service

37

fi

37

fi

38

fi

38

39

if [ "$ENABLE_SSHD" = false ] ; then

40

if [ "$ENABLE_SSHD" = false ] ; then

40

# Remove SSHD related iptables rules

41

# Remove SSHD related iptables rules

41

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null

42

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null

42

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null

43

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null

43

fi

44

fi

44

fi

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             #
             # Setup Firewall
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "${ETC_DIR}/iptables"
               # Install iptables systemd service
               install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
               install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
               install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Install ip6tables systemd service
                 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
                 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
-            fi
+              if [ "$ENABLE_SSHD" = false ] ; then
-            if [ "$ENABLE_SSHD" = false ] ; then
+               # Remove SSHD related iptables rules
-             # Remove SSHD related iptables rules
+               sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
-             sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
+               sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
-             sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
+              fi
             fi