##// END OF EJS Templates
iptables fix...
Unknown -
r279:9cc8fe77b453
parent child
Show More
@@ -1,44 +1,49
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore
16
12 # Install iptables systemd service
17 # Install iptables systemd service
13 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
14
19
15 # Install flush-table script called by iptables service
20 # Install flush-table script called by iptables service
16 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
17
22
18 # Install iptables rule file
23 # Install iptables rule file
19 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
20
25
21 # Reload systemd configuration and enable iptables service
26 # Reload systemd configuration and enable iptables service
22 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl daemon-reload
23 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
24
29
25 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
26 # Install ip6tables systemd service
31 # Install ip6tables systemd service
27 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
28
33
29 # Install ip6tables file
34 # Install ip6tables file
30 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
31
36
32 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
33
38
34 # Reload systemd configuration and enable iptables service
39 # Reload systemd configuration and enable iptables service
35 chroot_exec systemctl daemon-reload
40 chroot_exec systemctl daemon-reload
36 chroot_exec systemctl enable ip6tables.service
41 chroot_exec systemctl enable ip6tables.service
37 fi
42 fi
38
43
39 if [ "$ENABLE_SSHD" = false ] ; then
44 if [ "$ENABLE_SSHD" = false ] ; then
40 # Remove SSHD related iptables rules
45 # Remove SSHD related iptables rules
41 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
42 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
43 fi
48 fi
44 fi
49 fi
@@ -1,15 +1,15
1 [Unit]
1 [Unit]
2 Description=Packet Filtering Framework
2 Description=Packet Filtering Framework
3 DefaultDependencies=no
3 DefaultDependencies=no
4 After=systemd-sysctl.service
4 After=systemd-sysctl.service
5 Before=sysinit.target
5 Before=sysinit.target
6
6
7 [Service]
7 [Service]
8 Type=oneshot
8 Type=oneshot
9 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
9 ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
11 ExecStop=/etc/iptables/flush-ip6tables.sh
11 ExecStop=/etc/iptables/flush-ip6tables.sh
12 RemainAfterExit=yes
12 RemainAfterExit=yes
13
13
14 [Install]
14 [Install]
15 WantedBy=multi-user.target
15 WantedBy=multi-user.target
@@ -1,15 +1,15
1 [Unit]
1 [Unit]
2 Description=Packet Filtering Framework
2 Description=Packet Filtering Framework
3 DefaultDependencies=no
3 DefaultDependencies=no
4 After=systemd-sysctl.service
4 After=systemd-sysctl.service
5 Before=sysinit.target
5 Before=sysinit.target
6
6
7 [Service]
7 [Service]
8 Type=oneshot
8 Type=oneshot
9 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
9 ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
11 ExecStop=/etc/iptables/flush-iptables.sh
11 ExecStop=/etc/iptables/flush-iptables.sh
12 RemainAfterExit=yes
12 RemainAfterExit=yes
13
13
14 [Install]
14 [Install]
15 WantedBy=multi-user.target
15 WantedBy=multi-user.target
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant