##// END OF EJS Templates
iptables fix...
Unknown -
r279:9cc8fe77b453
parent child
Show More
@@ -1,44 +1,49
1 1 #
2 2 # Setup Firewall
3 3 #
4 4
5 5 # Load utility functions
6 6 . ./functions.sh
7 7
8 8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 9 # Create iptables configuration directory
10 10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore
16
12 17 # Install iptables systemd service
13 18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
14 19
15 20 # Install flush-table script called by iptables service
16 21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
17 22
18 23 # Install iptables rule file
19 24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
20 25
21 26 # Reload systemd configuration and enable iptables service
22 27 chroot_exec systemctl daemon-reload
23 28 chroot_exec systemctl enable iptables.service
24 29
25 30 if [ "$ENABLE_IPV6" = true ] ; then
26 31 # Install ip6tables systemd service
27 32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
28 33
29 34 # Install ip6tables file
30 35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
31 36
32 37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
33 38
34 39 # Reload systemd configuration and enable iptables service
35 40 chroot_exec systemctl daemon-reload
36 41 chroot_exec systemctl enable ip6tables.service
37 42 fi
38 43
39 44 if [ "$ENABLE_SSHD" = false ] ; then
40 45 # Remove SSHD related iptables rules
41 46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
42 47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
43 48 fi
44 49 fi
@@ -1,15 +1,15
1 1 [Unit]
2 2 Description=Packet Filtering Framework
3 3 DefaultDependencies=no
4 4 After=systemd-sysctl.service
5 5 Before=sysinit.target
6 6
7 7 [Service]
8 8 Type=oneshot
9 ExecStart=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
9 ExecStart=/sbin/ip6tables-restore -w 5 /etc/iptables/ip6tables.rules
10 10 ExecReload=/sbin/ip6tables-restore /etc/iptables/ip6tables.rules
11 11 ExecStop=/etc/iptables/flush-ip6tables.sh
12 12 RemainAfterExit=yes
13 13
14 14 [Install]
15 15 WantedBy=multi-user.target
@@ -1,15 +1,15
1 1 [Unit]
2 2 Description=Packet Filtering Framework
3 3 DefaultDependencies=no
4 4 After=systemd-sysctl.service
5 5 Before=sysinit.target
6 6
7 7 [Service]
8 8 Type=oneshot
9 ExecStart=/sbin/iptables-restore /etc/iptables/iptables.rules
9 ExecStart=/sbin/iptables-restore -w 5 /etc/iptables/iptables.rules
10 10 ExecReload=/sbin/iptables-restore /etc/iptables/iptables.rules
11 11 ExecStop=/etc/iptables/flush-iptables.sh
12 12 RemainAfterExit=yes
13 13
14 14 [Install]
15 15 WantedBy=multi-user.target
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant