##// END OF EJS Templates
sbin/iptables not bin/iptables
Unknown -
r306:acb540203ce3
parent child
Show More
@@ -1,49 +1,49
1 #
1 #
2 # Setup Firewall
2 # Setup Firewall
3 #
3 #
4
4
5 # Load utility functions
5 # Load utility functions
6 . ./functions.sh
6 . ./functions.sh
7
7
8 if [ "$ENABLE_IPTABLES" = true ] ; then
8 if [ "$ENABLE_IPTABLES" = true ] ; then
9 # Create iptables configuration directory
9 # Create iptables configuration directory
10 mkdir -p "${ETC_DIR}/iptables"
10 mkdir -p "${ETC_DIR}/iptables"
11
11
12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
12 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
13 chroot_exec update-alternatives --verbose --set iptables /usr/bin/iptables-legacy
13 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/bin/iptables-legacy-save
14 chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/bin/iptables-legacy-restore
15 chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
16
16
17 # Install iptables systemd service
17 # Install iptables systemd service
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
18 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
19
19
20 # Install flush-table script called by iptables service
20 # Install flush-table script called by iptables service
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
21 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
22
22
23 # Install iptables rule file
23 # Install iptables rule file
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
24 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
25
25
26 # Reload systemd configuration and enable iptables service
26 # Reload systemd configuration and enable iptables service
27 chroot_exec systemctl daemon-reload
27 chroot_exec systemctl daemon-reload
28 chroot_exec systemctl enable iptables.service
28 chroot_exec systemctl enable iptables.service
29
29
30 if [ "$ENABLE_IPV6" = true ] ; then
30 if [ "$ENABLE_IPV6" = true ] ; then
31 # Install ip6tables systemd service
31 # Install ip6tables systemd service
32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
32 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
33
33
34 # Install ip6tables file
34 # Install ip6tables file
35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
35 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
36
36
37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
37 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
38
38
39 # Reload systemd configuration and enable iptables service
39 # Reload systemd configuration and enable iptables service
40 chroot_exec systemctl daemon-reload
40 chroot_exec systemctl daemon-reload
41 chroot_exec systemctl enable ip6tables.service
41 chroot_exec systemctl enable ip6tables.service
42 fi
42 fi
43
43
44 if [ "$ENABLE_SSHD" = false ] ; then
44 if [ "$ENABLE_SSHD" = false ] ; then
45 # Remove SSHD related iptables rules
45 # Remove SSHD related iptables rules
46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
46 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
47 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
48 fi
48 fi
49 fi
49 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant