Raspi2-3_GenImage Commit - r319:de6ff405b16b · Collaboration Tremplin des Sciences

1

#!/bin/bash

1

#!/bin/bash

2

#

2

#

3

# Setup Firewall

3

# Setup Firewall

4

#

4

#

5

6

# Load utility functions

6

# Load utility functions

7

. ./functions.sh

7

. ./functions.sh

8

9

if [ "$ENABLE_IPTABLES" = true ] ; then

9

if [ "$ENABLE_IPTABLES" = true ] ; then

10

# Create iptables configuration directory

10

# Create iptables configuration directory

11

mkdir -p "${ETC_DIR}/iptables"

11

mkdir -p "${ETC_DIR}/iptables"

12

13

if ! [ "$RELEASE" = jessie ] ; then

13

if ! [ "$RELEASE" = jessie ] ; then

14

#setting slaves

15

#chroot_exec update-alternatives --verbose --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 1 \

16

--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-legacy-save \

17

--slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-legacy-restore

18

# make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives

19

chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy

14

chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy

20

fi

15

fi

21

16

22

# Install iptables systemd service

17

# Install iptables systemd service

23

install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"

18

install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"

24

19

25

# Install flush-table script called by iptables service

20

# Install flush-table script called by iptables service

26

install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"

21

install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"

27

22

28

# Install iptables rule file

23

# Install iptables rule file

29

install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"

24

install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"

30

25

31

# Reload systemd configuration and enable iptables service

26

# Reload systemd configuration and enable iptables service

32

chroot_exec systemctl daemon-reload

27

chroot_exec systemctl daemon-reload

33

chroot_exec systemctl enable iptables.service

28

chroot_exec systemctl enable iptables.service

34

29

35

if [ "$ENABLE_IPV6" = true ] ; then

30

if [ "$ENABLE_IPV6" = true ] ; then

36

# Install ip6tables systemd service

31

# Install ip6tables systemd service

37

install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"

32

install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"

38

33

39

# Install ip6tables file

34

# Install ip6tables file

40

install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"

35

install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"

41

36

42

install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"

37

install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"

43

38

44

# Reload systemd configuration and enable iptables service

39

# Reload systemd configuration and enable iptables service

45

chroot_exec systemctl daemon-reload

40

chroot_exec systemctl daemon-reload

46

chroot_exec systemctl enable ip6tables.service

41

chroot_exec systemctl enable ip6tables.service

47

fi

42

fi

48

43

49

if [ "$ENABLE_SSHD" = false ] ; then

44

if [ "$ENABLE_SSHD" = false ] ; then

50

# Remove SSHD related iptables rules

45

# Remove SSHD related iptables rules

51

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null

46

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null

52

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null

47

sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null

53

fi

48

fi

54

fi

49

fi

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Dépôts
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages

             #!/bin/bash
             #
             # Setup Firewall
             #
             # Load utility functions
             . ./functions.sh
             if [ "$ENABLE_IPTABLES" = true ] ; then
               # Create iptables configuration directory
               mkdir -p "${ETC_DIR}/iptables"
               if ! [ "$RELEASE" = jessie ] ; then
-              	#setting slaves
-            	#chroot_exec update-alternatives --verbose --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 1 \
-            	--slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-legacy-save \
-                --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-legacy-restore
-                # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
             	chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
               fi
               # Install iptables systemd service
               install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
               # Install flush-table script called by iptables service
               install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
               # Install iptables rule file
               install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
               # Reload systemd configuration and enable iptables service
               chroot_exec systemctl daemon-reload
               chroot_exec systemctl enable iptables.service
               if [ "$ENABLE_IPV6" = true ] ; then
                 # Install ip6tables systemd service
                 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
                 # Install ip6tables file
                 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
                 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
                 # Reload systemd configuration and enable iptables service
                 chroot_exec systemctl daemon-reload
                 chroot_exec systemctl enable ip6tables.service
               fi
               if [ "$ENABLE_SSHD" = false ] ; then
                # Remove SSHD related iptables rules
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
                sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
               fi
             fi