##// END OF EJS Templates
bugfix
Unknown -
r317:f11addcfb06c
parent child
Show More
@@ -1,52 +1,54
1 1 #!/bin/bash
2 2 #
3 3 # Setup Firewall
4 4 #
5 5
6 6 # Load utility functions
7 7 . ./functions.sh
8 8
9 9 if [ "$ENABLE_IPTABLES" = true ] ; then
10 10 # Create iptables configuration directory
11 11 mkdir -p "${ETC_DIR}/iptables"
12
13 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
14 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
15 #chroot_exec update-alternatives --verbose --set iptables-save /usr/sbin/iptables-legacy-save
16 #chroot_exec update-alternatives --verbose --set iptables-restore /usr/sbin/iptables-legacy-restore
17 chroot_exec update-alternatives --verbose --install /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-legacy-save 1
18 chroot_exec update-alternatives --verbose --install /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-legacy-restore 1
19
12
13 if ! [ "$RELEASE" = jessie ] ; then
14 #setting slaves
15 #chroot_exec update-alternatives --verbose --install /usr/sbin/iptables iptables /usr/sbin/iptables-legacy 1 \
16 --slave /usr/sbin/iptables-save iptables-save /usr/sbin/iptables-legacy-save \
17 --slave /usr/sbin/iptables-restore iptables-restore /usr/sbin/iptables-legacy-restore
18 # make sure iptables-legacy,iptables-legacy-restore and iptables-legacy-save are the used alternatives
19 chroot_exec update-alternatives --verbose --set iptables /usr/sbin/iptables-legacy
20 fi
21
20 22 # Install iptables systemd service
21 23 install_readonly files/iptables/iptables.service "${ETC_DIR}/systemd/system/iptables.service"
22 24
23 25 # Install flush-table script called by iptables service
24 26 install_exec files/iptables/flush-iptables.sh "${ETC_DIR}/iptables/flush-iptables.sh"
25 27
26 28 # Install iptables rule file
27 29 install_readonly files/iptables/iptables.rules "${ETC_DIR}/iptables/iptables.rules"
28 30
29 31 # Reload systemd configuration and enable iptables service
30 32 chroot_exec systemctl daemon-reload
31 33 chroot_exec systemctl enable iptables.service
32 34
33 35 if [ "$ENABLE_IPV6" = true ] ; then
34 36 # Install ip6tables systemd service
35 37 install_readonly files/iptables/ip6tables.service "${ETC_DIR}/systemd/system/ip6tables.service"
36 38
37 39 # Install ip6tables file
38 40 install_exec files/iptables/flush-ip6tables.sh "${ETC_DIR}/iptables/flush-ip6tables.sh"
39 41
40 42 install_readonly files/iptables/ip6tables.rules "${ETC_DIR}/iptables/ip6tables.rules"
41 43
42 44 # Reload systemd configuration and enable iptables service
43 45 chroot_exec systemctl daemon-reload
44 46 chroot_exec systemctl enable ip6tables.service
45 47 fi
46 48
47 49 if [ "$ENABLE_SSHD" = false ] ; then
48 50 # Remove SSHD related iptables rules
49 51 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/iptables.rules" 2> /dev/null
50 52 sed -i "/^#/! {/SSH/ s/^/# /}" "${ETC_DIR}/iptables/ip6tables.rules" 2> /dev/null
51 53 fi
52 54 fi
General Comments 0
Vous devez vous connecter pour laisser un commentaire. Se connecter maintenant