firewall: Add INPUT rules if sshd is available

2015-09-16 17:59:42 +02:00 · 2015-09-16 17:59:42 +02:00 · 147538cfa5
parent e1b4d59b4f
commit 147538cfa5
1 changed files with 14 additions and 14 deletions
--- a/28
+++ b/28
@ -118,10 +118,10 @@ fw_start() {
  # Accept icmp ping from LAN
  #$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s ${LAN} -d "${IPLAN}" -m comment --comment "ICMP req LAN"

-
-
-  #### SSHD
-  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
+  if [ $(command -v sshd) ]; then
+    #### SSHD
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
+  fi

  ## BackupPC
  $IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
@ -131,17 +131,17 @@ fw_start() {
  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"

-if [ $(command -v slapd) ]; then
-  #### slapd
-  #### if 389 is use, ldap connections should be in TLS
-  $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
-  $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
-fi
+  if [ $(command -v slapd) ]; then
+    #### slapd
+    #### if 389 is use, ldap connections should be in TLS
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
+    $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
+  fi

-if [ $(command -v dhcpd) ]; then
-  #### dhcpd
-  $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
-fi
+  if [ $(command -v dhcpd) ]; then
+    #### dhcpd
+    $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
+  fi

  #### PuppetMaster
  #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"