firewall: Add INPUT rules if sshd is available
This commit is contained in:
parent
e1b4d59b4f
commit
147538cfa5
14
firewall
14
firewall
|
@ -118,10 +118,10 @@ fw_start() {
|
||||||
# Accept icmp ping from LAN
|
# Accept icmp ping from LAN
|
||||||
#$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s ${LAN} -d "${IPLAN}" -m comment --comment "ICMP req LAN"
|
#$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s ${LAN} -d "${IPLAN}" -m comment --comment "ICMP req LAN"
|
||||||
|
|
||||||
|
if [ $(command -v sshd) ]; then
|
||||||
|
|
||||||
#### SSHD
|
#### SSHD
|
||||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
|
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
|
||||||
|
fi
|
||||||
|
|
||||||
## BackupPC
|
## BackupPC
|
||||||
$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
|
$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
|
||||||
|
@ -131,17 +131,17 @@ fw_start() {
|
||||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
|
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
|
||||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
|
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
|
||||||
|
|
||||||
if [ $(command -v slapd) ]; then
|
if [ $(command -v slapd) ]; then
|
||||||
#### slapd
|
#### slapd
|
||||||
#### if 389 is use, ldap connections should be in TLS
|
#### if 389 is use, ldap connections should be in TLS
|
||||||
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
|
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
|
||||||
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
|
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $(command -v dhcpd) ]; then
|
if [ $(command -v dhcpd) ]; then
|
||||||
#### dhcpd
|
#### dhcpd
|
||||||
$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
|
$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#### PuppetMaster
|
#### PuppetMaster
|
||||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"
|
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"
|
||||||
|
|
Loading…
Reference in New Issue