firewall: Add INPUT rules if sshd is available

This commit is contained in:
Jeremy Gardais 2015-09-16 17:59:42 +02:00
parent e1b4d59b4f
commit 147538cfa5
1 changed files with 14 additions and 14 deletions

View File

@ -118,10 +118,10 @@ fw_start() {
# Accept icmp ping from LAN # Accept icmp ping from LAN
#$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s ${LAN} -d "${IPLAN}" -m comment --comment "ICMP req LAN" #$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s ${LAN} -d "${IPLAN}" -m comment --comment "ICMP req LAN"
if [ $(command -v sshd) ]; then
#### SSHD
#### SSHD $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in"
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH in" fi
## BackupPC ## BackupPC
$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req" $IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
@ -131,17 +131,17 @@ fw_start() {
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in" #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in" #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
if [ $(command -v slapd) ]; then if [ $(command -v slapd) ]; then
#### slapd #### slapd
#### if 389 is use, ldap connections should be in TLS #### if 389 is use, ldap connections should be in TLS
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in" $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 389 -m state --state NEW -m comment --comment "New LDAP in"
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in" $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
fi fi
if [ $(command -v dhcpd) ]; then if [ $(command -v dhcpd) ]; then
#### dhcpd #### dhcpd
$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in" $IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
fi fi
#### PuppetMaster #### PuppetMaster
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in" #$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"