Firewall: add rules if a dhcpd is available.
This commit is contained in:
parent
f425671216
commit
9d6fb75b7f
12
firewall
12
firewall
|
@ -138,8 +138,10 @@ if [ $(command -v slapd) ]; then
|
|||
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "New LDAPS in"
|
||||
fi
|
||||
|
||||
if [ $(command -v dhcpd) ]; then
|
||||
#### dhcpd
|
||||
#$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
|
||||
$IPT -A INPUT -j ACCEPT -p udp -i "${ILAN}" -d "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "New DHCPD in"
|
||||
fi
|
||||
|
||||
#### PuppetMaster
|
||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s "${LAN}" -d "${IPLAN}" --dport 8140 -m state --state NEW -m comment --comment "New Puppet in"
|
||||
|
@ -213,9 +215,6 @@ fi
|
|||
# #### Apache2 - Web server
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 80 -m state --state NEW -m comment --comment "New HTTP out"
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPS out"
|
||||
#
|
||||
# #### dhcpd
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "DHCPD out"
|
||||
|
||||
if [ -d /etc/ldap ]; then
|
||||
#### ldap connection should be in TLS or at least in LDAPS/SSL
|
||||
|
@ -223,6 +222,11 @@ if [ -d /etc/ldap ]; then
|
|||
$IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 636 -m state --state NEW -m comment --comment "LDAPS out"
|
||||
fi
|
||||
|
||||
if [ $(command -v dhcpd) ]; then
|
||||
#### dhcpd
|
||||
$IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --sport 67:68 --dport 67:68 -m state --state NEW -m comment --comment "DHCPD out"
|
||||
fi
|
||||
|
||||
# #### NFS Client
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o "${ILAN}" -s "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p udp -o "${ILAN}" -s "${IPLAN}" --dport 111 -m state --state NEW -m comment --comment "NFS out"
|
||||
|
|
Loading…
Reference in New Issue