jegardai
/
scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

firewall: allow 80 and 443 INPUT/OUTPUT if apache2|nginx is available. 

Issue #1
This commit is contained in:
Jeremy Gardais 2015-09-16 18:12:42 +02:00
parent 147538cfa5
commit a9e353fe37
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
firewall
View File

@ -127,9 +127,11 @@ fw_start() {
$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req" $IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH fury in" $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH fury in"
#### Apache2 - Web server if [ $(command -v apache2) ] || [ $(command -v nginx) ]; then
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in" #### Web server
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in" $IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
fi
if [ $(command -v slapd) ]; then if [ $(command -v slapd) ]; then
#### slapd #### slapd
@ -211,9 +213,11 @@ fi
#### OpenPGP HTTP key server (add key, maj, ...) #### OpenPGP HTTP key server (add key, maj, ...)
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req" $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req"
# #### Apache2 - Web server if [ $(command -v apache2) ] || [ $(command -v nginx) ]; then
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 80 -m state --state NEW -m comment --comment "New HTTP out" #### Web server
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPS out" $IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 80 -m state --state NEW -m comment --comment "New HTTPD out"
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPDs out"
fi
if [ -d /etc/ldap ]; then if [ -d /etc/ldap ]; then
#### ldap connection should be in TLS or at least in LDAPS/SSL #### ldap connection should be in TLS or at least in LDAPS/SSL