firewall: allow 80 and 443 INPUT/OUTPUT if apache2|nginx is available.
Issue #1
This commit is contained in:
parent
147538cfa5
commit
a9e353fe37
16
firewall
16
firewall
|
@ -127,9 +127,11 @@ fw_start() {
|
|||
$IPT -A INPUT -j ACCEPT -p icmp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" -m comment --comment "ICMP FURY req"
|
||||
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -s 192.168.0.3 -d "${IPLAN}" --dport 22 -m state --state NEW -m comment --comment "New SSH fury in"
|
||||
|
||||
#### Apache2 - Web server
|
||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
|
||||
#$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
|
||||
if [ $(command -v apache2) ] || [ $(command -v nginx) ]; then
|
||||
#### Web server
|
||||
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 80 -m state --state NEW -m comment --comment "New HTTP in"
|
||||
$IPT -A INPUT -j ACCEPT -p tcp -i "${ILAN}" -d "${IPLAN}" --dport 443 -m state --state NEW -m comment --comment "New HTTPS in"
|
||||
fi
|
||||
|
||||
if [ $(command -v slapd) ]; then
|
||||
#### slapd
|
||||
|
@ -211,9 +213,11 @@ fi
|
|||
#### OpenPGP HTTP key server (add key, maj, ...)
|
||||
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --dport 11371 -m state --state NEW -m comment --comment "OpenPGP req"
|
||||
|
||||
# #### Apache2 - Web server
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 80 -m state --state NEW -m comment --comment "New HTTP out"
|
||||
# #$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPS out"
|
||||
if [ $(command -v apache2) ] || [ $(command -v nginx) ]; then
|
||||
#### Web server
|
||||
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 80 -m state --state NEW -m comment --comment "New HTTPD out"
|
||||
$IPT -A OUTPUT -j ACCEPT -p tcp -o ${ILAN} --sport 443 -m state --state NEW -m comment --comment "New HTTPDs out"
|
||||
fi
|
||||
|
||||
if [ -d /etc/ldap ]; then
|
||||
#### ldap connection should be in TLS or at least in LDAPS/SSL
|
||||
|
|
Loading…
Reference in New Issue