Add a first-run script to be run by freedombox-setup to setup initial state of firewall

2026-06-03 10:50:20 +00:00 · 2014-04-22 22:17:18 +05:30 · 2014-04-22 22:17:18 +05:30 · 3984559fda
commit 3984559fda
parent f77ceedc94
1 changed files with 48 additions and 0 deletions
--- a/lib/freedombox/first-run.d/90_firewall
+++ b/lib/freedombox/first-run.d/90_firewall
@ -0,0 +1,48 @@
+#!/bin/sh
+
+# Setup firewall rules for all the enabled services
+
+# Ideally all non essential services are enabled from Plinth
+# which automatically takes care of enabling appropirate firewall
+# ports. This file is used then for essential services and services
+# that are not yet configurable from Plinth.
+
+# HTTP (JWChat, ownCloud)
+firewall-cmd --permanent --add-service=http
+
+# HTTPS (Plinth, JWChat, ownCloud)
+firewall-cmd --permanent --add-service=https
+
+# Tor
+firewall-cmd --permanent --add-port=9050/tcp
+
+# NTP
+firewall-cmd --permanent --add-service=ntp
+
+# DNS
+firewall-cmd --permanent --add-service=dns
+
+# mDNS
+firewall-cmd --permanent --add-service=mdns
+
+# DHCP
+firewall-cmd --permanent --add-service=dhcp
+
+# Bootp Server and Client (not enabled)
+#firewall-cmd --permanent --add-port=67/tcp
+#firewall-cmd --permanent --add-port=67/udp
+#firewall-cmd --permanent --add-port=68/tcp
+#firewall-cmd --permanent --add-port=68/udp
+
+# LDAP (not enabled)
+#firewall-cmd --permanent --add-service=ldap
+#firewall-cmd --permanent --add-service=ldaps
+
+# OpenVPN (not enabled)
+#firewall-cmd --permanent --add-service=openvpn
+
+# Privoxy
+firewall-cmd --permanent --add-port=8118/tcp
+
+# Obfsproxy
+firewall-cmd --permanent --add-port=40202/tcp