firewall: Remove redundant setup steps

- Essential modules enable their own services properly. There is no need to do them as part of common setup. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
2026-06-10 11:00:22 +00:00 · 2017-08-31 16:48:00 +05:30 · 2017-08-31 16:48:00 +05:30 · f5a5ee1f04
commit f5a5ee1f04
parent c2cf591e1b
1 changed files with 5 additions and 41 deletions
--- a/data/usr/lib/freedombox/first-run.d/90_firewall
+++ b/data/usr/lib/freedombox/first-run.d/90_firewall
@ -50,56 +50,20 @@ set -x
 # and 'internal' zones are managed.
 firewall-cmd --set-default-zone=external

-# Setup firewall rules for all the services enabled by default.
-# Ideally all non-essential services are enabled from Plinth which
-# automatically takes care of enabling appropirate firewall ports. The
-# following is then for essential services and services that are not
-# yet configurable from Plinth.
+# Setup firewall rules for all the services enabled by default. Ideally all
+# essential services are enabled from Plinth which automatically takes care of
+# enabling appropirate firewall ports.

-# HTTP (JWChat)
+# HTTP
 firewall-cmd --zone=external --permanent --add-service=http
 firewall-cmd --zone=internal --permanent --add-service=http

-# HTTPS (Plinth, JWChat)
+# HTTPS
 firewall-cmd --zone=external --permanent --add-service=https
 firewall-cmd --zone=internal --permanent --add-service=https

-# Tor
-firewall-cmd --zone=internal --permanent --add-service=tor-socks
-
-# NTP
-firewall-cmd --zone=internal --permanent --add-service=ntp
-
 # DNS
 firewall-cmd --zone=internal --permanent --add-service=dns

-# mDNS
-firewall-cmd --zone=internal --permanent --add-service=mdns
-
 # DHCP
 firewall-cmd --zone=internal --permanent --add-service=dhcp
-
-# Bootp Server and Client (not enabled)
-#firewall-cmd --zone=internal --permanent --add-port=67/tcp
-#firewall-cmd --zone=internal --permanent --add-port=67/udp
-#firewall-cmd --zone=internal --permanent --add-port=68/tcp
-#firewall-cmd --zone=internal --permanent --add-port=68/udp
-
-# LDAP (not enabled)
-#firewall-cmd --zone=internal --permanent --add-service=ldap
-#firewall-cmd --zone=internal --permanent --add-service=ldaps
-
-# OpenVPN (not enabled)
-#firewall-cmd --zone=external --permanent --add-service=openvpn
-#firewall-cmd --zone=internal --permanent --add-service=openvpn
-
-# Privoxy
-firewall-cmd --zone=internal --permanent --add-service=privoxy
-
-# XMPP
-firewall-cmd --zone=external --permanent --add-service=xmpp-server
-firewall-cmd --zone=internal --permanent --add-service=xmpp-server
-firewall-cmd --zone=external --permanent --add-service=xmpp-client
-firewall-cmd --zone=internal --permanent --add-service=xmpp-client
-firewall-cmd --zone=external --permanent --add-service=xmpp-bosh
-firewall-cmd --zone=internal --permanent --add-service=xmpp-bosh