#!/bin/sh # # This file is part of Plinth. # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # # Enable tracing to see the commands in # /var/log/freedombox-first-run.log set -x # Setup firewall rules for all the services enabled by default. # Ideally all non-essential services are enabled from Plinth which # automatically takes care of enabling appropirate firewall ports. The # following is then for essential services and services that are not # yet configurable from Plinth. # HTTP (JWChat, ownCloud) firewall-cmd --zone=external --permanent --add-service=http firewall-cmd --zone=internal --permanent --add-service=http # HTTPS (Plinth, JWChat, ownCloud) firewall-cmd --zone=external --permanent --add-service=https firewall-cmd --zone=internal --permanent --add-service=https # Tor firewall-cmd --zone=internal --permanent --add-service=tor-socks # NTP firewall-cmd --zone=internal --permanent --add-service=ntp # DNS firewall-cmd --zone=internal --permanent --add-service=dns # mDNS firewall-cmd --zone=internal --permanent --add-service=mdns # DHCP firewall-cmd --zone=internal --permanent --add-service=dhcp # Bootp Server and Client (not enabled) #firewall-cmd --zone=internal --permanent --add-port=67/tcp #firewall-cmd --zone=internal --permanent --add-port=67/udp #firewall-cmd --zone=internal --permanent --add-port=68/tcp #firewall-cmd --zone=internal --permanent --add-port=68/udp # LDAP (not enabled) #firewall-cmd --zone=internal --permanent --add-service=ldap #firewall-cmd --zone=internal --permanent --add-service=ldaps # OpenVPN (not enabled) #firewall-cmd --zone=external --permanent --add-service=openvpn #firewall-cmd --zone=internal --permanent --add-service=openvpn # Privoxy firewall-cmd --zone=internal --permanent --add-service=privoxy # XMPP firewall-cmd --zone=external --permanent --add-service=xmpp-server firewall-cmd --zone=internal --permanent --add-service=xmpp-server firewall-cmd --zone=external --permanent --add-service=xmpp-client firewall-cmd --zone=internal --permanent --add-service=xmpp-client firewall-cmd --zone=external --permanent --add-service=xmpp-bosh firewall-cmd --zone=internal --permanent --add-service=xmpp-bosh