mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-05-13 10:30:16 +00:00
1c046d0ece
This is now properly handled by freedombox-setup network scripts. There is no need to set it up here. Also there is chance they might by configured wrong.
76 lines
2.7 KiB
Bash
Executable File
76 lines
2.7 KiB
Bash
Executable File
#!/bin/sh
|
|
#
|
|
# This file is part of Plinth.
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
# Enable tracing to see the commands in
|
|
# /var/log/freedombox-first-run.log
|
|
set -x
|
|
|
|
# Setup firewall rules for all the services enabled by default.
|
|
# Ideally all non-essential services are enabled from Plinth which
|
|
# automatically takes care of enabling appropirate firewall ports. The
|
|
# following is then for essential services and services that are not
|
|
# yet configurable from Plinth.
|
|
|
|
# HTTP (JWChat, ownCloud)
|
|
firewall-cmd --zone=external --permanent --add-service=http
|
|
firewall-cmd --zone=internal --permanent --add-service=http
|
|
|
|
# HTTPS (Plinth, JWChat, ownCloud)
|
|
firewall-cmd --zone=external --permanent --add-service=https
|
|
firewall-cmd --zone=internal --permanent --add-service=https
|
|
|
|
# Tor
|
|
firewall-cmd --zone=internal --permanent --add-service=tor-socks
|
|
|
|
# NTP
|
|
firewall-cmd --zone=internal --permanent --add-service=ntp
|
|
|
|
# DNS
|
|
firewall-cmd --zone=internal --permanent --add-service=dns
|
|
|
|
# mDNS
|
|
firewall-cmd --zone=internal --permanent --add-service=mdns
|
|
|
|
# DHCP
|
|
firewall-cmd --zone=internal --permanent --add-service=dhcp
|
|
|
|
# Bootp Server and Client (not enabled)
|
|
#firewall-cmd --zone=internal --permanent --add-port=67/tcp
|
|
#firewall-cmd --zone=internal --permanent --add-port=67/udp
|
|
#firewall-cmd --zone=internal --permanent --add-port=68/tcp
|
|
#firewall-cmd --zone=internal --permanent --add-port=68/udp
|
|
|
|
# LDAP (not enabled)
|
|
#firewall-cmd --zone=internal --permanent --add-service=ldap
|
|
#firewall-cmd --zone=internal --permanent --add-service=ldaps
|
|
|
|
# OpenVPN (not enabled)
|
|
#firewall-cmd --zone=external --permanent --add-service=openvpn
|
|
#firewall-cmd --zone=internal --permanent --add-service=openvpn
|
|
|
|
# Privoxy
|
|
firewall-cmd --zone=internal --permanent --add-service=privoxy
|
|
|
|
# XMPP
|
|
firewall-cmd --zone=external --permanent --add-service=xmpp-server
|
|
firewall-cmd --zone=internal --permanent --add-service=xmpp-server
|
|
firewall-cmd --zone=external --permanent --add-service=xmpp-client
|
|
firewall-cmd --zone=internal --permanent --add-service=xmpp-client
|
|
firewall-cmd --zone=external --permanent --add-service=xmpp-bosh
|
|
firewall-cmd --zone=internal --permanent --add-service=xmpp-bosh
|