free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Allow icmp for mesh variant

Bob Mottram 9 years ago
parent
c70b67051b
commit
142a41319a
1 changed files with 46 additions and 25 deletions
Unified View Show Diff Stats
  1. 46
    25
      src/freedombone

+ 46
- 25
src/freedombone View File

1505 
       fi
 1505 
       fi
1506 
   fi
 1506 
   fi
1507
1507
1508 
-  ip6tables -A INPUT -i eth0 -p udp --dport $CJDNS_PORT -j ACCEPT
1509 
-  ip6tables -A INPUT -i eth0 -p tcp --dport $CJDNS_PORT -j ACCEPT
1508 
+  ip6tables -A INPUT -p udp --dport $CJDNS_PORT -j ACCEPT
1509 
+  ip6tables -A INPUT -p tcp --dport $CJDNS_PORT -j ACCEPT
1510 
   save_firewall_settings
 1510 
   save_firewall_settings
1511
1511
1512 
   if ! grep -q "Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
 1512 
   if ! grep -q "Mesh Networking (cjdns)" /home/$MY_USERNAME/README; then
5887 
   chmod +x /etc/network/if-up.d/iptables
 5887 
   chmod +x /etc/network/if-up.d/iptables
5888 
 }
 5888 
 }
5889
5889
5890 
+function configure_firewall_ping {
5891 
+  if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
5892 
+      return
5893 
+  fi
5894 
+  # Only allow ping for mesh installs
5895 
+  if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
5896 
+      return
5897 
+  fi
5898 
+  iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
5899 
+  iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
5900 
+  save_firewall_settings
5901 
+  echo 'configure_firewall_ping' >> $COMPLETION_FILE
5902 
+}
5903 
+
5890 
 function configure_firewall_for_voip {
 5904 
 function configure_firewall_for_voip {
5891 
   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
 5905 
   if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
5892 
       return
 5906 
       return
5894 
   if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
 5908 
   if grep -Fxq "configure_firewall_for_voip" $COMPLETION_FILE; then
5895 
       return
 5909 
       return
5896 
   fi
 5910 
   fi
5897 
-  iptables -A INPUT -i eth0 -p udp --dport $VOIP_PORT -j ACCEPT
5898 
-  iptables -A INPUT -i eth0 -p tcp --dport $VOIP_PORT -j ACCEPT
5911 
+  iptables -A INPUT -p udp --dport $VOIP_PORT -j ACCEPT
5912 
+  iptables -A INPUT -p tcp --dport $VOIP_PORT -j ACCEPT
5899 
   save_firewall_settings
 5913 
   save_firewall_settings
5900 
   echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
 5914 
   echo 'configure_firewall_for_voip' >> $COMPLETION_FILE
5901 
 }
 5915 
 }
5967 
   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
 5981 
   if [[ $SYSTEM_TYPE == "$VARIANT_CLOUD" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" ]]; then
5968 
       return
 5982 
       return
5969 
   fi
 5983 
   fi
5970 
-  iptables -A INPUT -i eth0 -p udp --dport 1900 -j ACCEPT
5971 
-  iptables -A INPUT -i eth0 -p tcp --dport 8200 -j ACCEPT
5984 
+  iptables -A INPUT -p udp --dport 1900 -j ACCEPT
5985 
+  iptables -A INPUT -p tcp --dport 8200 -j ACCEPT
5972 
   save_firewall_settings
 5986 
   save_firewall_settings
5973 
   echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
 5987 
   echo 'configure_firewall_for_dlna' >> $COMPLETION_FILE
5974 
 }
 5988 
 }
5981 
       # docker does its own firewalling
 5995 
       # docker does its own firewalling
5982 
       return
 5996 
       return
5983 
   fi
 5997 
   fi
5984 
-  iptables -A INPUT -i eth0 -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
5998 
+  iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
5985 
   save_firewall_settings
 5999 
   save_firewall_settings
5986 
   echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
 6000 
   echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
5987 
 }
 6001 
 }
5997 
       # docker does its own firewalling
 6011 
       # docker does its own firewalling
5998 
       return
 6012 
       return
5999 
   fi
 6013 
   fi
6000 
-  iptables -A INPUT -i eth0 -p tcp --dport 5222:5223 -j ACCEPT
6001 
-  iptables -A INPUT -i eth0 -p tcp --dport 5269 -j ACCEPT
6002 
-  iptables -A INPUT -i eth0 -p tcp --dport 5280:5281 -j ACCEPT
6014 
+  iptables -A INPUT -p tcp --dport 5222:5223 -j ACCEPT
6015 
+  iptables -A INPUT -p tcp --dport 5269 -j ACCEPT
6016 
+  iptables -A INPUT -p tcp --dport 5280:5281 -j ACCEPT
6003 
   save_firewall_settings
 6017 
   save_firewall_settings
6004 
   echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
 6018 
   echo 'configure_firewall_for_xmpp' >> $COMPLETION_FILE
6005 
 }
 6019 
 }
6015 
       # docker does its own firewalling
 6029 
       # docker does its own firewalling
6016 
       return
 6030 
       return
6017 
   fi
 6031 
   fi
6018 
-  iptables -A INPUT -i eth0 -p tcp --dport $IRC_PORT  -j ACCEPT
6019 
-  iptables -I INPUT -i eth0 -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
6020 
-  iptables -A INPUT -i eth0 -p tcp --dport 9999 -j ACCEPT
6032 
+  iptables -A INPUT -p tcp --dport $IRC_PORT  -j ACCEPT
6033 
+  iptables -I INPUT -p tcp --dport 1024:65535 --sport $IRC_PORT -j ACCEPT
6034 
+  iptables -A INPUT -p tcp --dport 9999 -j ACCEPT
6021 
   save_firewall_settings
 6035 
   save_firewall_settings
6022 
   echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
 6036 
   echo 'configure_firewall_for_irc' >> $COMPLETION_FILE
6023 
 }
 6037 
 }
6043 
       # docker does its own firewalling
 6057 
       # docker does its own firewalling
6044 
       return
 6058 
       return
6045 
   fi
 6059 
   fi
6046 
-  iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
6047 
-  iptables -A INPUT -i eth0 -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
6060 
+  iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
6061 
+  iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
6048 
   save_firewall_settings
 6062 
   save_firewall_settings
6049 
   echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
 6063 
   echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
6050 
 }
 6064 
 }
6057 
       # docker does its own firewalling
 6071 
       # docker does its own firewalling
6058 
       return
 6072 
       return
6059 
   fi
 6073 
   fi
6060 
-  iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
6061 
-  iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
6074 
+  iptables -A INPUT -p tcp --dport 80 -j ACCEPT
6075 
+  iptables -A INPUT -p tcp --dport 443 -j ACCEPT
6062 
   save_firewall_settings
 6076 
   save_firewall_settings
6063 
   echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
 6077 
   echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
6064 
 }
 6078 
 }
6071 
       # docker does its own firewalling
 6085 
       # docker does its own firewalling
6072 
       return
 6086 
       return
6073 
   fi
 6087 
   fi
6074 
-  iptables -A INPUT -i eth0 -p tcp --dport $TOX_PORT -j ACCEPT
6088 
+  iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT
6075 
   save_firewall_settings
 6089 
   save_firewall_settings
6076 
   echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
 6090 
   echo 'configure_firewall_for_tox' >> $COMPLETION_FILE
6077 
 }
 6091 
 }
6084 
       # docker does its own firewalling
 6098 
       # docker does its own firewalling
6085 
       return
 6099 
       return
6086 
   fi
 6100 
   fi
6087 
-  iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
6088 
-  iptables -A INPUT -i eth0 -p tcp --dport $SSH_PORT -j ACCEPT
6101 
+  iptables -A INPUT -p tcp --dport 22 -j ACCEPT
6102 
+  iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
6089 
   save_firewall_settings
 6103 
   save_firewall_settings
6090 
   echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
 6104 
   echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
6091 
 }
 6105 
 }
6098 
       # docker does its own firewalling
 6112 
       # docker does its own firewalling
6099 
       return
 6113 
       return
6100 
   fi
 6114 
   fi
6101 
-  iptables -A INPUT -i eth0 -p tcp --dport 9418 -j ACCEPT
6115 
+  iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
6102 
   save_firewall_settings
 6116 
   save_firewall_settings
6103 
   echo 'configure_firewall_for_git' >> $COMPLETION_FILE
 6117 
   echo 'configure_firewall_for_git' >> $COMPLETION_FILE
6104 
 }
 6118 
 }
6114 
       # docker does its own firewalling
 6128 
       # docker does its own firewalling
6115 
       return
 6129 
       return
6116 
   fi
 6130 
   fi
6117 
-  iptables -A INPUT -i eth0 -p tcp --dport 25 -j ACCEPT
6118 
-  iptables -A INPUT -i eth0 -p tcp --dport 587 -j ACCEPT
6119 
-  iptables -A INPUT -i eth0 -p tcp --dport 465 -j ACCEPT
6120 
-  iptables -A INPUT -i eth0 -p tcp --dport 993 -j ACCEPT
6131 
+  iptables -A INPUT -p tcp --dport 25 -j ACCEPT
6132 
+  iptables -A INPUT -p tcp --dport 587 -j ACCEPT
6133 
+  iptables -A INPUT -p tcp --dport 465 -j ACCEPT
6134 
+  iptables -A INPUT -p tcp --dport 993 -j ACCEPT
6121 
   save_firewall_settings
 6135 
   save_firewall_settings
6122 
   echo 'configure_firewall_for_email' >> $COMPLETION_FILE
 6136 
   echo 'configure_firewall_for_email' >> $COMPLETION_FILE
6123 
 }
 6137 
 }
9883 
   fi
 9897 
   fi
9884 
   # Avoid logging the changed database
 9898 
   # Avoid logging the changed database
9885 
   sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
 9899 
   sed -i 's|$(TWETC)/tw.pol.*||g' /etc/tripwire/twpol.txt
9900 
+  # recreate the configuration
9886 
   echo '
 9901 
   echo '
9887
9902
9903 
+' | twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt
9904 
+  # reset
9905 
+  echo '
9906 
+
9907 
+
9888
9908
9889 
 ' | reset-tripwire
 9909 
 ' | reset-tripwire
9890
9910
10241 
 install_not_on_BBB
 10261 
 install_not_on_BBB
10242 
 remove_default_user
 10262 
 remove_default_user
10243 
 configure_firewall
 10263 
 configure_firewall
10264 
+configure_firewall_ping
10244 
 configure_firewall_for_ssh
 10265 
 configure_firewall_for_ssh
10245 
 configure_firewall_for_dns
 10266 
 configure_firewall_for_dns
10246 
 configure_firewall_for_ftp
 10267 
 configure_firewall_for_ftp