Browse Source

Firewall for keyserver

Bob Mottram 8 years ago
parent
commit
3714095c0d
1 changed files with 16 additions and 0 deletions
  1. 16
    0
      src/freedombone-app-keyserver

+ 16
- 0
src/freedombone-app-keyserver View File

@@ -46,6 +46,16 @@ keyserver_variables=(ONION_ONLY
46 46
                      KEYSERVER_DOMAIN_NAME
47 47
                      KEYSERVER_CODE)
48 48
 
49
+function configure_firewall_for_keyserver {
50
+    if [[ $ONION_ONLY != "no" ]]; then
51
+        return
52
+    fi
53
+    firewall_add keyserver 11370 tcp
54
+    firewall_add keyserver 11371 tcp
55
+    firewall_add keyserver 11372 tcp
56
+    mark_completed $FUNCNAME
57
+}
58
+
49 59
 function logging_on_keyserver {
50 60
     echo -n ''
51 61
 }
@@ -133,6 +143,10 @@ function remove_keyserver {
133 143
     remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
134 144
     remove_completion_param "install_keyserver"
135 145
 
146
+    firewall_remove 11370 tcp
147
+    firewall_remove 11371 tcp
148
+    firewall_remove 11372 tcp
149
+
136 150
     sed -i '/keyserver/d' $COMPLETION_FILE
137 151
     if [ -d /var/lib/sks ]; then
138 152
         rm -rf /var/lib/sks
@@ -373,6 +387,8 @@ function install_keyserver {
373 387
     function_check nginx_ensite
374 388
     nginx_ensite $KEYSERVER_DOMAIN_NAME
375 389
 
390
+    configure_firewall_for_keyserver
391
+
376 392
     systemctl restart nginx
377 393
 
378 394
     set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"