Move firewall functions to their logical homes

src/freedombone-utils-avahi

@@ -126,4 +126,19 @@ function install_avahi {
     mark_completed $FUNCNAME
 }
 
+function configure_firewall_for_avahi {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    iptables -A INPUT -p tcp --dport 548 -j ACCEPT
+    iptables -A INPUT -p udp --dport 548 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
+    iptables -A INPUT -p udp --dport 5353 -j ACCEPT
+    iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
+    iptables -A INPUT -p udp --dport 5354 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately there is no "exit 0"

src/freedombone-utils-dns

@@ -203,4 +203,18 @@ function set_your_domain_name {
     mark_completed $FUNCNAME
 }
 
+function configure_firewall_for_dns {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
+    function_check save_firewall_settings
+    save_firewall_settings
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0

src/freedombone-utils-firewall

@@ -118,97 +118,6 @@ function configure_firewall_ping {
     mark_completed $FUNCNAME
 }
 
-function configure_firewall_for_avahi {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    iptables -A INPUT -p tcp --dport 548 -j ACCEPT
-    iptables -A INPUT -p udp --dport 548 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
-    iptables -A INPUT -p udp --dport 5353 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
-    iptables -A INPUT -p udp --dport 5354 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_dns {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
-    function_check save_firewall_settings
-    save_firewall_settings
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_web_access {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-    firewall_remove 80 tcp
-    firewall_remove 443 tcp
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_web_server {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-
-    firewall_add HTTP 80 tcp
-    firewall_add HTTPS 443 tcp
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_ssh {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-
-    firewall_add SSH ${SSH_PORT} tcp
-    mark_completed $FUNCNAME
-}
-
-function configure_firewall_for_git {
-    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
-        return
-    fi
-    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
-        # docker does its own firewalling
-        return
-    fi
-    if [[ $ONION_ONLY != "no" ]]; then
-        return
-    fi
-
-    firewall_add Git 9418 tcp
-    mark_completed $FUNCNAME
-}
-
 function configure_internet_protocol {
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return

src/freedombone-utils-git

@@ -136,4 +136,20 @@ function set_repo_commit {
     fi
 }
 
+function configure_firewall_for_git {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+
+    firewall_add Git 9418 tcp
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0

src/freedombone-utils-ssh

@@ -139,4 +139,17 @@ function regenerate_ssh_keys {
     mark_completed $FUNCNAME
 }
 
+function configure_firewall_for_ssh {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+
+    firewall_add SSH ${SSH_PORT} tcp
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0

src/freedombone-utils-web

@@ -598,4 +598,20 @@ function remove_certs {
     fi
 }
 
+function configure_firewall_for_web_access {
+    if [[ $(is_completed $FUNCNAME) == "1" ]]; then
+        return
+    fi
+    if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
+        # docker does its own firewalling
+        return
+    fi
+    if [[ $ONION_ONLY != "no" ]]; then
+        return
+    fi
+    firewall_add HTTP 80 tcp
+    firewall_add HTTPS 443 tcp
+    mark_completed $FUNCNAME
+}
+
 # NOTE: deliberately no exit 0