Don't set up firewall when creating image

src/freedombone-image-customise

 
     if [[ $ARCHITECTURE == 'amd64' ]]; then
         chroot "$rootdir" apt-get -yq install linux-image-amd64 -t jessie-backports
+        chroot "$rootdir" apt-get -yq install grub2
     fi
 
     chroot "$rootdir" apt-get -yq install locales locales-all debconf
 
-    # basic firewall
-    chroot "$rootdir" iptables -P INPUT ACCEPT
-    chroot "$rootdir" ip6tables -P INPUT ACCEPT
-    chroot "$rootdir" iptables -F
-    chroot "$rootdir" ip6tables -F
-    chroot "$rootdir" iptables -t nat -F
-    chroot "$rootdir" ip6tables -t nat -F
-    chroot "$rootdir" iptables -X
-    chroot "$rootdir" ip6tables -X
-    chroot "$rootdir" iptables -P INPUT DROP
-    chroot "$rootdir" ip6tables -P INPUT DROP
-    chroot "$rootdir" iptables -P FORWARD DROP
-    chroot "$rootdir" ip6tables -P FORWARD DROP
-    chroot "$rootdir" iptables -A INPUT -i lo -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
-    chroot "$rootdir" iptables -A INPUT -f -j DROP
-    chroot "$rootdir" iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
-    chroot "$rootdir" iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
-    chroot "$rootdir" iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
-    chroot "$rootdir" iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
-    chroot "$rootdir" iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-    chroot "$rootdir" iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp --dport 548 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p udp --dport 548 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p udp --dport 5353 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p udp --dport 5354 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp --dport 80 -j ACCEPT
-    chroot "$rootdir" iptables -A INPUT -p tcp --dport 443 -j ACCEPT
-
-    # save the firewall
-    chroot "$rootdir" iptables-save > /etc/firewall.conf
-    chroot "$rootdir" ip6tables-save > /etc/firewall6.conf
-    printf '#!/bin/sh\n' > $rootdir/etc/network/if-up.d/iptables
-    printf 'iptables-restore < /etc/firewall.conf\n' >> $rootdir/etc/network/if-up.d/iptables
-    printf 'ip6tables-restore < /etc/firewall6.conf\n' >> $rootdir/etc/network/if-up.d/iptables
-    if [ -f $rootdir/etc/network/if-up.d/iptables ]; then
-        chmod +x $rootdir/etc/network/if-up.d/iptables
-    fi
-
     SYSCTL_FILE=$rootdir/etc/sysctl.conf
     if [ ! -f $SYSCTL_FILE ]; then
         touch $SYSCTL_FILE
     chroot "$rootdir" apt-get -yq install network-manager iputils-ping libnss-mdns libnss-myhostname
     chroot "$rootdir" apt-get -yq install libnss-gw-name nano man ntp locales locales-all debconf
     chroot "$rootdir" apt-get -yq install wireless-tools wpasupplicant usbutils cryptsetup zsh
-    chroot "$rootdir" apt-get -yq install pinentry-curses eatmydata iotop bc grub2 hostapd haveged
-    chroot "$rootdir" apt-get -yq install cpulimit screen elinks
-    chroot "$rootdir" apt-get -yq install libpam-cracklib
+    chroot "$rootdir" apt-get -yq install pinentry-curses eatmydata iotop bc hostapd haveged
+    chroot "$rootdir" apt-get -yq install cpulimit screen elinks libpam-cracklib
 
     # Tor and ssh over tor
     chroot "$rootdir" apt-get -yq install tor connect-proxy