|  | @@ -47,6 +47,8 @@ SSH_MACS="hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripem
 | 
	
		
			
			| 47 | 47 |  SSH_KEX="curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256"
 | 
	
		
			
			| 48 | 48 |  SSH_HOST_KEY_ALGORITHMS="ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-ed25519,ssh-rsa"
 | 
	
		
			
			| 49 | 49 |  
 | 
	
		
			
			|  | 50 | +ZERONET_PORT=15441
 | 
	
		
			
			|  | 51 | +
 | 
	
		
			
			| 50 | 52 |  # see https://stribika.github.io/2015/01/04/secure-secure-shell.html
 | 
	
		
			
			| 51 | 53 |  function ssh_remove_small_moduli {
 | 
	
		
			
			| 52 | 54 |    sudo awk '$5 > 2000' /etc/ssh/moduli > /home/$CURR_USER/moduli
 | 
	
	
		
			
			|  | @@ -303,6 +305,8 @@ function mesh_batman {
 | 
	
		
			
			| 303 | 305 |    echo '    iptables -A INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
 | 
	
		
			
			| 304 | 306 |    echo '    iptables -A INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
 | 
	
		
			
			| 305 | 307 |    echo '    iptables -A INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
 | 
	
		
			
			|  | 308 | +  echo "    iptables -A INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
 | 
	
		
			
			|  | 309 | +  echo "    iptables -A INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
 | 
	
		
			
			| 306 | 310 |    echo '' >> $batman_script
 | 
	
		
			
			| 307 | 311 |    echo '    if [ -f /bin/systemctl ]; then' >> $batman_script
 | 
	
		
			
			| 308 | 312 |    echo '        systemctl restart avahi-daemon' >> $batman_script
 | 
	
	
		
			
			|  | @@ -341,6 +345,8 @@ function mesh_batman {
 | 
	
		
			
			| 341 | 345 |    echo '    iptables -D INPUT -p udp --dport 5353 -j ACCEPT' >> $batman_script
 | 
	
		
			
			| 342 | 346 |    echo '    iptables -D INPUT -p tcp --dport 5354 -j ACCEPT' >> $batman_script
 | 
	
		
			
			| 343 | 347 |    echo '    iptables -D INPUT -p udp --dport 5354 -j ACCEPT' >> $batman_script
 | 
	
		
			
			|  | 348 | +  echo "    iptables -D INPUT -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
 | 
	
		
			
			|  | 349 | +  echo "    iptables -D INPUT -p udp --dport $ZERONET_PORT -j ACCEPT" >> $batman_script
 | 
	
		
			
			| 344 | 350 |    echo '' >> $batman_script
 | 
	
		
			
			| 345 | 351 |    echo '    if [ -f /bin/systemctl ]; then' >> $batman_script
 | 
	
		
			
			| 346 | 352 |    echo '        systemctl restart network-manager' >> $batman_script
 |