external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

2 = ssh + http-or-https (for Admin Console's box.lan/admin too)

Browse source
This commit is contained in:
A Holt 2019-05-19 14:02:53 -04:00 committed by GitHub
parent 043e6c8166
commit 20dacbb8fa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -59,9 +59,9 @@ samba_tcp_mports={{ samba_tcp_mports }}
# #
# 0 = none #
# 1 = ssh only #
# 2 = ssh + Admin Console #
# 3 = ssh + Admin Console + common IIAB services <-- THIS IS THE DEFAULT #
# 4 = ssh + Admin Console + common IIAB services + Samba #
# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) #
# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT #
# 4 = ssh + http-or-https + common IIAB services + Samba #
# 5 = all but databases #
# #
# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network #
@ -136,12 +136,15 @@ if [ "$ports_externally_visible" -ge 1 ]; then
$IPTABLES -A INPUT -p tcp --dport $ssh_port -m state --state NEW -i $wan -j ACCEPT
fi
# 2 = ssh + Admin Console
# For now this is implemented using Admin Console variable "gui_port" from:
# https://github.com/iiab/iiab/blob/master/roles/0-init/tasks/main.yml#L87-L95
#
# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too)
if [ "$ports_externally_visible" -ge 2 ]; then
$IPTABLES -A INPUT -p tcp --dport $gui_port -m state --state NEW -i $wan -j ACCEPT
fi
# 3 = ssh + Admin Console + common IIAB services
# 3 = ssh + http-or-https + common IIAB services
if [ "$ports_externally_visible" -ge 3 ]; then
$IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
@ -163,7 +166,7 @@ if [ "$ports_externally_visible" -ge 3 ]; then
fi
fi
# 4 = ssh + Admin Console + common IIAB services + Samba
# 4 = ssh + http-or-https + common IIAB services + Samba
if [ "$ports_externally_visible" -ge 4 ]; then
$IPTABLES -A INPUT -p udp --dport $samba_udp_ports -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp -m multiport --dports $samba_tcp_mports -m state --state NEW -i $wan -j ACCEPT