external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

iiab-gen-iptables 15+ core port rules alphabetized

Browse source
This commit is contained in:
A Holt 2019-05-21 03:57:04 -04:00 committed by GitHub
parent efd317d62f
commit b221473d64
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 18 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

34
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -32,20 +32,21 @@ block_DNS={{ block_DNS }}
calibre_port={{ calibre_port }} calibre_port={{ calibre_port }}
calibreweb_port={{ calibreweb_port }} calibreweb_port={{ calibreweb_port }}
kiwix_port={{ kiwix_port }}
kalite_server_port={{ kalite_server_port }}
kolibri_http_port={{ kolibri_http_port }}
cups_port={{ cups_port }} cups_port={{ cups_port }}
transmission_http_port={{ transmission_http_port }} kalite_server_port={{ kalite_server_port }}
transmission_peer_port={{ transmission_peer_port }} kiwix_port={{ kiwix_port }}
sugarizer_port={{ sugarizer_port }} kolibri_http_port={{ kolibri_http_port }}
nodered_port={{ nodered_port }}
mosquitto_port={{ mosquitto_port }}
minetest_port={{ minetest_port }} minetest_port={{ minetest_port }}
mosquitto_port={{ mosquitto_port }}
nodered_port={{ nodered_port }}
pbx_enabled={{ pbx_enabled }} pbx_enabled={{ pbx_enabled }}
pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }} pbx_signaling_ports_chan_sip={{ pbx_signaling_ports_chan_sip }}
pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }} pbx_signaling_ports_chan_pjsip={{ pbx_signaling_ports_chan_pjsip }}
pbx_data_ports={{ pbx_data_ports }} pbx_data_ports={{ pbx_data_ports }}
sugarizer_port={{ sugarizer_port }}
transmission_http_port={{ transmission_http_port }}
transmission_peer_port={{ transmission_peer_port }}
samba_udp_ports={{ samba_udp_ports }} samba_udp_ports={{ samba_udp_ports }}
samba_tcp_mports={{ samba_tcp_mports }} samba_tcp_mports={{ samba_tcp_mports }}
@ -135,24 +136,25 @@ if [ "$wan" != "none" ]; then
# 3 = ssh + http-or-https + common IIAB services # 3 = ssh + http-or-https + common IIAB services
if [ "$ports_externally_visible" -ge 3 ]; then if [ "$ports_externally_visible" -ge 3 ]; then
$IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibre_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $calibreweb_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $cups_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kalite_server_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kiwix_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p tcp --dport $kolibri_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $minetest_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $mosquitto_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $nodered_port -m state --state NEW -i $wan -j ACCEPT
if [ "$pbx_enabled" == "True" ]; then if [ "$pbx_enabled" == "True" ]; then
$IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_sip -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_signaling_ports_chan_pjsip -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT $IPTABLES -A INPUT -p udp --dport $pbx_data_ports -m state --state NEW -i $wan -j ACCEPT
fi fi
$IPTABLES -A INPUT -p tcp --dport $sugarizer_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $transmission_http_port -m state --state NEW -i $wan -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport $transmission_peer_port -m state --state NEW -i $wan -j ACCEPT
fi fi
# 4 = ssh + http-or-https + common IIAB services + Samba # 4 = ssh + http-or-https + common IIAB services + Samba