external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

iptables doc tweak

Browse source
This commit is contained in:
A Holt 2019-05-23 19:39:44 -04:00 committed by GitHub
parent da4fb34090
commit f826c138b8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

43
roles/network/templates/gateway/iiab-gen-iptables
View file

@ -1,9 +1,31 @@
#!/bin/bash -x #!/bin/bash -x
# To customize your iptables firewall, it's best to edit: ################################################################################
# #
# IF YOU NEED TO CHANGE ports_externally_visible DO THAT IN: #
# #
# /etc/iiab/local_vars.yml #
# #
# This firewall variable must be an integer {0...5} as follows: #
# #
# 0 = none #
# 1 = ssh only #
# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) #
# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT #
# 4 = ssh + http-or-https + common IIAB services + Samba #
# 5 = all but databases #
# #
# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network #
# #
################################################################################
# To further customize your iptables firewall, it's generally best to edit:
# /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables # /opt/iiab/iiab/roles/network/templates/gateway/iiab-gen-iptables
# And then run: cd /opt/iiab/iiab; ./iiab-network # And then run: cd /opt/iiab/iiab; ./iiab-network
# IIAB Networking Doc:
# https://github.com/iiab/iiab/wiki/IIAB-Networking#firewall-iptables
{% if is_debuntu %} {% if is_debuntu %}
IPTABLES=/sbin/iptables IPTABLES=/sbin/iptables
IPTABLES_DATA=/etc/iptables.up.rules IPTABLES_DATA=/etc/iptables.up.rules
@ -50,25 +72,6 @@ transmission_peer_port={{ transmission_peer_port }}
samba_udp_ports={{ samba_udp_ports }} samba_udp_ports={{ samba_udp_ports }}
samba_tcp_mports={{ samba_tcp_mports }} samba_tcp_mports={{ samba_tcp_mports }}
################################################################################
# #
# IF YOU NEED TO CHANGE ports_externally_visible DO THAT IN: #
# #
# /etc/iiab/local_vars.yml #
# #
# This firewall variable must be an integer {0...5} as follows: #
# #
# 0 = none #
# 1 = ssh only #
# 2 = ssh + http-or-https (for Admin Console's box.lan/admin too) #
# 3 = ssh + http-or-https + common IIAB services <-- THIS IS THE DEFAULT #
# 4 = ssh + http-or-https + common IIAB services + Samba #
# 5 = all but databases #
# #
# Then enable it with iptables by running: cd /opt/iiab/iiab; ./iiab-network #
# #
################################################################################
echo -e "\nports_externally_visible: "$ports_externally_visible"\n" echo -e "\nports_externally_visible: "$ports_externally_visible"\n"
if ! [ "$ports_externally_visible" -eq "$ports_externally_visible" ] 2> /dev/null; then if ! [ "$ports_externally_visible" -eq "$ports_externally_visible" ] 2> /dev/null; then
echo "EXITING: an integer is required" echo "EXITING: an integer is required"