firewall trigger

serghey-rodin · serghey-rodin · commit 27dabfb7a497 · 2014-10-09T16:40:23.000+03:00
diff --git a/install/rhel/firewall/banlist.conf b/install/rhel/firewall/banlist.conf
@@ -0,0 +1 @@
+
diff --git a/install/rhel/firewall/chains.conf b/install/rhel/firewall/chains.conf
@@ -0,0 +1 @@
+
diff --git a/install/rhel/firewall/ports.conf b/install/rhel/firewall/ports.conf
@@ -0,0 +1,13 @@
+PROTOCOL='TCP' PORT='20'
+PROTOCOL='TCP' PORT='21'
+PROTOCOL='TCP' PORT='22'
+PROTOCOL='TCP' PORT='25'
+PROTOCOL='UDP' PORT='53'
+PROTOCOL='TCP' PORT='80'
+PROTOCOL='TCP' PORT='443'
+PROTOCOL='TCP' PORT='110'
+PROTOCOL='UDP' PORT='123'
+PROTOCOL='TCP' PORT='143'
+PROTOCOL='TCP' PORT='3306'
+PROTOCOL='TCP' PORT='5432'
+PROTOCOL='TCP' PORT='8083'
diff --git a/install/rhel/firewall/rules.conf b/install/rhel/firewall/rules.conf
@@ -0,0 +1,10 @@
+RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16'
+RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
+RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24'
+RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'
diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst
@@ -25,5 +25,10 @@ if [ -x "/usr/local/vesta/upd/add_sudo.sh" ]; then
     /usr/local/vesta/upd/add_sudo.sh
 fi
 
+# Run Firewall trigger
+if [ -x "/usr/local/vesta/upd/add_firewall.sh" ]; then
+    /usr/local/vesta/upd/add_firewall.sh
+fi
+
 
 exit 0
diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec
@@ -46,6 +46,9 @@ if [ $1 -ge 2 ]; then
     if [ -e /usr/local/vesta/upd/add_sudo.sh ]; then
         /usr/local/vesta/upd/add_sudo.sh
     fi
+    if [ -e /usr/local/vesta/upd/add_firewall.sh ]; then
+        /usr/local/vesta/upd/add_firewall.sh
+    fi
 
 %files
 %{_vestadir}
diff --git a/upd/add_firewall.sh b/upd/add_firewall.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+source /etc/profile.d/vesta.sh
+if [ ! -e "$VESTA/data/firewall" ]; then
+    mkdir -p $VESTA/data/firewall
+    chmod 770 $VESTA/data/firewall
+
+    cp $VESTA/install/rhel/firewall/* \
+        $VESTA/data/firewall/
+    chmod 660 $VESTA/data/firewall/*
+
+    source $VESTA/conf/vesta.conf
+    if [ -z "$FIREWALL_SYSTEM" ]; then
+        echo "FIREWALL_SYSTEM='iptables'" \
+            >> $VESTA/conf/vesta.conf
+    fi
+fi
