|
@@ -90,15 +90,16 @@ ntpdate pool.ntp.org
|
|
|
|
|
|
# iptables
|
|
|
if [ "${iptables_yn}" == 'y' ]; then
|
|
|
- if [ -e "/etc/iptables.up.rules" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables.up.rules)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables.up.rules)" ]; then
|
|
|
+ if [ -e "/etc/iptables/rules.v4" ] && [ -n "$(grep '^:INPUT DROP' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 22 -j ACCEPT' /etc/iptables/rules.v4)" -a -n "$(grep 'NEW -m tcp --dport 80 -j ACCEPT' /etc/iptables/rules.v4)" ]; then
|
|
|
IPTABLES_STATUS=yes
|
|
|
else
|
|
|
IPTABLES_STATUS=no
|
|
|
fi
|
|
|
|
|
|
if [ "${IPTABLES_STATUS}" == "no" ]; then
|
|
|
- [ -e "/etc/iptables.up.rules" ] && /bin/mv /etc/iptables.up.rules{,_bk}
|
|
|
- cat > /etc/iptables.up.rules << EOF
|
|
|
+ apt-get -y --force-yes install iptables-persistent &&
|
|
|
+ [ -e "/etc/iptables/rules.v4" ] && /bin/mv /etc/iptables/rules.v4{,_bk}
|
|
|
+ cat > /etc/iptables/rules.v4 << EOF
|
|
|
# Firewall configuration written by system-config-securitylevel
|
|
|
# Manual customization of this file is not recommended.
|
|
|
*filter
|
|
@@ -116,14 +117,9 @@ COMMIT
|
|
|
EOF
|
|
|
fi
|
|
|
|
|
|
- FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables.up.rules)
|
|
|
- [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables.up.rules
|
|
|
- iptables-restore < /etc/iptables.up.rules
|
|
|
- cat > /etc/network/if-pre-up.d/iptables << EOF
|
|
|
-#!/bin/bash
|
|
|
-/sbin/iptables-restore < /etc/iptables.up.rules
|
|
|
-EOF
|
|
|
- chmod +x /etc/network/if-pre-up.d/iptables
|
|
|
+ FW_PORT_FLAG=$(grep -ow "dport ${ssh_port}" /etc/iptables/rules.v4)
|
|
|
+ [ -z "${FW_PORT_FLAG}" -a "${ssh_port}" != "22" ] && sed -i "s@dport 22 -j ACCEPT@&\n-A INPUT -p tcp -m state --state NEW -m tcp --dport ${ssh_port} -j ACCEPT@" /etc/iptables/rules.v4
|
|
|
+ iptables-save < /etc/iptables/rules.v4
|
|
|
fi
|
|
|
service rsyslog restart
|
|
|
service ssh restart
|