diff --git a/install/rhel/firewall/banlist.conf b/install/rhel/firewall/banlist.conf new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/install/rhel/firewall/banlist.conf @@ -0,0 +1 @@ + diff --git a/install/rhel/firewall/chains.conf b/install/rhel/firewall/chains.conf new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/install/rhel/firewall/chains.conf @@ -0,0 +1 @@ + diff --git a/install/rhel/firewall/ports.conf b/install/rhel/firewall/ports.conf new file mode 100644 index 000000000..8a11d622b --- /dev/null +++ b/install/rhel/firewall/ports.conf @@ -0,0 +1,13 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8083' diff --git a/install/rhel/firewall/rules.conf b/install/rhel/firewall/rules.conf new file mode 100644 index 000000000..cfa7d8680 --- /dev/null +++ b/install/rhel/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d0588687e..5e102c55d 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,5 +25,10 @@ if [ -x "/usr/local/vesta/upd/add_sudo.sh" ]; then /usr/local/vesta/upd/add_sudo.sh fi +# Run Firewall trigger +if [ -x "/usr/local/vesta/upd/add_firewall.sh" ]; then + /usr/local/vesta/upd/add_firewall.sh +fi + exit 0 diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index 37e7430d6..a90b0b5d2 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -46,6 +46,9 @@ if [ $1 -ge 2 ]; then if [ -e /usr/local/vesta/upd/add_sudo.sh ]; then /usr/local/vesta/upd/add_sudo.sh fi + if [ -e /usr/local/vesta/upd/add_firewall.sh ]; then + /usr/local/vesta/upd/add_firewall.sh + fi %files %{_vestadir} diff --git a/upd/add_firewall.sh b/upd/add_firewall.sh new file mode 100755 index 000000000..2e027c50a --- /dev/null +++ b/upd/add_firewall.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +source /etc/profile.d/vesta.sh +if [ ! -e "$VESTA/data/firewall" ]; then + mkdir -p $VESTA/data/firewall + chmod 770 $VESTA/data/firewall + + cp $VESTA/install/rhel/firewall/* \ + $VESTA/data/firewall/ + chmod 660 $VESTA/data/firewall/* + + source $VESTA/conf/vesta.conf + if [ -z "$FIREWALL_SYSTEM" ]; then + echo "FIREWALL_SYSTEM='iptables'" \ + >> $VESTA/conf/vesta.conf + fi +fi