From 27dabfb7a4970deaa34bc4699ebcb66c50107fe6 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Thu, 9 Oct 2014 16:40:23 +0300 Subject: [PATCH] firewall trigger --- install/rhel/firewall/banlist.conf | 1 + install/rhel/firewall/chains.conf | 1 + install/rhel/firewall/ports.conf | 13 +++++++++++++ install/rhel/firewall/rules.conf | 10 ++++++++++ src/deb/vesta/postinst | 5 +++++ src/rpm/specs/vesta.spec | 3 +++ upd/add_firewall.sh | 17 +++++++++++++++++ 7 files changed, 50 insertions(+) create mode 100644 install/rhel/firewall/banlist.conf create mode 100644 install/rhel/firewall/chains.conf create mode 100644 install/rhel/firewall/ports.conf create mode 100644 install/rhel/firewall/rules.conf create mode 100755 upd/add_firewall.sh diff --git a/install/rhel/firewall/banlist.conf b/install/rhel/firewall/banlist.conf new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/install/rhel/firewall/banlist.conf @@ -0,0 +1 @@ + diff --git a/install/rhel/firewall/chains.conf b/install/rhel/firewall/chains.conf new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/install/rhel/firewall/chains.conf @@ -0,0 +1 @@ + diff --git a/install/rhel/firewall/ports.conf b/install/rhel/firewall/ports.conf new file mode 100644 index 000000000..8a11d622b --- /dev/null +++ b/install/rhel/firewall/ports.conf @@ -0,0 +1,13 @@ +PROTOCOL='TCP' PORT='20' +PROTOCOL='TCP' PORT='21' +PROTOCOL='TCP' PORT='22' +PROTOCOL='TCP' PORT='25' +PROTOCOL='UDP' PORT='53' +PROTOCOL='TCP' PORT='80' +PROTOCOL='TCP' PORT='443' +PROTOCOL='TCP' PORT='110' +PROTOCOL='UDP' PORT='123' +PROTOCOL='TCP' PORT='143' +PROTOCOL='TCP' PORT='3306' +PROTOCOL='TCP' PORT='5432' +PROTOCOL='TCP' PORT='8083' diff --git a/install/rhel/firewall/rules.conf b/install/rhel/firewall/rules.conf new file mode 100644 index 000000000..cfa7d8680 --- /dev/null +++ b/install/rhel/firewall/rules.conf @@ -0,0 +1,10 @@ +RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16' +RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25' +RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24' +RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16' diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst index d0588687e..5e102c55d 100755 --- a/src/deb/vesta/postinst +++ b/src/deb/vesta/postinst @@ -25,5 +25,10 @@ if [ -x "/usr/local/vesta/upd/add_sudo.sh" ]; then /usr/local/vesta/upd/add_sudo.sh fi +# Run Firewall trigger +if [ -x "/usr/local/vesta/upd/add_firewall.sh" ]; then + /usr/local/vesta/upd/add_firewall.sh +fi + exit 0 diff --git a/src/rpm/specs/vesta.spec b/src/rpm/specs/vesta.spec index 37e7430d6..a90b0b5d2 100644 --- a/src/rpm/specs/vesta.spec +++ b/src/rpm/specs/vesta.spec @@ -46,6 +46,9 @@ if [ $1 -ge 2 ]; then if [ -e /usr/local/vesta/upd/add_sudo.sh ]; then /usr/local/vesta/upd/add_sudo.sh fi + if [ -e /usr/local/vesta/upd/add_firewall.sh ]; then + /usr/local/vesta/upd/add_firewall.sh + fi %files %{_vestadir} diff --git a/upd/add_firewall.sh b/upd/add_firewall.sh new file mode 100755 index 000000000..2e027c50a --- /dev/null +++ b/upd/add_firewall.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +source /etc/profile.d/vesta.sh +if [ ! -e "$VESTA/data/firewall" ]; then + mkdir -p $VESTA/data/firewall + chmod 770 $VESTA/data/firewall + + cp $VESTA/install/rhel/firewall/* \ + $VESTA/data/firewall/ + chmod 660 $VESTA/data/firewall/* + + source $VESTA/conf/vesta.conf + if [ -z "$FIREWALL_SYSTEM" ]; then + echo "FIREWALL_SYSTEM='iptables'" \ + >> $VESTA/conf/vesta.conf + fi +fi