diff options
author | ramon <ramongomez@us.es> | 2016-04-18 12:48:14 +0000 |
---|---|---|
committer | ramon <ramongomez@us.es> | 2016-04-18 12:48:14 +0000 |
commit | 9ddd0ff641447ecd2341e94ddd6b9525dc00bc2a (patch) | |
tree | c599d1451fec39100201d8d2aba37ab73ffe5ce7 /server/lib | |
parent | a5e518ba9a9edb163136a733a76aa4b1eb63e01b (diff) |
#736: Añadir confitguración del cortafuegos "ufw" usado en Ubuntu.
git-svn-id: https://opengnsys.es/svn/branches/version1.1@4885 a21b9725-9963-47de-94b9-378ad31fedc9
Diffstat (limited to 'server/lib')
-rw-r--r-- | server/lib/security-config | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/server/lib/security-config b/server/lib/security-config index 0551f867..e3087d5a 100644 --- a/server/lib/security-config +++ b/server/lib/security-config @@ -2,9 +2,9 @@ #/** #@file security-config #@brief OpenGnsys Server security configuration. -#@version 1.1 - Initial version. -#@author Ramón J. Gómez, ETSII Univ. Sevilla -#@date 2016-03-01 +#@version 1.1.0 - Initial version. +#@author Ramón M. Gómez, ETSII Univ. Sevilla +#@date 2016-04-18 #*/ ## @@ -17,8 +17,23 @@ if [ "$USER" != "root" ]; then exit 1 fi +# UFW configuration. +if which ufw 2>/dev/null; then + # Adding active services. + ufw allow "Apache Secure" + ufw allow OpenSSH + ufw allow Samba + ufw allow mysql + ufw allow rsync + ufw allow tftp + ufw allow 67,68/udp # DHCP + ufw allow 2002,2008/tcp # OpenGnsys services + ufw allow 9000:9051/udp # Multicast + ufw allow 6881:6999/udp # BitTorrent + # Applying configuration. + ufw enable # FirewallD configuration. -if which firewall-cmd 2>/dev/null; then +elif which firewall-cmd 2>/dev/null; then # Defining OpenGnsys services. python -c " import firewall.core.io.service as ios @@ -45,12 +60,12 @@ ios.service_writer(s, '/etc/firewalld/services') firewall-cmd --permanent --add-service=tftp # Adding Multicast ports. firewall-cmd --permanent --add-port=9000-9051/udp - # Adding Torent ports? - #firewall-cmd --permanent --add-port=6881-6999/udp + # Adding BitTorent ports. + firewall-cmd --permanent --add-port=6881-6999/udp # Applying configuration. firewall-cmd --reload else - echo "$PROG: Warning: FirewallD won't be configured (firewalld is not installed)." + echo "$PROG: Warning: Firewall won't be configured (neither ufw or firewalld are installed)." fi # SELinux configuration. |