mirror of
https://github.com/raspiblitz/raspiblitz.git
synced 2025-09-25 11:13:12 +02:00
moved firewall at end of setup
This commit is contained in:
rootzoll
@@ -89,33 +89,6 @@ echo ""
|
|||||||
echo "*** HARDENING ***"
|
echo "*** HARDENING ***"
|
||||||
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#hardening-your-pi
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#hardening-your-pi
|
||||||
|
|
||||||
# firewall - just install (not configure)
|
|
||||||
sudo apt-get install -y ufw
|
|
||||||
echo "deny incoming connection on other ports"
|
|
||||||
sudo ufw default deny incoming
|
|
||||||
echo "allow outgoing connections"
|
|
||||||
sudo ufw default allow outgoing
|
|
||||||
echo "allow: ssh"
|
|
||||||
sudo ufw allow ssh
|
|
||||||
echo "allow: bitcoin testnet"
|
|
||||||
sudo ufw allow 18333 comment 'bitcoin testnet'
|
|
||||||
echo "allow: bitcoin mainnet"
|
|
||||||
sudo ufw allow 8333 comment 'bitcoin mainnet'
|
|
||||||
echo "allow: litecoin mainnet"
|
|
||||||
sudo ufw allow 9333 comment 'litecoin mainnet'
|
|
||||||
echo 'allow: lightning testnet'
|
|
||||||
sudo ufw allow 19735 comment 'lightning testnet'
|
|
||||||
echo "allow: lightning mainnet"
|
|
||||||
sudo ufw allow 9735 comment 'lightning mainnet'
|
|
||||||
echo "allow: lightning gRPC"
|
|
||||||
sudo ufw allow 10009 comment 'lightning gRPC'
|
|
||||||
echo "allow: trasmission"
|
|
||||||
sudo ufw allow 51413 comment 'transmission'
|
|
||||||
echo "allow: local web admin"
|
|
||||||
sudo ufw allow from 192.168.0.0/24 to any port 80 comment 'allow local LAN web'
|
|
||||||
echo "enable lazy firewall"
|
|
||||||
sudo ufw enable
|
|
||||||
|
|
||||||
# fail2ban (no config required)
|
# fail2ban (no config required)
|
||||||
sudo apt-get install -y fail2ban
|
sudo apt-get install -y fail2ban
|
||||||
|
|
||||||
|
|||||||
@@ -25,8 +25,8 @@ else
|
|||||||
echo "*** Expand RootFS ***"
|
echo "*** Expand RootFS ***"
|
||||||
sudo raspi-config --expand-rootfs
|
sudo raspi-config --expand-rootfs
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
swapExists=$(swapon -s | grep -c /mnt/hdd/swapfile)
|
swapExists=$(swapon -s | grep -c /mnt/hdd/swapfile)
|
||||||
if [ ${swapExists} -eq 1 ]; then
|
if [ ${swapExists} -eq 1 ]; then
|
||||||
echo "OK - SWAP is working"
|
echo "OK - SWAP is working"
|
||||||
@@ -38,6 +38,36 @@ else
|
|||||||
sleep 60
|
sleep 60
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# firewall - just install (not configure)
|
||||||
|
echo ""
|
||||||
|
echo "*** Setting and Activating Firewall ***"
|
||||||
|
sudo apt-get install -y ufw
|
||||||
|
echo "deny incoming connection on other ports"
|
||||||
|
sudo ufw default deny incoming
|
||||||
|
echo "allow outgoing connections"
|
||||||
|
sudo ufw default allow outgoing
|
||||||
|
echo "allow: ssh"
|
||||||
|
sudo ufw allow ssh
|
||||||
|
echo "allow: bitcoin testnet"
|
||||||
|
sudo ufw allow 18333 comment 'bitcoin testnet'
|
||||||
|
echo "allow: bitcoin mainnet"
|
||||||
|
sudo ufw allow 8333 comment 'bitcoin mainnet'
|
||||||
|
echo "allow: litecoin mainnet"
|
||||||
|
sudo ufw allow 9333 comment 'litecoin mainnet'
|
||||||
|
echo 'allow: lightning testnet'
|
||||||
|
sudo ufw allow 19735 comment 'lightning testnet'
|
||||||
|
echo "allow: lightning mainnet"
|
||||||
|
sudo ufw allow 9735 comment 'lightning mainnet'
|
||||||
|
echo "allow: lightning gRPC"
|
||||||
|
sudo ufw allow 10009 comment 'lightning gRPC'
|
||||||
|
echo "allow: trasmission"
|
||||||
|
sudo ufw allow 51413 comment 'transmission'
|
||||||
|
echo "allow: local web admin"
|
||||||
|
sudo ufw allow from 192.168.0.0/24 to any port 80 comment 'allow local LAN web'
|
||||||
|
echo "enable lazy firewall"
|
||||||
|
sudo ufw --force enable
|
||||||
|
echo ""
|
||||||
|
|
||||||
# mark setup is done
|
# mark setup is done
|
||||||
echo "90" > /home/admin/.setup
|
echo "90" > /home/admin/.setup
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user