пре 11 година · 27dabfb7a4
--- a/install/rhel/firewall/banlist.conf
+++ b/install/rhel/firewall/banlist.conf
@@ -0,0 +1 @@
 
				+
			
--- a/install/rhel/firewall/chains.conf
+++ b/install/rhel/firewall/chains.conf
@@ -0,0 +1 @@
 
				+
			
--- a/install/rhel/firewall/ports.conf
+++ b/install/rhel/firewall/ports.conf
@@ -0,0 +1,13 @@
 
				+PROTOCOL='TCP' PORT='20'
			
 
				+PROTOCOL='TCP' PORT='21'
			
 
				+PROTOCOL='TCP' PORT='22'
			
 
				+PROTOCOL='TCP' PORT='25'
			
 
				+PROTOCOL='UDP' PORT='53'
			
 
				+PROTOCOL='TCP' PORT='80'
			
 
				+PROTOCOL='TCP' PORT='443'
			
 
				+PROTOCOL='TCP' PORT='110'
			
 
				+PROTOCOL='UDP' PORT='123'
			
 
				+PROTOCOL='TCP' PORT='143'
			
 
				+PROTOCOL='TCP' PORT='3306'
			
 
				+PROTOCOL='TCP' PORT='5432'
			
 
				+PROTOCOL='TCP' PORT='8083'
			
--- a/install/rhel/firewall/rules.conf
+++ b/install/rhel/firewall/rules.conf
@@ -0,0 +1,10 @@
 
				+RULE='1' ACTION='ACCEPT' PROTOCOL='ICMP' PORT='0' IP='0.0.0.0/0' COMMENT='PING' SUSPENDED='no' TIME='17:13:48' DATE='2014-09-16'
			
 
				+RULE='2' ACTION='ACCEPT' PROTOCOL='TCP' PORT='8083' IP='0.0.0.0/0' COMMENT='VESTA' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='3' ACTION='ACCEPT' PROTOCOL='TCP' PORT='3306,5432' IP='0.0.0.0/0' COMMENT='DB' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='4' ACTION='ACCEPT' PROTOCOL='TCP' PORT='143,993' IP='0.0.0.0/0' COMMENT='IMAP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='5' ACTION='ACCEPT' PROTOCOL='TCP' PORT='110,995' IP='0.0.0.0/0' COMMENT='POP3' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='6' ACTION='ACCEPT' PROTOCOL='TCP' PORT='25,465,587,2525' IP='0.0.0.0/0' COMMENT='SMTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='7' ACTION='ACCEPT' PROTOCOL='UDP' PORT='53' IP='0.0.0.0/0' COMMENT='DNS' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='8' ACTION='ACCEPT' PROTOCOL='TCP' PORT='21' IP='0.0.0.0/0' COMMENT='FTP' SUSPENDED='no' TIME='07:40:16' DATE='2014-05-25'
			
 
				+RULE='9' ACTION='ACCEPT' PROTOCOL='TCP' PORT='80,443' IP='0.0.0.0/0' COMMENT='WEB' SUSPENDED='no' TIME='17:04:27' DATE='2014-09-24'
			
 
				+RULE='10' ACTION='ACCEPT' PROTOCOL='TCP' PORT='22' IP='0.0.0.0/0' COMMENT='SSH' SUSPENDED='no' TIME='17:14:41' DATE='2014-09-16'
			
--- a/src/deb/vesta/postinst
+++ b/src/deb/vesta/postinst
@@ -25,5 +25,10 @@ if [ -x "/usr/local/vesta/upd/add_sudo.sh" ]; then
 
				     /usr/local/vesta/upd/add_sudo.sh
			
 
				 fi
			
 
				 
			
 
				+# Run Firewall trigger
			
 
				+if [ -x "/usr/local/vesta/upd/add_firewall.sh" ]; then
			
 
				+    /usr/local/vesta/upd/add_firewall.sh
			
 
				+fi
			
 
				+
			
 
				 
			
 
				 exit 0
			
--- a/src/rpm/specs/vesta.spec
+++ b/src/rpm/specs/vesta.spec
@@ -46,6 +46,9 @@ if [ $1 -ge 2 ]; then
 
				     if [ -e /usr/local/vesta/upd/add_sudo.sh ]; then
			
 
				         /usr/local/vesta/upd/add_sudo.sh
			
 
				     fi
			
 
				+    if [ -e /usr/local/vesta/upd/add_firewall.sh ]; then
			
 
				+        /usr/local/vesta/upd/add_firewall.sh
			
 
				+    fi
			
 
				 
			
 
				 %files
			
 
				 %{_vestadir}
			
--- a/upd/add_firewall.sh
+++ b/upd/add_firewall.sh
@@ -0,0 +1,17 @@
 
				+#!/bin/bash
			
 
				+
			
 
				+source /etc/profile.d/vesta.sh
			
 
				+if [ ! -e "$VESTA/data/firewall" ]; then
			
 
				+    mkdir -p $VESTA/data/firewall
			
 
				+    chmod 770 $VESTA/data/firewall
			
 
				+
			
 
				+    cp $VESTA/install/rhel/firewall/* \
			
 
				+        $VESTA/data/firewall/
			
 
				+    chmod 660 $VESTA/data/firewall/*
			
 
				+
			
 
				+    source $VESTA/conf/vesta.conf
			
 
				+    if [ -z "$FIREWALL_SYSTEM" ]; then
			
 
				+        echo "FIREWALL_SYSTEM='iptables'" \
			
 
				+            >> $VESTA/conf/vesta.conf
			
 
				+    fi
			
 
				+fi