exposing port 53 on the Internet should be a deliberate choice, see #135

config_panel.toml

@@ -4,8 +4,14 @@ version = "1.0"
 name = "AdguardHome configuration"
 services = ["__APP__"]
 
+[main.options.open_port_53]
+ask = "Open port 53 to the Internet?"
+no = "false"
+type = "boolean"
+yes = "true"
+
 [main.options.dns_over_https]
-ask = "Enable DNS-over-HTTPS/QUIC"
+ask = "Enable DNS-over-HTTPS/QUIC?"
 no = "false"
 type = "boolean"
 yes = "true"

scripts/config

@@ -15,21 +15,40 @@ ynh_abort_if_errors
 # SPECIFIC SETTERS
 #=================================================
 
+set__open_port_53() {
+
+    if [ "$open_port_53" == "true" ]; then
+        ynh_script_progression --message="Opening port 53..."
+        # if the user would expose port 53 to the Internet, open it
+        ynh_exec_warn_less yunohost firewall allow Both "$port_adguard"
+        yunohost firewall reload
+    elif [ "$open_port_53" == "false" ]; then
+        # else if false, close it
+        ynh_script_progression --message="Closing port 53..."
+        ynh_exec_warn_less yunohost firewall disallow Both "$port_adguard"
+        yunohost firewall reload
+    else
+        # else, throw error
+        ynh_print_warn --message="The variable 'open_port_53' should be 'true' or 'false' but isn't, please report this."
+    fi
+
+    # save the new setting
+    ynh_app_setting_set "$app" --key=open_port_53 --value="$open_port_53"
+}
+
 set__dns_over_https() {
 
     if [ "$dns_over_https" == "true" ]; then
         ynh_script_progression --message="Opening DoH and DoQ ports..."
         # if DNS over HTTPS/QUIC is activated, open the associated ports
-        ynh_exec_warn_less yunohost firewall allow --no-upnp TCP "$port_dns_over_http"
-        ynh_exec_warn_less yunohost firewall allow --no-upnp UDP "$port_dns_over_http"
-        ynh_exec_warn_less yunohost firewall allow --no-upnp UDP "$port_dns_over_quic"
+        ynh_exec_warn_less yunohost firewall allow Both "$port_dns_over_http"
+        ynh_exec_warn_less yunohost firewall allow UDP "$port_dns_over_quic"
         yunohost firewall reload
     elif [ "$dns_over_https" == "false" ]; then
         # else if false, close them
         ynh_script_progression --message="Closing DoH and DoQ ports..."
-        ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http"
-        ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http"
-        ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
+        ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
+        ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
         yunohost firewall reload
     else
         # else, throw error
@@ -37,6 +56,10 @@ set__dns_over_https() {
     fi
 
     # save the new setting
-    ynh_app_setting_set "$app" prices "$dns_over_https"
+    ynh_app_setting_set "$app" --key=dns_over_https --value="$dns_over_https"
 }
 
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+ynh_app_config_run $1

scripts/install

@@ -14,22 +14,34 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Storing installation settings..." --weight=2
 
-if [ "$dns_over_https" == "1" ];
-then
+if [ "$dns_over_https" == "1" ]; then
     dns_over_https="true"
     # no need to open the ports, as they were opened at the 'Provisioning ports' step
 else
     dns_over_https="false"
     # if dns_over_https is false, we need to close ports,
     # as they were opened at the 'Provisioning ports' step
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http"
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http"
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
+    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
     ynh_exec_warn_less yunohost firewall reload
 fi
 
 ynh_app_setting_set --app="$app" --key=dns_over_https --value="$dns_over_https"
 
+if [ "$open_port_53" == "1" ]; then
+    open_port_53="true"
+    # no need to open th port, as it were opened at the 'Provisioning ports' step
+else
+    open_port_53="false"
+    # if open_port_53 is false, we need to close port,
+    # as it were opened at the 'Provisioning ports' step
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
+    ynh_exec_warn_less yunohost firewall reload
+fi
+
+ynh_app_setting_set --app="$app" --key=open_port_53 --value="$open_port_53"
+
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================

scripts/restore

@@ -18,9 +18,13 @@ source /usr/share/yunohost/helpers
 if [ "$dns_over_https" == "false" ]; then
     # if dns_over_https is false, we need to close ports,
     # as they were opened at the 'Provisioning ports' step
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http"
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http"
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
+    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
+    ynh_exec_warn_less yunohost firewall reload
+fi
+
+if [ "$open_port_53" == "false" ]; then
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
     ynh_exec_warn_less yunohost firewall reload
 fi
 

scripts/upgrade

@@ -29,23 +29,33 @@ ynh_systemd_action --service_name="$app" --action="stop"
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
 
-if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ];
-then
+if [ -n "$dns_over_https" ] && [ "$dns_over_https" == "1" ]; then
 	dns_over_https="true"
 	ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https
 	# no need to open the ports, as they were opened at the 'Provisioning ports' step
-elif [ -z "$dns_over_https" ] || [ "$dns_over_https" == "0" ];
-then
+elif [ -z "$dns_over_https" ] || [ "$dns_over_https" == "0" ]; then
 	dns_over_https="false"
 	ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https
 	# if dns_over_https is false, we need to close ports,
     # as they were opened at the 'Provisioning ports' step
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp TCP "$port_dns_over_http"
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_http"
-    ynh_exec_warn_less yunohost firewall disallow --no-upnp UDP "$port_dns_over_quic"
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
+    ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic"
     ynh_exec_warn_less yunohost firewall reload
 fi
 
+if [ -n "$open_port_53" ] && [ "$open_port_53" == "1" ]; then
+    open_port_53="true"
+    # no need to open th port, as it were opened at the 'Provisioning ports' step
+elif [ -z "$open_port_53" ] || [ "$open_port_53" == "0" ]; then
+    open_port_53="false"
+    # if open_port_53 is false, we need to close port,
+    # as it were opened at the 'Provisioning ports' step
+    ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http"
+    ynh_exec_warn_less yunohost firewall reload
+fi
+
+ynh_app_setting_set --app="$app" --key=open_port_53 --value="$open_port_53"
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================