From a4531a8816b763eba5cd55879d2ddbc101f75c0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 9 Apr 2021 15:56:10 +0200 Subject: [PATCH] Remove firewall allow for 8443 (#35) * remove firewall allow for 8443 --- scripts/install | 3 +-- scripts/remove | 5 ----- scripts/restore | 3 +-- scripts/upgrade | 8 +++++++- 4 files changed, 9 insertions(+), 10 deletions(-) diff --git a/scripts/install b/scripts/install index b191bbd..a978443 100755 --- a/scripts/install +++ b/scripts/install @@ -85,7 +85,6 @@ port=$(ynh_find_port --port=8443) turnserver_port=$(ynh_find_port --port=1194) # Open the ports -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow Both $turnserver_port # Store opened ports @@ -254,7 +253,7 @@ chmod 600 $final_path/data/ice-servers.json #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port +yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port #================================================= diff --git a/scripts/remove b/scripts/remove index 78cdef0..1035d54 100755 --- a/scripts/remove +++ b/scripts/remove @@ -87,11 +87,6 @@ ynh_remove_logrotate #================================================= ynh_script_progression --message="Closing ports..." --weight=1 -if yunohost firewall list | grep -q "\- $port$" -then - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - if yunohost firewall list | grep -q "\- $turnserver_port$" then ynh_exec_warn_less yunohost firewall disallow Both $turnserver_port diff --git a/scripts/restore b/scripts/restore index 98a4eac..8b77157 100755 --- a/scripts/restore +++ b/scripts/restore @@ -96,7 +96,7 @@ systemctl enable coturn-$app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port +yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port #================================================= @@ -127,7 +127,6 @@ fi #================================================= # Ouvre le port dans le firewall -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow Both $turnserver_port #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 287ddd2..dcf9e1d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,6 +37,12 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +# If open, close direct access to $port in firewall +if yunohost firewall list | grep -q "\- $port$" +then + ynh_exec_warn_less yunohost firewall disallow TCP $port +fi + # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/opt/yunohost/$app @@ -270,7 +276,7 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port +yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port #=================================================