From 589f730a32f33fd9244bb32804dba7651b03abe4 Mon Sep 17 00:00:00 2001
From: anmol <github@datamol.org>
Date: Fri, 23 Nov 2018 15:00:49 +0530
Subject: [PATCH] SECURITY:Close port

---
 scripts/install |  1 -
 scripts/restore | 10 ----------
 scripts/upgrade | 10 ++++++++++
 3 files changed, 10 insertions(+), 11 deletions(-)

diff --git a/scripts/install b/scripts/install
index 5e70228..82ad41b 100644
--- a/scripts/install
+++ b/scripts/install
@@ -70,7 +70,6 @@ ynh_app_setting_set $app admin $admin
 # Find a free port
 port=$(ynh_find_port 10000)
 # Open this port
-yunohost firewall allow --no-upnp TCP $port 2>&1
 ynh_app_setting_set $app port $port
 
 
diff --git a/scripts/restore b/scripts/restore
index 68fce10..9063938 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -46,16 +46,6 @@ ynh_webpath_available $domain $path_url \
 
 ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 
-# FIND AND OPEN A PORT
-#=================================================
-
-### Use these lines if you have to open a port for the application
-### `ynh_find_port` will find the first available port starting from the given port.
-### If you're not using these lines:
-###		- Remove the section "CLOSE A PORT" in the remove script
-
-yunohost firewall allow --no-upnp TCP $port 2>&1
-
 #=================================================
 # SPECIFIC RESTORATION
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index e668050..f21a16f 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -70,6 +70,16 @@ ynh_backup_if_checksum_is_different "/etc/webmin/miniserv.conf"
 # Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum "/etc/webmin/miniserv.conf"
 
+#=================================================
+# CLOSE A PORT
+#=================================================
+
+if yunohost firewall list | grep -q "\- $port$"
+then
+	echo "Close port $port" >&2
+	yunohost firewall disallow TCP $port 2>&1
+fi
+
 #=================================================
 # SETUP SSOWAT
 #=================================================