diff --git a/conf/firewall_rules.sh b/conf/firewall_rules.sh new file mode 100644 index 0000000..580a940 --- /dev/null +++ b/conf/firewall_rules.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +iptables -t filter -A INPUT -i lxdbr0 -p udp -d 255.255.255.255 --dport 67 -j ACCEPT diff --git a/scripts/_common.sh b/scripts/_common.sh index 800dcfe..c4aad0c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -55,6 +55,19 @@ exposed_ports_if_cluster() { fi } +_ynh_firewall_add_tweak() { + mkdir -p "/etc/yunohost/hooks.d/post_iptable_rules" + + ynh_add_config --template="firewall_rules.sh" --destination="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" + yunohost firewall reload +} + +_ynh_firewall_remove_tweak() { + ynh_secure_remove --file="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" + yunohost firewall git remote add origin git@github.com:user/repository.git + +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 1b0da06..d6f293b 100644 --- a/scripts/backup +++ b/scripts/backup @@ -35,6 +35,8 @@ ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/cron.d/$app" +ynh_backup --src_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index b48d902..1be62fd 100644 --- a/scripts/install +++ b/scripts/install @@ -87,6 +87,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed ynh_add_config --template="cron" --destination="/etc/cron.d/$app" +_ynh_firewall_add_tweak + #================================================= # START SYSTEMD SERVICE #================================================= diff --git a/scripts/remove b/scripts/remove index 47a0324..5aee90f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -23,6 +23,8 @@ ynh_remove_systemd_config # Remove the dedicated NGINX config ynh_remove_nginx_config +_ynh_firewall_remove_tweak + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 367e747..1f59eb3 100644 --- a/scripts/restore +++ b/scripts/restore @@ -59,6 +59,9 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed ynh_restore_file --origin_path="/etc/cron.d/$app" +ynh_restore_file --origin_path="/etc/yunohost/hooks.d/post_iptable_rules/50-${app}" +yunohost firewall reload + #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 35ef145..fd5fd62 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -141,6 +141,8 @@ yunohost service add "$app" --description="$app daemon for YunoRunner" $(exposed ynh_add_config --template="cron" --destination="/etc/cron.d/$app" +_ynh_firewall_add_tweak + #================================================= # START SYSTEMD SERVICE #=================================================