Support for set firewall rules
This commit is contained in:
parent
283d1b3c6c
commit
65d2b291cc
15
bkctl
15
bkctl
|
@ -282,7 +282,7 @@ get_port() {
|
||||||
set_port() {
|
set_port() {
|
||||||
jail=$1
|
jail=$1
|
||||||
port=$2
|
port=$2
|
||||||
if [ $port = "auto" ]; then
|
if [ "$port" = "auto" ]; then
|
||||||
port=$(grep -h Port ${JAILDIR}/*/${SSHD_CONFIG} 2>/dev/null | grep -Eo [0-9]+ | sort -n | tail -1)
|
port=$(grep -h Port ${JAILDIR}/*/${SSHD_CONFIG} 2>/dev/null | grep -Eo [0-9]+ | sort -n | tail -1)
|
||||||
port=$((port+1))
|
port=$((port+1))
|
||||||
if [ ! $port -gt 1 ]; then
|
if [ ! $port -gt 1 ]; then
|
||||||
|
@ -290,6 +290,7 @@ set_port() {
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
sed -i "s/^Port .*/Port ${port}/" ${JAILDIR}/$jail/${SSHD_CONFIG}
|
sed -i "s/^Port .*/Port ${port}/" ${JAILDIR}/$jail/${SSHD_CONFIG}
|
||||||
|
set_firewall $jail
|
||||||
}
|
}
|
||||||
|
|
||||||
get_key() {
|
get_key() {
|
||||||
|
@ -332,6 +333,18 @@ set_ip() {
|
||||||
allow="$allow root@${ip}"
|
allow="$allow root@${ip}"
|
||||||
done
|
done
|
||||||
sed -i "s~^AllowUsers .*~${allow}~" ${JAILDIR}/$jail/${SSHD_CONFIG}
|
sed -i "s~^AllowUsers .*~${allow}~" ${JAILDIR}/$jail/${SSHD_CONFIG}
|
||||||
|
set_firewall $jail
|
||||||
|
}
|
||||||
|
|
||||||
|
set_firewall() {
|
||||||
|
jail=$1
|
||||||
|
if [ -f $FIREWALL_RULES ]; then
|
||||||
|
sed -i "/#${jail}$/d" $FIREWALL_RULES
|
||||||
|
fi
|
||||||
|
port=$(get_port $jail)
|
||||||
|
for ip in $(get_ip $jail); do
|
||||||
|
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport $port -s $ip -j ACCEPT #$jail" >> $FIREWALL_RULES
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
|
|
@ -10,3 +10,4 @@ MYMAIL='jdoe@example.com'
|
||||||
SSHD_PID='/var/run/sshd.pid'
|
SSHD_PID='/var/run/sshd.pid'
|
||||||
SSHD_CONFIG='/etc/ssh/sshd_config'
|
SSHD_CONFIG='/etc/ssh/sshd_config'
|
||||||
AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
|
AUTHORIZED_KEYS='/root/.ssh/authorized_keys'
|
||||||
|
FIREWALL_RULES='/etc/firewall.rc.jails'
|
||||||
|
|
Loading…
Reference in a new issue