From 1a98d6d2bd91441ff9d478218ce915aa19c81c8a Mon Sep 17 00:00:00 2001 From: Johannes Zellner Date: Fri, 12 Feb 2021 15:56:19 +0100 Subject: [PATCH] iptables --dports only supports up to 15 ports apparently --- setup/start/cloudron-firewall.sh | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/setup/start/cloudron-firewall.sh b/setup/start/cloudron-firewall.sh index 336d4e4e9..77b470648 100755 --- a/setup/start/cloudron-firewall.sh +++ b/setup/start/cloudron-firewall.sh @@ -23,11 +23,19 @@ iptables -t filter -A CLOUDRON -p tcp -m tcp -m multiport --dports 22,25,80,202, # whitelist any user ports ports_json="/home/yellowtent/boxdata/firewall/ports.json" if allowed_tcp_ports=$(node -e "console.log(JSON.parse(fs.readFileSync('${ports_json}', 'utf8')).allowed_tcp_ports.join(','))" 2>/dev/null); then - [[ -n "${allowed_tcp_ports}" ]] && iptables -A CLOUDRON -p tcp -m tcp -m multiport --dports "${allowed_tcp_ports}" -j ACCEPT + IFS=',' arr=(${allowed_tcp_ports}); + for p in "${arr[@]}" + do + iptables -A CLOUDRON -p tcp -m tcp --dport "${p}" -j ACCEPT + done fi if allowed_udp_ports=$(node -e "console.log(JSON.parse(fs.readFileSync('${ports_json}', 'utf8')).allowed_udp_ports.join(','))" 2>/dev/null); then - [[ -n "${allowed_tcp_ports}" ]] && iptables -A CLOUDRON -p udp -m udp -m multiport --dports "${allowed_tcp_ports}" -j ACCEPT + IFS=',' arr=(${allowed_udp_ports}); + for p in "${arr[@]}" + do + iptables -A CLOUDRON -p udp -m udp --dport "${p}" -j ACCEPT + done fi # turn and stun service @@ -92,3 +100,5 @@ fi # Workaround issue where Docker insists on adding itself first in FORWARD table iptables -D FORWARD -j CLOUDRON_RATELIMIT || true iptables -I FORWARD 1 -j CLOUDRON_RATELIMIT + +echo "==> Setting up firewall done"