Improve openFirewall()
This commit is contained in:
115
installJRMC
115
installJRMC
@@ -415,10 +415,13 @@ installPackage() {
|
||||
debug "Running: ${FUNCNAME[0]}" "$@"
|
||||
|
||||
declare -a pkg_array install_flags pkg_install_cmd
|
||||
declare input pkg skip_check_installed silent refresh allow_downgrades no_gpg_check
|
||||
declare long_opts input pkg
|
||||
declare skip_check_installed allow_downgrades silent refresh no_gpg_check
|
||||
declare -A pkg_aliases
|
||||
|
||||
if input=$(getopt -o +s -l skip-check-installed,allow-downgrades,no-gpg-check,refresh,silent -- "$@"); then
|
||||
long_opts="skip-check-installed,allow-downgrades,no-gpg-check,refresh,silent"
|
||||
|
||||
if input=$(getopt -o +s -l "$long_opts" -- "$@"); then
|
||||
eval set -- "$input"
|
||||
while true; do
|
||||
case "$1" in
|
||||
@@ -463,7 +466,9 @@ installPackage() {
|
||||
if [[ -v pkg_aliases[$pkg] ]]; then
|
||||
pkg=${pkg_aliases[$pkg]}
|
||||
fi
|
||||
if (( skip_check_installed )) || ! (hash "$pkg" &>/dev/null || pkg_query "$pkg" &>/dev/null); then
|
||||
if (( skip_check_installed )) ||
|
||||
! (hash "$pkg" &>/dev/null ||
|
||||
pkg_query "$pkg" &>/dev/null); then
|
||||
pkg_array+=("$pkg")
|
||||
else
|
||||
debug "$pkg already installed, skipping installation"
|
||||
@@ -723,7 +728,7 @@ buildRPM() {
|
||||
|
||||
Provides: mediacenter$MVERSION
|
||||
|
||||
License: Copyright 1998-2022, JRiver, Inc. All rights reserved. Protected by U.S. patents #7076468 and #7062468
|
||||
License: Copyright 1998-2023, JRiver, Inc. All rights reserved. Protected by U.S. patents #7076468 and #7062468
|
||||
URL: http://www.jriver.com/
|
||||
|
||||
%define __provides_exclude_from ^%{_libdir}/jriver/.*/.*\\.so.*$
|
||||
@@ -1005,65 +1010,45 @@ restoreLicense() {
|
||||
#######################################
|
||||
# Opens ports using the system firewall tool
|
||||
# Arguments:
|
||||
# Pre-defined service to enable
|
||||
# 1. Service name
|
||||
# 2. List of ports in firewall-cmd format
|
||||
#######################################
|
||||
openFirewall() {
|
||||
debug "Running: ${FUNCNAME[0]}" "$@"
|
||||
|
||||
# Create OS-specific port rules based on argument (service) name
|
||||
declare -a f_ports # for firewall-cmd
|
||||
declare u_ports # for ufw
|
||||
#declare -a n_ports # for nftables
|
||||
declare port
|
||||
if [[ "$1" == "jriver-mediacenter" ]]; then
|
||||
f_ports=(52100-52200/tcp 1900/udp)
|
||||
u_ports="52100:52200/tcp|1900/udp"
|
||||
#n_ports=("tcp dport 52100-52200 accept" "udp dport 1900 accept")
|
||||
elif [[ "$1" =~ ^(jriver-x11vnc|jriver-xvnc)$ ]]; then
|
||||
f_ports=("$PORT"/tcp 1900/udp)
|
||||
u_ports="$PORT/tcp|1900/udp"
|
||||
#n_ports=("tcp dport $PORT accept" "udp dport 1900 accept")
|
||||
fi
|
||||
declare service="$1"
|
||||
shift
|
||||
# for firewall-cmd
|
||||
declare -a f_ports=("$@")
|
||||
# for ufw
|
||||
declare u_ports="${*// /|}" # concatenate
|
||||
u_ports="${u_ports//-/\//}"
|
||||
|
||||
# Open the ports
|
||||
if ! case "$ID" in
|
||||
fedora|centos|suse)
|
||||
hash firewall-cmd 2>/dev/null || installPackage firewalld
|
||||
if ! sudo firewall-cmd --get-services | grep -q "$1"; then
|
||||
sudo firewall-cmd --permanent --new-service="$1" &>/dev/null
|
||||
sudo firewall-cmd --permanent --service="$1" --set-description="$1 installed by installJRMC" &>/dev/null
|
||||
sudo firewall-cmd --permanent --service="$1" --set-short="$1" &>/dev/null
|
||||
for port in "${f_ports[@]}"; do
|
||||
sudo firewall-cmd --permanent --service="$1" --add-port="$port" &>/dev/null
|
||||
done
|
||||
sudo firewall-cmd --add-service "$1" --permanent &>/dev/null
|
||||
sudo firewall-cmd --reload &>/dev/null
|
||||
fi
|
||||
;;
|
||||
debian|ubuntu)
|
||||
# Debian ufw package state is broken on fresh installations
|
||||
hash ufw 2>/dev/null || installPackage ufw
|
||||
if [[ ! -f "/etc/ufw/applications.d/$1" ]]; then
|
||||
sudo bash -c "cat <<-EOF > /etc/ufw/applications.d/$1
|
||||
[$1]
|
||||
title=$1
|
||||
description=$1 installed by installJRMC
|
||||
ports=$u_ports
|
||||
EOF"
|
||||
fi
|
||||
sudo ufw app update "$1" &>/dev/null
|
||||
sudo ufw allow "$1" &>/dev/null
|
||||
;;
|
||||
arch)
|
||||
# sysctl -w net.ipv4.ip_forward = 1
|
||||
# sudo nft create table inet "jriver"
|
||||
# sudo nft create chain inet "jriver" "$1" '{ type filter hook input priority 0; policy accept; }'
|
||||
# for port in "${n_ports[@]}"; do
|
||||
# sudo nft add rule inet jriver "$1" handle tcp dport "$port"
|
||||
# done
|
||||
;;
|
||||
esac; then
|
||||
err "Firewall ports could not be opened"
|
||||
if hash firewall-cmd 2>/dev/null; then
|
||||
if ! sudo firewall-cmd --get-services | grep -q "$service"; then
|
||||
execute "sudo firewall-cmd --permanent --new-service=$service"
|
||||
execute "sudo firewall-cmd --permanent --service=$service --set-description=$service installed by installJRMC"
|
||||
execute "sudo firewall-cmd --permanent --service=$service --set-short=$service"
|
||||
for port in "${f_ports[@]}"; do
|
||||
execute "sudo firewall-cmd --permanent --service=$service --add-port=$port"
|
||||
done
|
||||
execute "sudo firewall-cmd --add-service $service --permanent"
|
||||
execute "sudo firewall-cmd --reload"
|
||||
fi
|
||||
elif hash ufw 2>/dev/null; then
|
||||
if [[ ! -f "/etc/ufw/applications.d/$service" ]]; then
|
||||
sudo bash -c "cat <<-EOF > /etc/ufw/applications.d/$service
|
||||
[$service]
|
||||
title=$service
|
||||
description=$service installed by installJRMC
|
||||
ports=$u_ports
|
||||
EOF"
|
||||
fi
|
||||
execute "sudo ufw app update $service"
|
||||
execute "sudo ufw allow $service"
|
||||
else
|
||||
err "Please install firewall-cmd or ufw to open firewall ports"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
@@ -1085,7 +1070,7 @@ setVNCPass() {
|
||||
if [[ -f "$vncpassfile" ]]; then
|
||||
if [[ ! -v VNCPASS ]]; then
|
||||
err "Refusing to overwrite existing $vncpassfile with an empty password"
|
||||
err "Remove existing $vncpassfile or set --vncpass to use an empty password"
|
||||
err "Remove existing $vncpassfile or use --vncpass ''"
|
||||
exit 1
|
||||
else
|
||||
rm -f "$vncpassfile"
|
||||
@@ -1117,7 +1102,7 @@ setDisplay() {
|
||||
|
||||
declare -g DISPLAY DISPLAYNUM NEXT_DISPLAY NEXT_DISPLAYNUM
|
||||
|
||||
# Check USER_DISPLAY, else environment DISPLAY, else set to :0 by default
|
||||
# Check USER_DISPLAY, else environment DISPLAY, else set to :0
|
||||
DISPLAY="${USER_DISPLAY:-${DISPLAY:-0}}"
|
||||
DISPLAYNUM="${DISPLAY#*:}" # strip prefix
|
||||
DISPLAYNUM="${DISPLAYNUM%%.*}" # strip suffix
|
||||
@@ -1222,7 +1207,7 @@ service_jriver-mediacenter() {
|
||||
|
||||
systemctl_reload_cmd &&
|
||||
systemctl_enable_cmd "$SERVICE_NAME" &&
|
||||
openFirewall "jriver-mediacenter"
|
||||
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||
}
|
||||
|
||||
|
||||
@@ -1304,8 +1289,8 @@ service_jriver-xvnc() {
|
||||
return
|
||||
fi
|
||||
echo "Xvnc running on localhost:$PORT"
|
||||
openFirewall "jriver-xvnc"
|
||||
openFirewall "jriver-mediacenter"
|
||||
openFirewall "jriver-xvnc" "$PORT/tcp"
|
||||
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||
}
|
||||
|
||||
|
||||
@@ -1369,7 +1354,7 @@ service_jriver-x11vnc() {
|
||||
systemctl_reload_cmd &&
|
||||
systemctl_enable_cmd "$SERVICE_NAME" &&
|
||||
echo "x11vnc running on localhost:$PORT" &&
|
||||
openFirewall "jriver-x11vnc"
|
||||
openFirewall "jriver-x11vnc" "$PORT/tcp"
|
||||
}
|
||||
|
||||
|
||||
@@ -1686,7 +1671,7 @@ main() {
|
||||
symlinkCerts
|
||||
migrateLibrary
|
||||
restoreLicense
|
||||
openFirewall "jriver-mediacenter"
|
||||
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||
disableCoW
|
||||
else
|
||||
err "JRiver Media Center installation from repo failed"
|
||||
@@ -1713,7 +1698,7 @@ main() {
|
||||
symlinkCerts
|
||||
migrateLibrary
|
||||
restoreLicense
|
||||
openFirewall "jriver-mediacenter"
|
||||
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||
disableCoW
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user