Improve openFirewall()
This commit is contained in:
103
installJRMC
103
installJRMC
@@ -415,10 +415,13 @@ installPackage() {
|
|||||||
debug "Running: ${FUNCNAME[0]}" "$@"
|
debug "Running: ${FUNCNAME[0]}" "$@"
|
||||||
|
|
||||||
declare -a pkg_array install_flags pkg_install_cmd
|
declare -a pkg_array install_flags pkg_install_cmd
|
||||||
declare input pkg skip_check_installed silent refresh allow_downgrades no_gpg_check
|
declare long_opts input pkg
|
||||||
|
declare skip_check_installed allow_downgrades silent refresh no_gpg_check
|
||||||
declare -A pkg_aliases
|
declare -A pkg_aliases
|
||||||
|
|
||||||
if input=$(getopt -o +s -l skip-check-installed,allow-downgrades,no-gpg-check,refresh,silent -- "$@"); then
|
long_opts="skip-check-installed,allow-downgrades,no-gpg-check,refresh,silent"
|
||||||
|
|
||||||
|
if input=$(getopt -o +s -l "$long_opts" -- "$@"); then
|
||||||
eval set -- "$input"
|
eval set -- "$input"
|
||||||
while true; do
|
while true; do
|
||||||
case "$1" in
|
case "$1" in
|
||||||
@@ -463,7 +466,9 @@ installPackage() {
|
|||||||
if [[ -v pkg_aliases[$pkg] ]]; then
|
if [[ -v pkg_aliases[$pkg] ]]; then
|
||||||
pkg=${pkg_aliases[$pkg]}
|
pkg=${pkg_aliases[$pkg]}
|
||||||
fi
|
fi
|
||||||
if (( skip_check_installed )) || ! (hash "$pkg" &>/dev/null || pkg_query "$pkg" &>/dev/null); then
|
if (( skip_check_installed )) ||
|
||||||
|
! (hash "$pkg" &>/dev/null ||
|
||||||
|
pkg_query "$pkg" &>/dev/null); then
|
||||||
pkg_array+=("$pkg")
|
pkg_array+=("$pkg")
|
||||||
else
|
else
|
||||||
debug "$pkg already installed, skipping installation"
|
debug "$pkg already installed, skipping installation"
|
||||||
@@ -723,7 +728,7 @@ buildRPM() {
|
|||||||
|
|
||||||
Provides: mediacenter$MVERSION
|
Provides: mediacenter$MVERSION
|
||||||
|
|
||||||
License: Copyright 1998-2022, JRiver, Inc. All rights reserved. Protected by U.S. patents #7076468 and #7062468
|
License: Copyright 1998-2023, JRiver, Inc. All rights reserved. Protected by U.S. patents #7076468 and #7062468
|
||||||
URL: http://www.jriver.com/
|
URL: http://www.jriver.com/
|
||||||
|
|
||||||
%define __provides_exclude_from ^%{_libdir}/jriver/.*/.*\\.so.*$
|
%define __provides_exclude_from ^%{_libdir}/jriver/.*/.*\\.so.*$
|
||||||
@@ -1005,65 +1010,45 @@ restoreLicense() {
|
|||||||
#######################################
|
#######################################
|
||||||
# Opens ports using the system firewall tool
|
# Opens ports using the system firewall tool
|
||||||
# Arguments:
|
# Arguments:
|
||||||
# Pre-defined service to enable
|
# 1. Service name
|
||||||
|
# 2. List of ports in firewall-cmd format
|
||||||
#######################################
|
#######################################
|
||||||
openFirewall() {
|
openFirewall() {
|
||||||
debug "Running: ${FUNCNAME[0]}" "$@"
|
debug "Running: ${FUNCNAME[0]}" "$@"
|
||||||
|
|
||||||
# Create OS-specific port rules based on argument (service) name
|
|
||||||
declare -a f_ports # for firewall-cmd
|
|
||||||
declare u_ports # for ufw
|
|
||||||
#declare -a n_ports # for nftables
|
|
||||||
declare port
|
declare port
|
||||||
if [[ "$1" == "jriver-mediacenter" ]]; then
|
declare service="$1"
|
||||||
f_ports=(52100-52200/tcp 1900/udp)
|
shift
|
||||||
u_ports="52100:52200/tcp|1900/udp"
|
# for firewall-cmd
|
||||||
#n_ports=("tcp dport 52100-52200 accept" "udp dport 1900 accept")
|
declare -a f_ports=("$@")
|
||||||
elif [[ "$1" =~ ^(jriver-x11vnc|jriver-xvnc)$ ]]; then
|
# for ufw
|
||||||
f_ports=("$PORT"/tcp 1900/udp)
|
declare u_ports="${*// /|}" # concatenate
|
||||||
u_ports="$PORT/tcp|1900/udp"
|
u_ports="${u_ports//-/\//}"
|
||||||
#n_ports=("tcp dport $PORT accept" "udp dport 1900 accept")
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Open the ports
|
if hash firewall-cmd 2>/dev/null; then
|
||||||
if ! case "$ID" in
|
if ! sudo firewall-cmd --get-services | grep -q "$service"; then
|
||||||
fedora|centos|suse)
|
execute "sudo firewall-cmd --permanent --new-service=$service"
|
||||||
hash firewall-cmd 2>/dev/null || installPackage firewalld
|
execute "sudo firewall-cmd --permanent --service=$service --set-description=$service installed by installJRMC"
|
||||||
if ! sudo firewall-cmd --get-services | grep -q "$1"; then
|
execute "sudo firewall-cmd --permanent --service=$service --set-short=$service"
|
||||||
sudo firewall-cmd --permanent --new-service="$1" &>/dev/null
|
|
||||||
sudo firewall-cmd --permanent --service="$1" --set-description="$1 installed by installJRMC" &>/dev/null
|
|
||||||
sudo firewall-cmd --permanent --service="$1" --set-short="$1" &>/dev/null
|
|
||||||
for port in "${f_ports[@]}"; do
|
for port in "${f_ports[@]}"; do
|
||||||
sudo firewall-cmd --permanent --service="$1" --add-port="$port" &>/dev/null
|
execute "sudo firewall-cmd --permanent --service=$service --add-port=$port"
|
||||||
done
|
done
|
||||||
sudo firewall-cmd --add-service "$1" --permanent &>/dev/null
|
execute "sudo firewall-cmd --add-service $service --permanent"
|
||||||
sudo firewall-cmd --reload &>/dev/null
|
execute "sudo firewall-cmd --reload"
|
||||||
fi
|
fi
|
||||||
;;
|
elif hash ufw 2>/dev/null; then
|
||||||
debian|ubuntu)
|
if [[ ! -f "/etc/ufw/applications.d/$service" ]]; then
|
||||||
# Debian ufw package state is broken on fresh installations
|
sudo bash -c "cat <<-EOF > /etc/ufw/applications.d/$service
|
||||||
hash ufw 2>/dev/null || installPackage ufw
|
[$service]
|
||||||
if [[ ! -f "/etc/ufw/applications.d/$1" ]]; then
|
title=$service
|
||||||
sudo bash -c "cat <<-EOF > /etc/ufw/applications.d/$1
|
description=$service installed by installJRMC
|
||||||
[$1]
|
|
||||||
title=$1
|
|
||||||
description=$1 installed by installJRMC
|
|
||||||
ports=$u_ports
|
ports=$u_ports
|
||||||
EOF"
|
EOF"
|
||||||
fi
|
fi
|
||||||
sudo ufw app update "$1" &>/dev/null
|
execute "sudo ufw app update $service"
|
||||||
sudo ufw allow "$1" &>/dev/null
|
execute "sudo ufw allow $service"
|
||||||
;;
|
else
|
||||||
arch)
|
err "Please install firewall-cmd or ufw to open firewall ports"
|
||||||
# sysctl -w net.ipv4.ip_forward = 1
|
|
||||||
# sudo nft create table inet "jriver"
|
|
||||||
# sudo nft create chain inet "jriver" "$1" '{ type filter hook input priority 0; policy accept; }'
|
|
||||||
# for port in "${n_ports[@]}"; do
|
|
||||||
# sudo nft add rule inet jriver "$1" handle tcp dport "$port"
|
|
||||||
# done
|
|
||||||
;;
|
|
||||||
esac; then
|
|
||||||
err "Firewall ports could not be opened"
|
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@@ -1085,7 +1070,7 @@ setVNCPass() {
|
|||||||
if [[ -f "$vncpassfile" ]]; then
|
if [[ -f "$vncpassfile" ]]; then
|
||||||
if [[ ! -v VNCPASS ]]; then
|
if [[ ! -v VNCPASS ]]; then
|
||||||
err "Refusing to overwrite existing $vncpassfile with an empty password"
|
err "Refusing to overwrite existing $vncpassfile with an empty password"
|
||||||
err "Remove existing $vncpassfile or set --vncpass to use an empty password"
|
err "Remove existing $vncpassfile or use --vncpass ''"
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
rm -f "$vncpassfile"
|
rm -f "$vncpassfile"
|
||||||
@@ -1117,7 +1102,7 @@ setDisplay() {
|
|||||||
|
|
||||||
declare -g DISPLAY DISPLAYNUM NEXT_DISPLAY NEXT_DISPLAYNUM
|
declare -g DISPLAY DISPLAYNUM NEXT_DISPLAY NEXT_DISPLAYNUM
|
||||||
|
|
||||||
# Check USER_DISPLAY, else environment DISPLAY, else set to :0 by default
|
# Check USER_DISPLAY, else environment DISPLAY, else set to :0
|
||||||
DISPLAY="${USER_DISPLAY:-${DISPLAY:-0}}"
|
DISPLAY="${USER_DISPLAY:-${DISPLAY:-0}}"
|
||||||
DISPLAYNUM="${DISPLAY#*:}" # strip prefix
|
DISPLAYNUM="${DISPLAY#*:}" # strip prefix
|
||||||
DISPLAYNUM="${DISPLAYNUM%%.*}" # strip suffix
|
DISPLAYNUM="${DISPLAYNUM%%.*}" # strip suffix
|
||||||
@@ -1222,7 +1207,7 @@ service_jriver-mediacenter() {
|
|||||||
|
|
||||||
systemctl_reload_cmd &&
|
systemctl_reload_cmd &&
|
||||||
systemctl_enable_cmd "$SERVICE_NAME" &&
|
systemctl_enable_cmd "$SERVICE_NAME" &&
|
||||||
openFirewall "jriver-mediacenter"
|
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1304,8 +1289,8 @@ service_jriver-xvnc() {
|
|||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
echo "Xvnc running on localhost:$PORT"
|
echo "Xvnc running on localhost:$PORT"
|
||||||
openFirewall "jriver-xvnc"
|
openFirewall "jriver-xvnc" "$PORT/tcp"
|
||||||
openFirewall "jriver-mediacenter"
|
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1369,7 +1354,7 @@ service_jriver-x11vnc() {
|
|||||||
systemctl_reload_cmd &&
|
systemctl_reload_cmd &&
|
||||||
systemctl_enable_cmd "$SERVICE_NAME" &&
|
systemctl_enable_cmd "$SERVICE_NAME" &&
|
||||||
echo "x11vnc running on localhost:$PORT" &&
|
echo "x11vnc running on localhost:$PORT" &&
|
||||||
openFirewall "jriver-x11vnc"
|
openFirewall "jriver-x11vnc" "$PORT/tcp"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1686,7 +1671,7 @@ main() {
|
|||||||
symlinkCerts
|
symlinkCerts
|
||||||
migrateLibrary
|
migrateLibrary
|
||||||
restoreLicense
|
restoreLicense
|
||||||
openFirewall "jriver-mediacenter"
|
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||||
disableCoW
|
disableCoW
|
||||||
else
|
else
|
||||||
err "JRiver Media Center installation from repo failed"
|
err "JRiver Media Center installation from repo failed"
|
||||||
@@ -1713,7 +1698,7 @@ main() {
|
|||||||
symlinkCerts
|
symlinkCerts
|
||||||
migrateLibrary
|
migrateLibrary
|
||||||
restoreLicense
|
restoreLicense
|
||||||
openFirewall "jriver-mediacenter"
|
openFirewall "jriver-mediacenter" "52100-52200/tcp" "1900/udp"
|
||||||
disableCoW
|
disableCoW
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user