From 517d1d5ef9e3f65f2414e93cbc422a151431e47a Mon Sep 17 00:00:00 2001 From: James Blair Date: Sun, 26 Jan 2020 08:33:21 +1300 Subject: [PATCH] Switched to netfilter-persistent. --- post-install.txt | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/post-install.txt b/post-install.txt index 0442450..ec18560 100755 --- a/post-install.txt +++ b/post-install.txt @@ -49,10 +49,6 @@ echo "PS1='\[\033[02;31m\]\u@\H:\[\033[01;34m\]\w\$\[\033[00m\] '" >> /rootfs/ho #================================================================ # Post install firewall configuration #================================================================ -echo "Switch to legacy iptables for k3s support" -iptables -F -update-alternatives --set iptables /usr/sbin/iptables-legacy - echo "Allowing local traffic in iptables" iptables -A INPUT -i lo -j ACCEPT @@ -63,13 +59,13 @@ echo "Drop all other traffic" iptables -A INPUT -j DROP echo "Ensure iptables-persistent is started" -systemctl start iptables-persistent +systemctl start netfilter-persistent echo "Ensure iptables-persistent is enabled" -systemctl enable iptables-persistent +systemctl enable netfilter-persistent echo "Ensure firewall rules are saved" -dpkg-reconfigure -y iptables-persistent +netfilter-persistent save #================================================================ @@ -92,15 +88,17 @@ cat << EOF > /rootfs/etc/knockd.conf stop_command = /sbin/iptables -D INPUT -s %IP% -p tcp --dport 2122 -j ACCEPT EOF -echo "Enabling port knocking..." +echo "Enabling knockd.service ..." sed -i "s/START_KNOCKD=0/START_KNOCKD=1/" /rootfs/etc/default/knockd cat << EOF >> /rootfs/lib/systemd/system/knockd.service + [Install] WantedBy=multi-user.target Alias=knockd.service EOF + systemctl enable knockd.service -echo "Restarting knock service..." -systemctl restart knockd +echo "Start knockd service..." +systemctl start knockd.service #================================================================