|
|
|
@ -100,19 +100,27 @@ function disable_all_signals { |
|
|
|
function prepare_nftables() { |
|
|
|
local PREFIX="miaou:nftables" |
|
|
|
|
|
|
|
if ! diff -q "$MIAOU_BASEDIR/templates/hardened/nftables.conf" /etc/nftables.conf 2>/dev/null; then |
|
|
|
if ! [[ -f /etc/nftables.rules.d/firewall.table ]]; then |
|
|
|
echo "installing nftables ..." |
|
|
|
sudo apt install -y nftables |
|
|
|
sudo cp -f "$MIAOU_BASEDIR/templates/hardened/nftables.conf" /etc/ |
|
|
|
sudo mkdir -p /etc/nftables.rules.d |
|
|
|
sudo cp -f "$MIAOU_BASEDIR/templates/hardened/firewall.table" /etc/nftables.rules.d/ |
|
|
|
sudo systemctl restart nftables |
|
|
|
sudo systemctl enable nftables |
|
|
|
echo "OK" |
|
|
|
|
|
|
|
else |
|
|
|
echo "nftables already installed!" |
|
|
|
fi |
|
|
|
|
|
|
|
current_target="${TARGET:-not_defined_yet}" |
|
|
|
if [[ $current_target == not_defined_yet ]]; then |
|
|
|
echo -n "generating new firewall table first time... " |
|
|
|
else |
|
|
|
echo -n "generating new firewall table according to target=<${current_target}>... " |
|
|
|
fi |
|
|
|
sudo env target="$current_target" tera -e --env-only --env-key env -t "$MIAOU_BASEDIR/templates/nftables/firewall.table.j2" -o /etc/nftables.rules.d/firewall.table &>/dev/null |
|
|
|
sudo systemctl reload nftables |
|
|
|
echo "OK" |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
function miaou_init() { |
|
|
|
|
