Merge pull request #559 from sillyfrog/master
Option to disable iptable REJECT target
This commit is contained in:
		| @@ -8,6 +8,7 @@ | ||||
| #ENABLE_UFW=false | ||||
| #UFW_ALLOW_GW_NET=false | ||||
| #UFW_EXTRA_PORTS= | ||||
| #UFW_DISABLE_IPTABLES_REJECT=false | ||||
| #GLOBAL_APPLY_PERMISSIONS=true | ||||
| #TRANSMISSION_ALT_SPEED_DOWN=50 | ||||
| #TRANSMISSION_ALT_SPEED_ENABLED=false | ||||
|   | ||||
| @@ -118,6 +118,7 @@ ENV OPENVPN_USERNAME=**None** \ | ||||
|     ENABLE_UFW=false \ | ||||
|     UFW_ALLOW_GW_NET=false \ | ||||
|     UFW_EXTRA_PORTS= \ | ||||
|     UFW_DISABLE_IPTABLES_REJECT=false \ | ||||
|     TRANSMISSION_WEB_UI= \ | ||||
|     PUID= \ | ||||
|     PGID= \ | ||||
|   | ||||
| @@ -108,6 +108,7 @@ ENV OPENVPN_USERNAME=**None** \ | ||||
|     ENABLE_UFW=false \ | ||||
|     UFW_ALLOW_GW_NET=false \ | ||||
|     UFW_EXTRA_PORTS= \ | ||||
|     UFW_DISABLE_IPTABLES_REJECT=false \ | ||||
|     TRANSMISSION_WEB_UI= \ | ||||
|     PUID= \ | ||||
|     PGID= \ | ||||
|   | ||||
| @@ -111,6 +111,7 @@ ENV OPENVPN_USERNAME=**None** \ | ||||
|     ENABLE_UFW=false \ | ||||
|     UFW_ALLOW_GW_NET=false \ | ||||
|     UFW_EXTRA_PORTS= \ | ||||
|     UFW_DISABLE_IPTABLES_REJECT=false \ | ||||
|     TRANSMISSION_WEB_UI=\ | ||||
|     PUID=\ | ||||
|     PGID=\ | ||||
|   | ||||
| @@ -152,6 +152,7 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t | ||||
| |`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`| | ||||
| |`UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true`| | ||||
| |`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`| | ||||
| |`UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true`| | ||||
|  | ||||
| ### Permission configuration options | ||||
| By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality. | ||||
|   | ||||
| @@ -101,9 +101,18 @@ function ufwAllowPortLong { | ||||
| } | ||||
|  | ||||
| if [[ "${ENABLE_UFW,,}" == "true" ]]; then | ||||
|   if [[ "${UFW_DISABLE_IPTABLES_REJECT,,}" == "true" ]]; then | ||||
|     # A horrible hack to ufw to prevent it detecting the ability to limit and REJECT traffic | ||||
|     sed -i 's/return caps/return []/g' /usr/lib/python3/dist-packages/ufw/util.py | ||||
|     # force a rewrite on the enable below | ||||
|     echo "Disable and blank firewall" | ||||
|     ufw disable | ||||
|     echo "" > /etc/ufw/user.rules | ||||
|   fi | ||||
|   # Enable firewall | ||||
|   echo "enabling firewall" | ||||
|   sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw | ||||
|   sed -i -e s/MANAGE_BUILTINS=no/MANAGE_BUILTINS=yes/ /etc/default/ufw | ||||
|   ufw enable | ||||
|  | ||||
|   if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then | ||||
|   | ||||
		Reference in New Issue
	
	Block a user