Merge pull request #559 from sillyfrog/master
Option to disable iptable REJECT target
This commit is contained in:
@@ -8,6 +8,7 @@
|
||||
#ENABLE_UFW=false
|
||||
#UFW_ALLOW_GW_NET=false
|
||||
#UFW_EXTRA_PORTS=
|
||||
#UFW_DISABLE_IPTABLES_REJECT=false
|
||||
#GLOBAL_APPLY_PERMISSIONS=true
|
||||
#TRANSMISSION_ALT_SPEED_DOWN=50
|
||||
#TRANSMISSION_ALT_SPEED_ENABLED=false
|
||||
|
@@ -118,6 +118,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
ENABLE_UFW=false \
|
||||
UFW_ALLOW_GW_NET=false \
|
||||
UFW_EXTRA_PORTS= \
|
||||
UFW_DISABLE_IPTABLES_REJECT=false \
|
||||
TRANSMISSION_WEB_UI= \
|
||||
PUID= \
|
||||
PGID= \
|
||||
|
@@ -108,6 +108,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
ENABLE_UFW=false \
|
||||
UFW_ALLOW_GW_NET=false \
|
||||
UFW_EXTRA_PORTS= \
|
||||
UFW_DISABLE_IPTABLES_REJECT=false \
|
||||
TRANSMISSION_WEB_UI= \
|
||||
PUID= \
|
||||
PGID= \
|
||||
|
@@ -111,6 +111,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
ENABLE_UFW=false \
|
||||
UFW_ALLOW_GW_NET=false \
|
||||
UFW_EXTRA_PORTS= \
|
||||
UFW_DISABLE_IPTABLES_REJECT=false \
|
||||
TRANSMISSION_WEB_UI=\
|
||||
PUID=\
|
||||
PGID=\
|
||||
|
@@ -152,6 +152,7 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t
|
||||
|`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`|
|
||||
|`UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true`|
|
||||
|`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`|
|
||||
|`UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true`|
|
||||
|
||||
### Permission configuration options
|
||||
By default the startup script applies a default set of permissions and ownership on the transmission download, watch and incomplete directories. The GLOBAL_APPLY_PERMISSIONS directive can be used to disable this functionality.
|
||||
|
@@ -101,9 +101,18 @@ function ufwAllowPortLong {
|
||||
}
|
||||
|
||||
if [[ "${ENABLE_UFW,,}" == "true" ]]; then
|
||||
if [[ "${UFW_DISABLE_IPTABLES_REJECT,,}" == "true" ]]; then
|
||||
# A horrible hack to ufw to prevent it detecting the ability to limit and REJECT traffic
|
||||
sed -i 's/return caps/return []/g' /usr/lib/python3/dist-packages/ufw/util.py
|
||||
# force a rewrite on the enable below
|
||||
echo "Disable and blank firewall"
|
||||
ufw disable
|
||||
echo "" > /etc/ufw/user.rules
|
||||
fi
|
||||
# Enable firewall
|
||||
echo "enabling firewall"
|
||||
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
|
||||
sed -i -e s/MANAGE_BUILTINS=no/MANAGE_BUILTINS=yes/ /etc/default/ufw
|
||||
ufw enable
|
||||
|
||||
if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then
|
||||
|
Reference in New Issue
Block a user