Option to disable iptable REJECT target
New UFW_DISABLE_IPTABLES_REJECT option that hacks ufw to allow the prevention of the use of the REJECT iptables target, as this is not available on some NAS platforms (such as the Synology).
This commit is contained in:
@@ -8,6 +8,7 @@
|
||||
#ENABLE_UFW=false
|
||||
#UFW_ALLOW_GW_NET=false
|
||||
#UFW_EXTRA_PORTS=
|
||||
#UFW_DISABLE_IPTABLES_REJECT=false
|
||||
#TRANSMISSION_ALT_SPEED_DOWN=50
|
||||
#TRANSMISSION_ALT_SPEED_ENABLED=false
|
||||
#TRANSMISSION_ALT_SPEED_TIME_BEGIN=540
|
||||
|
@@ -116,6 +116,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
ENABLE_UFW=false \
|
||||
UFW_ALLOW_GW_NET=false \
|
||||
UFW_EXTRA_PORTS= \
|
||||
UFW_DISABLE_IPTABLES_REJECT=false \
|
||||
TRANSMISSION_WEB_UI= \
|
||||
PUID= \
|
||||
PGID= \
|
||||
|
@@ -106,6 +106,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
ENABLE_UFW=false \
|
||||
UFW_ALLOW_GW_NET=false \
|
||||
UFW_EXTRA_PORTS= \
|
||||
UFW_DISABLE_IPTABLES_REJECT=false \
|
||||
TRANSMISSION_WEB_UI= \
|
||||
PUID= \
|
||||
PGID= \
|
||||
|
@@ -109,6 +109,7 @@ ENV OPENVPN_USERNAME=**None** \
|
||||
ENABLE_UFW=false \
|
||||
UFW_ALLOW_GW_NET=false \
|
||||
UFW_EXTRA_PORTS= \
|
||||
UFW_DISABLE_IPTABLES_REJECT=false \
|
||||
TRANSMISSION_WEB_UI=\
|
||||
PUID=\
|
||||
PGID=\
|
||||
|
@@ -150,6 +150,7 @@ If TRANSMISSION_PEER_PORT_RANDOM_ON_START is enabled then it allows traffic to t
|
||||
|`ENABLE_UFW` | Enables the firewall | `ENABLE_UFW=true`|
|
||||
|`UFW_ALLOW_GW_NET` | Allows the gateway network through the firewall. Off defaults to only allowing the gateway. | `UFW_ALLOW_GW_NET=true`|
|
||||
|`UFW_EXTRA_PORTS` | Allows the comma separated list of ports through the firewall. Respsects UFW_ALLOW_GW_NET. | `UFW_EXTRA_PORTS=9910,23561,443`|
|
||||
|`UFW_DISABLE_IPTABLES_REJECT` | Prevents the use of `REJECT` in the `iptables` rules, for hosts without the `ipt_REJECT` module (such as the Synology NAS). | `UFW_DISABLE_IPTABLES_REJECT=true`|
|
||||
|
||||
### Alternative web UIs
|
||||
You can override the default web UI by setting the ```TRANSMISSION_WEB_HOME``` environment variable. If set, Transmission will look there for the Web Interface files, such as the javascript, html, and graphics files.
|
||||
|
@@ -92,9 +92,18 @@ function ufwAllowPortLong {
|
||||
}
|
||||
|
||||
if [[ "${ENABLE_UFW,,}" == "true" ]]; then
|
||||
if [[ "${UFW_DISABLE_IPTABLES_REJECT,,}" == "true" ]]; then
|
||||
# A horrible hack to ufw to prevent it detecting the ability to limit and REJECT traffic
|
||||
sed -i 's/return caps/return []/g' /usr/lib/python3/dist-packages/ufw/util.py
|
||||
# force a rewrite on the enable below
|
||||
echo "Disable and blank firewall"
|
||||
ufw disable
|
||||
echo "" > /etc/ufw/user.rules
|
||||
fi
|
||||
# Enable firewall
|
||||
echo "enabling firewall"
|
||||
sed -i -e s/IPV6=yes/IPV6=no/ /etc/default/ufw
|
||||
sed -i -e s/MANAGE_BUILTINS=no/MANAGE_BUILTINS=yes/ /etc/default/ufw
|
||||
ufw enable
|
||||
|
||||
if [[ "${TRANSMISSION_PEER_PORT_RANDOM_ON_START,,}" == "true" ]]; then
|
||||
|
Reference in New Issue
Block a user