Make sure that ip6_tables module is loaded

This commit is contained in:
Michael Kroes 2016-03-13 07:45:32 +01:00
parent 3f27309d8c
commit b79732ed1e
1 changed files with 10 additions and 8 deletions

View File

@ -185,16 +185,18 @@ if [ -z "$DISABLE_FIREWALL" ]; then
# Install `ufw` which provides a simple firewall configuration.
apt_install ufw
# Make sure the system has a default policy to accept incoming connections
sed -i "s/DEFAULT_INPUT_POLICY.*/DEFAULT_INPUT_POLICY=\"ACCEPT\"/" /etc/default/ufw
# If IPV6 is disabled we should disable it in the ufw defaults
if [ -z "$PUBLIC_IPV6" ]; then
sed -i "s/IPV6.*/IPV6=no/" /etc/default/ufw
else
sed -i "s/IPV6.*/IPV6=yes/" /etc/default/ufw
# Some providers don't load the ip6_tables kernel module (Scaleway)
if [ -z "`lsmod | grep ^ip6_tables`" ]; then
echo ip6_tables >> /etc/modules
modprobe ip6_tables
fi
# Some default configurations disable the firewall in the settings (Scaleway)
# If this isn't set, enabling the firewall will fail with:
#
# ERROR: Could not load logging rules
sed -i "s/ENABLED.*/ENABLED=yes/" /etc/ufw/ufw.conf
# Allow incoming connections to SSH.
ufw_allow ssh;